AI-driven data governance to be key by 2025, says expert

Today

Data governance driven by AI, cybersecurity, and regulation will become key focus areas by 2025, alongside the increasing importance of multi-factor authentication (MFA).

Traditional approaches to data governance are expected to evolve due to rising regulatory oversight and the need for cost-effective data management. As organisations grapple with these changes, there will be an emphasis on risk mitigation underpinned by Zero Trust principles as enterprises look to address the needs of government, regulatory bodies, and cyber insurance providers amid a backdrop of increasing security breaches.

"In 2025, data governance will take center stage – in the wake of 2024, a year marked by waves of third-party-driven hacks, data breaches, and outages. The realisation that supply chain risks cannot be pre-empted or mitigated with slap-dash solutions or quick fixes has become clear. Data governance will re-merge as a critical business priority, shaping the future of risk management. Re-assessing vulnerabilities and developing robust data governance strategies will move to the forefront of security leaders' agendas," said Manuel Sanchez, Information Security & Compliance Specialist at iManage.

The National Institute of Standards and Technology's (NIST) Cybersecurity Framework 2.0 (CSF 2.0) is indicative of this shift with its focus on cybersecurity governance and risk management. The adoption of generative AI technologies introduces further complexities, necessitating governance frameworks that are robust, transparent, forward-looking, and aligned with cybersecurity risk postures.

"Furthermore, with public awareness of data rights growing, so is the volume of data subject access requests (DSARs). Against a backdrop of generative AI adoption, DSARs will put even more pressure on organisations to develop capabilities to manage and retrieve personal data efficiently. Streamlined data management will be crucial not just for data security, maintaining customer trust, and regulatory compliance, in equal measures," stated Sanchez.

The role of MFA in cybersecurity and compliance is expected to become imperative by 2025, moving from a slow-burning trend to a vital security measure. The push for MFA adoption is driven not only by security needs but also compliance and governance as the world transitions toward password-less authentication.

"The catalyst for MFA adoption comes from multiple fronts. Cyber insurance providers, recognizing the critical role of MFA in risk mitigation, are already making it a non-negotiable requirement for policy coverage," Sanchez added.

Sanchez further commented on the influence of governments and regulatory bodies: "The UK's National Cyber Security Centre (NCSC) has taken a bold step by mandating MFA for corporate online services. While data protection compliance doesn't universally require MFA yet, the winds of change are blowing. France's data protection authority, CNIL, has already outlined specific scenarios where MFA is deemed necessary for legal and security purposes, interpreting the underlying GDPR compliance principles to support MFA adoption. Similarly, ENISA, the European Union Agency for Cybersecurity, has thrown its weight behind MFA, recommending its use for high-risk access to personally identifiable information."

Technology companies like Microsoft are also influencing this trend. "Microsoft is actively shaping this trend. Already, Microsoft has started enforcing mandatory MFA for all Azure sign-ins. As the dominant technology in the enterprise, Microsoft's stance on MFA means that user organisations and software providers alike will be compelled to align their systems and practices with this new MFA-centric trend," concluded Sanchez.

Share on: