Cloud Data Management Capabilities (CDMC) framework: the challenges & best practices

This blog was written by an independent guest blogger.

Cloud adoption has gained solid momentum over the past few years. The technology has been helping organizations revolutionize their businesses and optimize their processes for increased productivity, reduced cost, and better scalability. But as organizations pour their entire focus on improving their businesses, they tend to lose control of governance.

One of the many reasons that data governance tends to get more out of control is when organizations increasingly adopt a hybrid or multi-cloud model. This is due to the explosion of data that’s been increasing every year, forcing organizations to turn to data lakes or data warehouses to dump all their data.

Furthermore, the irregular growth of data and the increasing adoption of the cloud model without an effective cloud data management strategy has led organizations to face tremendous challenges. Here, a Cloud Data Management Capabilities (CDMC) framework can enable organizations to streamline their cloud adoption and data management processes effectively.

Common challenges that organizations face in the cloud

Before we dive into the definition of CDMC and learn more about its varying best-practice capabilities, let’s first talk about the myriad challenges organizations face in a single or hyper-cloud environment.

Challenge #1: According to a survey, it has been reported that 80% of employees admit that they use SaaS applications without the approval of their IT team. Similarly, it has also been reported that an average company has over 900 unknown cloud services. The growing number of shadow IT or dark data assets create security vulnerabilities that may come back to bite the organization in the form of internal abuse, ransomware, or any other cyber breach.

These circumstances may arise when those dark data assets are moved to the cloud during the life-and-shift process, and there’s no proper catalog of those assets. This also leaves organizations with little to no visibility into the security posture of those assets, especially those that contain sensitive data.

Challenge #2: According to a cloud security report, 56% of organizations cite security as the primary concern behind slow cloud adoption. Security threats may also arise when an organization has sensitive data in its assets, and there are little to no security measures set to protect that data.

When it comes to data protection, especially sensitive data, it is imperative for organizations to have adequate security controls. These are necessary to prevent data leakage, insider threats, or any other cyber threats. A clear inventory of cataloged metadata of sensitive data can best enable organizations to prioritize security and establish appropriate controls.

Data Intelligence - securiti-1

Challenge #3: Global privacy regulations are gaining momentum gradually. Countries are improving their privacy laws to enhance consumers’ right to privacy and freedom. As part of the compliance, it is necessary for businesses to have clear visibility into where the sensitive data resides, who has access to it, and what they can do with that level of access. In case of non-compliance, organizations may face not only hefty penalties from regulatory authorities but may also have to experience other chaotic consequences, such as loss of customer trust or business partnerships.

Traditional data management frameworks are not engineered around the complications and challenges that are exclusive to the cloud. Therefore, organizations need a framework that takes the exclusivities of the cloud into account. Here, the CDMC framework by the EDM Council comes into the picture.

What is a CDMC framework?

The Cloud Data Management Capabilities (CDMC) framework outlines the best practices and capabilities to help organizations make sure seamless cloud migration, effective data protection, and robust data management in the cloud.

The CDMC framework was designed through the contributions of the world’s top-rated internet services along with top-rated data governance, intelligence, and data privacy services. Securiti, for example, is also one of the major contributors to the CDMC framework. The joint effort was headed by the EDM Council which is an international association that advocates for the development and implementation of data standards and best practices.

Best practices under the CDMC framework

The CDMC framework v1.1 outlines 6 different components, containing 14 capabilities and 37 sub-capabilities. These capabilities provide us with the much-needed guidance on how to securely manage data in the cloud, stay compliant with global privacy laws, and enable automation for enhanced data management and governance. The 14 best practices and capabilities outlined under the CDMC framework are as follows:

1. A data control compliance metric must be established for an organization’s all data assets that contain sensitive data. The metric is derived from all the key controls of the CDMC framework.
2. The ownership field in a data catalog must be properly populated for all the sensitive data.
3. A catalog of metadata, such as authoritative sources and authorized distributors, for all the data assets, must be populated, especially for the assets that contain sensitive data.
4. An auditable and controlled record of cross-border movements and data sovereignty must be kept in accordance with a defined policy.
5. A catalog of all personal and sensitive data needs to be created at the point of data creation or ingestion.
6. A real-time automated data classification must be established for all data at the point of creation or ingestion.
7. The framework must be capable of tracking ownership, entitlement, and access to all sensitive data.
8. The data consumption purpose must be provided.
9. Appropriate security controls must be established around sensitive data, and a record should be maintained for audit trail and for checking any anomalies.
10. Automated data privacy impact assessment should be set up for all sensitive data according to its jurisdictions.
11. Data quality measurement should be enabled.
12. Manage data retention and streamline purging and archiving of data.
13. A clear view of data lineage for all sensitive data.
14. An understanding of the cost associated with the usage, storage, and movement of data.

Why do organizations need CDMC capabilities?

The CDMC framework's best practices and capabilities are highly critical for organizations that deal with sensitive data or regulate that sensitive data in hybrid, multi, or dynamic cloud environments. Organizations that collect, store, process, share or sell the following data must pay attention to the key controls defined under the CDMC. Those data include:

1. Personally identifiable information.
2. Healthcare information.
3. Financial information.
4. Business information.
5. Sensitive personal information.
6. Confidential information.
7. Non-public information.