Author: Yatharth
Over the last six months, I’ve been talking to CISOs & CTOs across large and small companies about data governance. Every single one of them has shared how challenging it is for their organizations to govern data. With their current solutions, whether homegrown or tool-assisted, they see challenges across all three dimensions of costs, productivity, and security. What would it take for your organization to implement a simple policy such as “Support engineers can only access customer data when a support ticket is assigned to their pod”? How much time and effort would it take to change this policy? The most common answers I hear are months or that organizations make a compromised choice: “We can’t be that granular, so we just give broad access.”
Unfortunately, data governance has not kept up with the pace of innovation and data growth. Users, applications, and now AI agents need data to function. There is a clear need for a solution that makes it easy for organizations to provide compliant access to data and does this in a scalable manner. Data governance needs to change, and the time is now.
At Codified, we’re taking this problem head-on and building the future of data governance - A modern AI-powered, policy-driven data governance platform. As we embark on this journey, joining me are Stefan & Karan, who came aboard when Codified was just an early idea. We are excited to have investors who share our vision of a better future for data governance- Madrona Ventures, Vine Ventures, Madrona Venture Labs, Soma Capital, and our angels Bob Muglia (investor, author, and ex-CEO of Snowflake), JG (CMO of SAP) and Shireesh (VP, Databases at Microsoft).
Over the last decade, there has been tremendous growth in the creation and consumption of data. In 2024, about 120 zettabytes of new data will be created. Companies across the globe, of every shape and size, and across all verticals are collecting and using data. They do this to provide better customer service and drive their growth. When I call my bank - they almost always know what I am calling about; they also know what I am most likely to buy - this is the power of using Data. When done right - it generates value for everyone.
When organizations collect, store, and use data, they are responsible for ensuring it is only available to the right people and applications for the right reasons, both inside and outside the organization. To live up to these responsibilities, they spend hundreds of hours every year managing permissions in an effort to implement their data governance policies. Most customers we speak to start the data governance journey by writing down requirements as policy documents. These “policies” often describe compliance and privacy requirements, their internal intents, customer requirements, and common sense rules. Once written, these become the organization’s data governance policies.
These policies are then handed out to departments, data owners, and others to interpret and implement, often taking months (with or without tools). Every time something changes - a customer requirement or a new compliance rule - organizations face the prospect of repeating this painful process. This data governance implementation process is costly and often prohibitive. As a result, access is over-provisioned, never revoked, and hard to get.
There has to be a better way to do this. We cannot live in a world where data is born at the speed of light and data governance functions at the speed of a horse carriage. This impedance mismatch leads to a sizable operational expense in managing governance, a slowdown of productivity, and, at the same time, no real improvement in security. At Codified, we believe there is a better way and are building a solution. We are taking all three fundamental problems in this space head-on.
1. Policy authoring is disconnected from policy implementation: The time between deciding what to do and implementing a policy is considerable, regardless of the data or organization size. Codified helps people write natural language policies that machines can implement and humans can understand. We do this by codifying (hence the name Codified) and enforcing policies, removing organizations’ operational burden. And, because Codified always interprets policies the same way, we help reduce or eliminate interpretation errors.
2. Limited conditionality: Traditionally, data governance policies are implemented using data systems’ access management tools, such as database roles or AWS IAM policies. Implementation typically takes the shape of RBAC rules, which can’t fully capture the semantics of data governance policies. For example, consider real-time conditions such as: “If a support ticket is assigned to the person requesting access to data, provide them access for 24 hours”. Codified connects to multiple systems, including data and identity, to build a knowledge graph that allows rich and comprehensive expressions of all conditionality. It is also possible to create custom integrations that feed directly into the conditions that Codified policies understand.
3. A workflow system: Codified provides a workflow system that users or applications can use to request access to data. Every data access request is evaluated against every policy to ensure the requesting party only has access to the correct data. Because machines and not humans evaluate requests against policies, access requests are processed in near real-time. Codified workflows can also implement policy steps that require human approvals or other human-provided inputs.
If you are concerned about the security and privacy of your data, the costs of implementing data governance, or if productivity has come to a standstill because getting access is painful, we want to help. With Codified, we bring data governance from the dark ages to the modern era, saving customers time and money while ensuring their data governance policy is implemented faithfully across their data assets. We see a future where all governance uses policies, and at Codified, we are working hard to bring this to you.
If you want to learn more or join the waitlist, please visit https://go.codified.io/tell-me-more.