DATASECOPS:
STATEMENT OF BELIEF
DEFINITION:
DataSecOps is a discipline which empowers Software Engineers, Data Scientists, Governance Risk and Control, Cyber Security & Operations teams to work together in a single application for safer and easier access, analysis, delivery and governance of data.
DataSecOps is the evolution of the DevSecOps model for data management. By adopting DataSecOps, data-driven organisations are able to harness the power and capabilities of their valuable data assets through a single application. DataSecOps simplifies the governance of data, enabling a quicker, more effective process that isn’t hindered by cross-border regulations and restrictions.
AS A COMMUNITY OF DATA PROFESSIONALS; WE BELIEVE:
1. Organisations should be empowered, not hindered, by their data
2. The journey towards regaining power should start small…but it definitely needs to start! From the earliest stage be prepared for the possibility that data could be compromised, and so promoting a culture and environment around data protection and privacy should be encouraged
3. Data privacy should be simple. Currently, companies protect data at an application level as it flows throughout the organisation, meaning data is managed and controlled across hundreds, or even thousands, of applications and APIs. In this way the current process is costly, complex and inefficient. This needs to change!
4. Data policies should be automatically applied to data attributes, as opposed to depending on manual intervention. The appropriate access, control and security need to begin at data level with the ability to revoke access – ensuring data is never mismanaged, misplaced or misused – is a straightforward process
5. The Principle of Least Privilege (PoLP) should always be applied in order to protect sensitive data and ensure only the correct, relevant information is provided to the right people. As such, the risk of over-distributing data should be eliminated
6. Existing data silos need to be broken down, and that calls for cultural, operational as well as technological change
7. The solution to unlocking the power of data is not just a ‘technology’ issue, however one that brings Operations, Governance Risk Management and Compliance (GRC), Business Heads, and Security together to facilitate policy automation and data access permissions. A seamless, collaborative environment between the admins and engineers who store data, analyze data, archive data and deliver data must exist in order to maximise the true value of data
8. It shouldn’t be a problem for individuals within organisations to use the data they generate for the public good, if they wish to do so (‘data altruism’), in compliance with the privacy regulations
9. The solution to data fluidity requires that all those who manage data within an organisation have their conditions met – with data policies applied centrally – in order to truly, and automatically, unlock the value of data
10. There should be more guidance provided to stakeholders on the compliance of data sharing and pooling arrangements in order to ensure data laws and ethics are abided by at all times
SIGN THE DATASECOPS
STATEMENT OF BELIEF
By signing the DataSecOps Statement of Belief you join the growing network of professionals who believe all of the above! You also agree to be added to our mailing list, updating you every month with all the latest news, insights and research from the DataSecOps community. You may unsubscribe from these communications at any time.