Survey sheds spotlight on data policy management practices

Immuta has published the findings of a comprehensive survey of data leaders that highlights the current and future state of data policy management practices, including the top criteria for data management tools and the roles organizations are recruiting to handle data policy enforcement efforts.

  • Friday, 4th November 2022 Posted 2 years ago in by Phil Alsop

The 2022 Data Policy Management Report surveyed 600 U.S. and European data leaders, and was commissioned by Immuta and conducted by 451 Research, the enterprise technology research unit of S&P Global Market Intelligence.

 

The report finds that data management priorities are evolving beyond achieving compliance and cost reductions. More than half of survey respondents (52.5%) say they are primarily motivated to adopt or improve data policy management efforts by the need for BI and data analytics insights, while 43.5% said compliance and just 21% cited cost savings efforts, pointing to an evolution of data maturity as organizations focus on how best to maximize and leverage all the data at their disposal. 

 

The survey also found that data policy management is likely to continue evolving as data security and privacy concerns remain at the forefront for consumers and businesses alike. Looking ahead, customer trust and engagement are expected to become the top incentives for data policy management orchestration, according to the research.

“Data policy management today is often directly adding value to business outcomes,” said Paige Bartley, senior analyst at S&P Global Market Intelligence’s 451 Research. “Of course, data policy management controls are still actively motivated by evolving legal and regulatory needs, but businesses are now realizing that proper implementation of these practices and supporting technologies can also facilitate the appropriate use of data, rather than just locking data down.”

 

Other key findings highlight the various challenges and motivations organizations face as they look to increasingly apply data policy management controls to optimize the value of their data while rightsizing their risk appetite. This includes: 

Organizations are investing in technology to streamline data policy enforcement and access control, but are going about it in different ways. Just over 40% of respondents use custom or in-house technology to implement data access controls, while 28.8% rely exclusively on a purchased solution or technology.

Data policy management efforts are largely decentralized and often lack a clear chain of command. While chief information security officers (CISOs) are likely to be accountable for data policy enforcement, nearly one-third of respondents reported that data owners are responsible for tasks related to both policy leadership and execution.

The privacy engineering function plays a key role in supporting data policy management efforts, but the role is still evolving. More than half (58%) of participants said their organization has a dedicated privacy engineering function that supports data policy management efforts, but the prevalence and standardization of this role is still relatively nascent.

Ease of deployment and integration are the top criteria organizations look for when selecting a data access tool. 47% of respondents indicate ease of deployment is a top priority, with support for real-time data (46.3%), automation (46.3%), and scalability (44.5%) among the other capabilities organizations seek out.  

 

“Data security and access control are central tenets of organizations’ data strategies. It’s now incumbent upon data leaders to ensure their teams have the right human and technical resources in place to execute those strategies,” said Matthew Carroll, CEO of Immuta. “While businesses are hyper-focused on how they can leverage all of the data at their disposal, data privacy and security regulations have forced businesses across industries to reexamine and manage policies on how data is accessed, processed, analyzed, and shared. They’re now at a crossroads between enabling BI and analytics, and maintaining compliance and data security.“