Data Governance: What Are the Components to Keep Data Secure?

data security

Data security is more important than ever, and having a strong, up-to-date data governance plan in place is key to keeping your sensitive information safe.

In an effort to help you get started with your own data governance plan, I’ve listed some of some of the key components, below.

Asset information and classification

The steps required to ensure data security begin with gathering information about the assets within your company.

Asset information and classification can help determine the impact to your business should an asset become compromised. If you can quickly identify information associated with that asset, you will cut down on time spent trying to determine what has been affected. By going through an exercise such as a business impact analysis, you can start identifying and classifying the various assets within your company.

Hosting providers such as Rackspace offer solutions for encryption and key management as part of our Privacy and Data Protection service, which helps manage sensitive data across your company. One of the first steps for subscribers is to walk through exercises — together with Rackspace experts — to help gather information about the assets within your company as well as the location of sensitive data that needs to be protected.

Data ownership and privacy

Another important part of a robust data governance plan is data ownership — determining who the owners are of different data sources. Once owners are identified, they need to make sure they understand the flow of data and where sensitive information may exist within their area of responsibility.

With data ownership in place, the next step is to implement data governance structures such as encryption and key management solutions. By understanding the details of the sensitive data flow, the data owner can scope out the technical controls required to protect said data.

Knowing where sensitive data may reside will allow the organization to properly document the administrative controls to protect sensitive data via a formal policy as well as knowing the scope of the technical controls to be implemented to ensure the data remains private.

Data security controls

Once there is a clear understanding of the data that resides under your organization’s roof and the stakeholders responsible for it, it is imperative to make sure all controls are actively monitored and enforced for the protection of that sensitive data.

At this step, you must define technical policies that enforce data sensitivity and ensure that only the authorized processes and users can decrypt sensitive data.

Rackspace does this by working with vendors such as Thales and its Vormetric Data Security Manager to enforce separation of duties and data governance access for your organization.

By having clearly defined data security controls, you will know where technical controls will need to be put in place within your enclave and which threat the organization is trying to protect itself from.

Understanding the differences between data in transit, data at rest and data in use are important to defining the data security controls required for your organization. Knowing the state of your data is also important, as evidenced by the recent Equifax breach.

With data breaches, technology alone is not a viable solution. You must create data security controls for your database, applications, users and other methods of accessing sensitive data.


As businesses generate or acquire valuable data every day, threat actors will continue to try and exfiltrate it through the exploitation of vulnerable applications and systems. Therefore, the approach to protecting sensitive data begins with understanding your data and the assets that access your organization’s sensitive data.

Visit Rackspace to find out more about our Privacy and Data Protection team and ways we can help keep your data safe, inside and out, through managed encryption and key management.

Ernie Martinez is a product engineer at Rackspace, where he's worked since 2013. He helps the Rackspace Managed Security team, as well as other business units, with the development of new products and services.


Please enter your comment!
Please enter your name here