Data governance advances beyond a checkmark as pressure increases to satisfy regulatory compliance

Spotlight on AI as new compliance regulations emerge; Heightened data management and privacy concerns hit the supply chain

SAN FRANCISCO — December 9, 2021 — Okera, the Universal Data Authorization company, today revealed its top industry predictions and trends expected to emerge in data privacy and governance for 2022 according to the company’s CEO, Nick Halsey; co-founder and CTO, Nong Li; and Okera Advisory Board member and recent Gartner VP analyst, Sanjeev Mohan.

Halsey’s 2022 predictions:

1. Privacy regulation will continue to proliferate, requiring a proactive approach

Anxiety about the proliferation of data privacy regulations – around the world and within U.S. states – will ratchet up in 2022. Driven by both the fear of fines and damage to brand reputation, companies progressing on their compliance journey will shift their concern from simply the how-to, to now focusing on how to arbitrate among different regulations. A common approach will be to fulfill the technical requirements for one major regulation, perhaps CCPA or GDPR, then layer in the required capabilities for other regulations as needed. The consequences of this wait-and-see approach toward regulatory compliance will result in companies falling further behind while risks continue to increase – if they don’t act decisively in the coming year.

2. AI regulation will start to look like privacy regulation

AI is predicted to change just about everything. However, there is a lot of debate about whether those changes will be for the good. Data bias in machine learning models is one of the hottest topics in the AI industry for good reason; an AI model that rejects loan applications or increases insurance premiums for the wrong reasons will have a very deleterious effect. And there are other concerns. Many companies, especially in social media, are essentially in the business of collecting personal information. What can they do with that information? What are they allowed to learn about people and what are they allowed to do with that knowledge? The EU already has a draft AI regulation in place, and in 2022 we can expect to see many other countries move in that direction. Once again, compliance will demand an ability to know what data you have, where it is, and who has access to it.

3. Governance goes real-time.

When we think of governance, we usually think about putting a policy in place – what role can access what data – and having the system allow or disallow user access based on that policy. State-based policies change the game. Some regulations restrict not only who can access what data, but also where the authorized users are allowed to be when they attempt to access the data. Other regulations restrict access depending on the date, time, system status, and other variables. This combination of various state-based regulations and variables can imply a more refined data access policy, placing a new layer of requirements on governance systems. The policy, no longer static, must react to certain variables in real-time. In 2022, we will see increasing pressure on enterprises and vendors to put the tools in place that enable real-time, state-based policy enforcement.

Li’s 2022 predictions:

1. A data governance ecosystem aligns to drive usage and adoption

Data governance has historically been looked at as a necessary burden, something imposed on an enterprise that limited agility and slowed innovation. This is no longer the case. Enterprises are now waking up to the reality that data governance is a key building block of agility and innovation. As a result, in 2022, data governance will no longer be a mere checkbox in vendor solutions. Instead, an ecosystem, including data governance platform providers, compute vendors, and platform vendors, will align around delivering data governance capabilities as a way to drive usage and adoption. We are already beginning to see this emerge, and it will accelerate in the coming year.

2. Early-stage service providers recognize that data governance at the core is essential for survival

New tech companies and startups will need to build data privacy into their core product strategy. For example, a few years ago, we saw significant investments in new fintech and health tech companies. These companies are maturing and preparing to go live during a time of heightened concern around security and privacy – across the industry and among customers – so they are going to be very focused on building these capabilities into their product offerings to eliminate risk and drive adoption. Failure to build in these capabilities could be fatal for these companies.

3. The supply chain goes under the data governance microscope

In light of so many high-profile breaches, data privacy and security is now a popular topic outside the tech industry. Ransomware attacks and oil pipeline shutdowns are front-page news, and people increasingly understand the consequences of poor data practices for both the country and themselves. This will lead to some significant activity in 2022 around how manufacturing supply chains manage and share data. We will also see government agencies and pseudo-governmental bodies, such as utility companies, move at a faster pace to address data management and data privacy concerns. By the end of next year, we expect most supply chain participants and agencies to at least have plans in place for how they intend to address these concerns.

Mohan’s 2022 predictions:

1. Data governance scope will expand to all data

During the peak of the pandemic, organizations shifted budgets to bolster initiatives that allowed them to explore data in new ways. However, this was often haphazard and reactive. Post COVID-19, data and analytics budgets are seeing their biggest increase in many years, according to Gartner. Organizations are investing in expanded data and analytics environments to make timely and accurate decisions in a more strategic manner. New business use cases rely on multi-structured data from streaming IoT, 5G, logs and clickstream data sources. This data should be secured through a uniform and standardized approach to allow reusability and automation.

2. Data consumption platforms will require a common authorization framework

New approaches to consuming data include data exchanges, marketplaces, and other data-sharing options. In addition, organizations are starting to invest in data mesh and data fabric, approaches that promise to remove data engineering bottlenecks and foster agility. However, decentralized architectures add complexities to governing and securing data that is spread across multiple locations. A unified data access governance platform will be required to apply policies consistently and enable regulatory compliance.

3. Data access governance platforms become pervasive

Consumers are demanding access to the latest data in near real time to enable use cases such as anomaly detection or machine learning. This has led to an explosion of “modern data stacks,” ranging from cloud data warehouses to lake houses. Departments are demanding autonomy to deploy the most cost-effective stack that meets their functional and non-functional requirements. This will splinter the technology infrastructure landscape. Governing access to data in a distributed, domain-centric environment will no longer be a DIY project. It will require a comprehensive federated governance platform.

About Okera

Okera, the Universal Data Authorization company, helps modern, data-driven enterprises accelerate innovation, minimize data security risks, and demonstrate regulatory compliance. The Okera Dynamic Access Platform automatically enforces universal fine-grained access control policies. This allows employees, customers, and partners to use data responsibly, while protecting them from inappropriately accessing data that is confidential, personally identifiable, or regulated. Okera’s robust audit capabilities and data usage intelligence deliver the real-time and historical information that data security, compliance, and data delivery teams need to respond quickly to incidents, optimize processes, and analyze the performance of enterprise data initiatives.

Okera began development in 2016 and now dynamically authorizes access to hundreds of petabytes of sensitive data for the world’s most demanding F100 companies and regulatory agencies. The company is headquartered in San Francisco and is backed by Bessemer Venture Partners, ClearSky Security, and Felicis Ventures. For more information, visit or contact, or connect with the team on Facebook, LinkedIn, or Twitter.