GigaOm Key Criteria for Evaluating Data Access Governance Solutionsv4.0

1. Executive Summary

The essence of data access governance lies in finding and categorizing sensitive data, implementing access control policies to safeguard it, and continually monitoring data access to ensure data security, regulatory compliance, and data privacy. This discipline fortifies enterprise security at the most granular level—the data level. Although data access governance technology has existed in one form or another for a long time, it has risen to its current prominence as a result of the slew of data privacy regulations that have taken effect in the last eight or nine years.

The imposition of these regulatory regimes coincided with the rise in data breaches affecting consumers worldwide. Data access governance helps protect enterprises from these breaches and the consequences of noncompliance with the data protection regulations that have emerged to combat them. Without it, the use of data can potentially be more risky than it is valuable to the enterprise.

Business Imperative
The business imperative for data access governance directly correlates with the breadth of enterprise users it affects–and the foregoing penalties (including fines, litigation, loss of reputation, and customer churn) that can ensue if it’s not properly implemented. For data governance personnel, IT teams, and security professionals, it’s critical to their daily risk management. The discipline is equally valuable to business end users (from data scientists to domain engineers, subject matter experts, and departmental team members). When it works well, data access governance supplies expedient, trustworthy, and flexible data access to these personas so they can power the applications and conduct the analytics they need to do their jobs far better than they could otherwise. When viewed through the practical lens of data strategy, data access governance fortifies defensive measures of protecting data while spurring proactive endeavors by delivering data access to users who can then leverage it fully.

Data access governance provides this utility to such a wide range of enterprise personas that many customers are familiar with its core underpinnings: data discovery, classification, and the implementation of policy controls. Moreover, the vendors themselves are extremely mature in their offerings. Although the proactive possibilities of empowering business users with expedient data access are as tangible as before, many vendors are now emphasizing more of their defensive data security prowess. We can attribute this development to numerous factors, including the increased specialization that comes with platform maturity and the still growing number of regulations, data breaches, and data privacy mandates.

There’s a range of vendors included in the Radar report that accompanies this Key Criteria report, from data access governance specialists to those that provide general data governance capabilities. The scope of these reports is confined to data access governance and its focus on access controls, regulations, and data security. General data governance vendors without substantial capabilities in this area are excluded.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of deploying a data access governance solution, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a data access governance solution, we provide an overall Sector Adoption Score (Figure 1) of 4.8 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a data access governance solution is compelling for enterprises grappling with issues of compliance, privacy, and data security, and worthy of urgent consideration and investment.

The factors contributing to the Sector Adoption Score for data access governance are explained in more detail in the Sector Brief section that follows.

Figure 1. Sector Adoption Score for Data Access Governance

This is the fourth year that GigaOm has reported on the data access governance space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective data access governance solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading data access governance offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.