at is Data Safety, why is it important, and how do you go about designing into the foundations of your data environment?

When you see the phrase “Data Safety”, the chances are you think of Data Security. Most people do.

What is far less likely is that you think of the other two pillars of Data Safety: Data Privacy and Data Governance.

Clearly, all three pillars overlap. But Data Security seems to attract the most media attention, the most scrutiny and the most attention among business data leadership. In fact, when you compare the worldwide relative volumes of searches for the three terms, it shows an almost spookily even distribution:

Data Security Privacy Governance Google Trends

And yet, when you consider the typical data lifecycle, all three pillars have an equally vital role in the protection of data at every single stage.

A simplistic – and by no means exhaustive – example…

 Data SecurityData Privacy Data Governance
Data is created / receivedThreat assessmentRight to Object Right to Rectification Authority to receiveSuitable administration and custodianship
Data is hostedEncryptionTransparent and suitable locationSuitable administration and custodianship Backup and archival
Data is processedAppropriate use  Appropriate userData subject consentIndustry regulations
Data is relocatedSuitable destinationTransparency with data subject Data residencySuitable destination
Data is sharedAppropriate and verified recipient – not a malicious actorAppropriate and verified recipient – transparency with data subjectAppropriate and verified recipient – industry regulations
Data is lostDuty to reportDuty to reportBackup and disaster recovery

As has been said about Data Security for decades, the only way to ensure robust and continuous Data Safety with every interaction is to design it into the fabric of your data workflows. It is after all well-known that neither security, privacy nor governance can be applied as afterthoughts – they have to be built into a business’s operations from the ground-up. Every process the data flows through, every person who interacts with it and yes, every technology on its journey.

And there is no technology more crucial to data’s journey through a business than your cloud environment. Your cloud sets the tone for how your data is treated.

How can Data Safety become part of my cloud DNA?

We asked our Chief Information Security Officer, Mark Herridge, for his guidance on how to make sure that your cloud environment sets the right tone for how your data is treated throughout the business.

Data Safety in your cloud environment

Shift ‘Data Safety’ leftInclude security, privacy and governance considerations early into the procurement process versus adding in the final stages of development.
Own Your DataAll data requires an owner, so assign owners who understand the datasets, the current and potential value it holds to your business, and who are made responsible for defining each dataset’s data safety requirements.
Classify and TagAssign a sensitivity hierarchy to all your data, and keep security context with data whenever it moves between systems and services to ensure its Data Safety is maintained.
LifecycleSet a lifecycle that determines when data can be retired and is no longer needed to help ensure stale data does not linger, increasing your risk profile unnecessarily, and also consuming cost and potentially impacting decisions.
Location and LegislationKnow where all your data is stored and why, and the associated local data protection laws
Redefine your architectureDefine your architecture around the benefits offered by the cloud. Don’t redeploy the same architecture you use in your legacy environments in the cloud – especially as your previous Data Safety measures are either inappropriate to the cloud or outdated.
Control AlignmentCheck the alignment between your and your cloud provider’s security controls and where responsibilities lie.   Identify and address any gaps.
Monitor and Manage Vendor RiskEnsure the provider complies with relevant regulations and you proactively monitor the service.   Identify any sub-services the provider uses. Review the provider’s third-party audits.

“Data safety really does entail security, privacy and governance. They go hand-in-hand, you can’t focus fully on one, and not the others – they are both supportive of and reliant on each other.”

Mark Herridge
Chief Information Security Officer, Calligo

The two key takeaways are simple: Data Safety must not be treated as synonymous with Data Security, and the entirety of Data Safety must be written into the fundamentals not only of your cloud environment’s design, but also how data is interacted with from it.

To find out more about data safety and the commercial benefits it can deliver to your organization.