Enhancing Data Governance: Eliminating the Known Unknown
When discussing data governance tools, it’s no secret the topic of false positives is seen as one of the biggest downfalls. False positives occur when an event is triggered by the data governance policy in error, for example, a combination of numbers could be identified as a credit card number, or a reference number. This means that data can be quarantined unnecessarily, stopping people going about their daily business. Data governance tools’ job is to enforce appropriate handling of data throughout its lifecycle based on the sensitivity of the data. This includes data loss, who is able to access certain data, where data is stored, how it is shared and what level of protection is required.
The challenge associated with false positives is widely known, understood and easy to quantify. The opposite challenge is rarely discussed, and proves to be the most challenging when it comes to protecting your sensitive data; false negatives. A false negative is essentially when a data governance tool fails to detect occurrences of data leakage it was intended to capture; usually a scenario in which the appropriate handling rules were not applied, and data may have been lost because the data governance tools did not fully understand the sensitivity of its content. This is a more significant challenge, as it directly leads to the loss of sensitive data, and by nature is virtually impossible to fully quantify. The main purpose of data governance tools is to prevent data loss, but in the case of false negatives, the heart of the issue is sensitive data which has been lost. Not only has this data been lost from the organisation, but the data governance solution hasn’t correctly detected that it should be stopping it from leaving.
Download the integration use case for the full article.