Welcome! GovernYourData.com is an open peer-to-peer community of data governance practitioners, evangelists, thought leaders, bloggers, analysts and vendors.
The goal of this community is to share best practices, methodologies, frameworks, education, and other tools to help data governance leaders succeed in their efforts.
Recently I have spoken to customers about the need to protect data from the inside--- out. As a result the ability to manage data security through a governance lens has become more important.
This lens means looking at data security throughout the same data governance phases. For example:
Define - Define the data security policies and metadata and data metadata patterns of sensitive data.
Discover - Based on those definitions, discover where that sensitive data across databases and applications
Apply - Apply the appropriate masking-- whether in production or for test and development -- to prevent data breaches from occurring.
Manage and Monitor - Prove that your data has been protected-- on a continuous basis as data changes frequently.
Have your organizations developed governance guidelines for data security? How have they enforced?
One interesting point we have is that any change project - regardless of size cannot go from planning to implementation until they have approval from the data governance team. This check-point ensures that no data security problems are created by the project's need to implement quickly.
Another thing you may wish to do is to standardise data access in accordance with roles in the organisation, and ensure that when a colleague moves from one role to another, that any authority for the previous role is removed. This would work well with the model of sensitive data that you have developed. It should be quite easy to overlay your metadata against colleague's user id's and their role. So you have a model of what their user id's should be like (Target) and what they are currently able to do (actuals). Now you have a scorecard metric that you can influence and prove worth - especially if you can split the report by departments, musters, teams etc.