Data Access Governance — The Key to Enabling a Data-Driven Org

July 27th, 2022

header image for Data Access Governance — The Key to Enabling a Data-Driven Org

Data access governance is a foundational aspect of every organization’s overarching data governance strategy. Let’s examine what data access governance really means, how it promotes data democratization, and why it is the key to enabling a data-driven organization.

What is data access governance?

Data access governance is the ongoing process of managing who has access to what data assets to ensure data security and democratization.

Evolving from data restriction to data enablement

When many business people hear the term “data access governance” they think of the stringent rules and policies implemented by their organization in order to maintain tight control over data security.

This is because the conventional approach to data access governance tends to overprovision data restrictions out of fear that data will get into the wrong hands. As such, data governance is still viewed as a confining, burdensome discipline by many data practitioners.

The path forward for data access governance is to shift the focus from data restriction to data enablement. At its core, data enablement is about making sure the right people have access to the data they need at the right time while minimizing delays or bottlenecks due to dependencies.

With the traditional top-down approach to data governance, the governance team will often unintentionally hinder data enablement in the name of privacy and security. The new active approach to data access governance is distinctly bottom-up, which means data users are able to update policies, controls, etc. on the fly, allowing rapid access to data while still maintaining strong security and compliance.


\[Download ebook\] → Rethinking Data Governance for the Modern Data Stack


How an active data governance platform promotes data enablement

An active data governance platform drives data enablement, allowing the enterprise to democratize access to data so data users can quickly access the information they need. Some of the key features required to make data access governance effortless and community-led include:

  • Scalable data access controls
  • Automatic classification of sensitive data
  • Default visibility into non-sensitive data attributes

Scalable data access controls

IT has traditionally been responsible for managing a large volume of data access requests from data users. This system is both annoying for IT and makes it difficult for users to get timely access to the data they need.

A data governance platform featuring tag-based access policies, on the other hand, makes it dead simple to set up adaptable policies that can be easily modified to grant access when needed. Such a platform can be used to create access controls and manage requests, policies, and logs from a single dashboard, removing dependencies on IT and making regulating and granting access a breeze.

For example, an organization could classify and group data based on custom tags such as business-related metadata, technical metadata, or security classifications. They could also custom-build policies around who their user personas are, which teams they’re a part of, and what projects they’re working on. A user persona might be a:

  • Data engineer
  • Data analyst
  • BI specialist
  • IT specialist
  • Business user

For distributed teams in today’s workforce, built-in access controls make managing data access easier than ever. Granular access controls for users, groups, and teams allow you to automatically grant or restrict access to certain databases, schemas, or tag-based groups of data assets.

Adopting a “trust but verify” approach backed by fully-customizable controls greatly reduces the burden on IT while also giving your data teams the ability to quickly and securely scale data access for internal team members and trusted third parties as needed.

Define access policies and rules as data consumer personas. Source: Atlan

Define access policies and rules as data consumer personas. Source: Atlan

Automatic classification of sensitive data

Maintaining data privacy and security will always be a core part of data access governance. In the past, these activities could quickly become complex and high-maintenance, contributing to the general aversion most data users have to getting involved with data governance.

A data governance platform makes protecting the security and integrity of your data much easier and far less resource-intensive. Manually identifying sensitive data, for instance, was previously a major time commitment for data teams, one that also carried a high risk of human error.

Now enterprises can use a modern data governance platform to solve this problem by automatically classifying and tagging sensitive data identifiers, saving a great deal of time and resources while accelerating users’ timeline for accessing new data. Programmable bots can auto-identify sensitive data that is considered personally identifiable information (PII) or covered under industry- and geography-specific regulations such as HIPAA or GDPR.

Programmable bots help auto-classify data. Source: Atlan

Programmable bots help auto-classify data. Source: Atlan

But that’s not all; from there, these sensitive data tags can correspond with custom access control policies so that every transformation, algorithm, or report using that asset will inherit the same classification and security controls. This active, metadata-enriched approach to access governance makes data classification more seamless, secure, and scalable than ever before.

Leading nonprofit healthcare organization Scripps Health uses a data governance platform to abstract away the complexity of PII classification so they can easily remain compliant with the notoriously strict rules and regulations associated with HIPAA. This allows their data users to focus on collaboration and building successful products rather than jumping through hoops to fulfill their compliance obligations.

Auto-propagate classification both downstream and upstream via data lineage. Source: Atlan

Auto-propagate classification both downstream and upstream via data lineage. Source: Atlan


\[Download ebook\] → Building a Business Case for DataOps

Download ebook


Visibility into non-sensitive data attributes

Organizations frequently paint with a broad brush when it comes to data masking, which refers to the practice of modifying sensitive data such that the actual values are not accessible to those without full access. When data and its associated metadata is fully masked, users have no way to know what it is and won’t be able to tell if it’s information they may need.

A data governance platform featuring customizable masking policies opens up non-sensitive metadata attributes to all product users by default, allowing everyone to gain the context necessary to determine if they may need access to a given data asset. This discovery-friendly approach enables users to be more selective about the information they request access to. No more requests to view data assets that are irrelevant — users will know that an asset provides value to their use case ahead of time.

When Snowflake needed a way to manage access to sensitive data without overburdening their IT administrators, they leveraged dynamic data masking to design custom column-level policies. By creating a precise set of masking policies and applying them to the right tables and roles, the company was able to provide much-needed context into non-sensitive data attributes within their existing role-based access control framework.

Column-level data masking rules. Source: Atlan

Column-level data masking rules. Source: Atlan

The future of data access governance is collaborative

Effective data access governance is the key to enabling a data-driven organization because it ensures the right people are able to use the data they need at the right time. This fulfills the fundamental data governance objective of data democratization, empowering everyone in the organization to access, understand, and use data to drive smarter business decisions.

Data access governance also brings essential context from the entire data ecosystem directly to data admins so they can work together with all data users to update policies, add missing terms, modify descriptions, etc. without disrupting existing workflows.

Imagine if a user could request access to a data asset as soon as they receive a link (like with Google Docs) and then the owner could approve or reject the request without leaving Slack. That’s exactly the type of smooth and intuitive experience an active data governance platform enables.

Modern data governance helping data teams work better together, right within the tools they are familiar with. Source: Atlan

Modern data governance helping data teams work better together, right within the tools they are familiar with. Source: Atlan


Learn more about the essential concepts of effective data governance and how they can be applied to your business.


Data access governance with Atlan

If you are evaluating and looking to deploy best-in-class data access governance solutions without compromising on data democratization? Take Atlan for a spin.

Atlan is a Third-generation data catalog built on the premise of embedded collaboration that is key in today’s modern workplace, borrowing principles from GitHubFigmaSlackNotionSuperhuman, and other modern tools that you are familiar with.


Free Guide: Find the Right Data Catalog in 5 Simple Steps.

This step-by-step guide shows how to navigate existing data cataloging solutions in the market. Compare features and capabilities, create customized evaluation criteria, and execute hands-on Proof of Concepts (POCs) that help your business see value. Download now!