Data Governance

AWS Data Governance with AWS Config Vs. NetApp Cloud Data Sense

November 29, 2021

Topics: Cloud Data Sense AWS5 minute read

The modern enterprise stores more data than ever before—in both structured and unstructured form, distributed across a wide range of different storage services in hybrid cloud and multicloud architectures.

But how do you maintain visibility and control over all this data? Just how certain can you be about what data you have and where it resides, especially if you’re using a public cloud provider such as AWS?

In this post, we look at two such AWS data governance solutions, AWS Config and NetApp Cloud Data Sense, and compare the different ways in which they help you meet the demands of data governance.

What Does Data Governance Mean?

Data governance helps you to meet the challenge of controlling and maintaining visibility into your data set by providing the frameworks you need to meet your regulatory compliance, security and cost-optimization objectives. It also plays an important role in improving data quality and is therefore key to business intelligence (BI) success.

At enterprise scale, data governance is a complex and time-consuming manual undertaking, even more so when using a public cloud provider such as AWS. So it's important to make use of tooling that can help you manage your data effectively and efficiently.

What Is Data Governance in AWS?

Data governance in AWS presents the same challenges of visibility and control over data that is specifically being stored or making use of services in AWS. Data governance for these deployments may need to extend beyond the AWS ecosystem, of course.

The growing popularity of hybrid and multicloud deployments mandates that your AWS data governance solution offers visibility and control over multiple repositories. One way that AWS has begun to address this need is with AWS Config.

What Is AWS Config?

AWS Config is an infrastructure monitoring and auditing tool that helps you meet data protection requirements by profiling real-time configurations of AWS resources against your own internal set of benchmarks.

It continuously monitors configuration changes across your AWS infrastructure, triggering a CloudWatch event and sending out a Simple Notification Service (SNS) message whenever it detects a deviation from your own predefined set of AWS Config rules (which are based on Lambda functions). You can either review these alerts manually or use them to programmatically perform remedial action.

In addition, you can use AWS Config to record the history of configuration changes. This can help you troubleshoot issues by mapping changes to operational events.

Third-Party Resources

AWS Config can also monitor configuration changes to other environments, such as GitHub repositories, Microsoft Azure Directory resources and preconfigured on-premises servers.

What Is Cloud Data Sense?

Data Sense is a data discovery, mapping, and classification tool from NetApp that helps you understand your data, automate data optimization tasks and make smart governance and data-driven business decisions.

Governance Capabilities

Data Sense assists data stewards through a consolidated set of capabilities, which can identify:

  • Duplicate data to help you optimize storage costs
  • Stale data to help you fine-tune your data retention and storage tiering policies
  • Non-essential data that's superfluous to your business needs
  • Files with open permissions to help address potential vulnerabilities

It presents a high-level breakdown of these insights through a governance dashboard, which gives you a real-time overview into where data resides on your systems, how much of it you store and how frequently you access it.       

It can also support your analytics and data migration initiatives by means of a bulk data labeling feature, through which you can efficiently purge data of all sensitive or redundant information before copying or moving it to an alternative location.

Compliance Features

Data Sense offers a range of additional features that aid compliance with data protection laws and standards such as the General Data Protection Regulation (GDPR),California Consumer Protection Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI-DSS).

For example, it uses artificial intelligence (AI) technology, which can deduce in some cases the context of data—in both structured and unstructured form. This means it can detect certain forms of unencrypted personal information, such as email addresses, social security numbers, and credit card numbers, with a high degree of accuracy. This can significantly reduce the workload involved in identifying and protecting sensitive data at scale.

What's more, after your initial scan, Data Sense helps you maintain always-on privacy protection by inspecting any new data as it is changed or added to storage.

The fully managed solution also provides a number of compliance centric-reports, which include: 

  • A general report of your data which categorizes the data according by type, including personally identifiable information and sensitive private data
  • A PCI-DSS report, which shows you the distribution of payment card information across your storage
  • A HIPAA report to help identify files containing health information
  • A data subject access request (DSAR) feature that generates a summary report of the information you hold about a data subject

Third-Party Resources

Data Sense provides insights not only into data hosted in NetApp's own storage services but also across a wide range of other on-premises and cloud-based storage repositories, including any that are used by Cloud Volumes ONTAP, Azure NetApp Files, natively on Amazon S3 buckets and RDS databases, and Microsoft OneDrive, MySQL and MongoDB.

Other Key Differences

AWS Config and Data Sense clearly provide different types of functionality for different data governance purposes. But they're also distinct from one another in a number of other ways. For example, both solutions offer multicloud capabilities and are able to monitor a variety of databases and storage services.

By contrast, Data Sense is easy to set up, providing out-of-the-box integration with a wide range of on-premises and cloud-based resources. Furthermore, to realize the full potential of AWS Config, you must call upon other AWS services, such as SNS, CloudTrail and CloudWatch. Data Sense, on the other hand, is a complete turnkey solution that's ready to use almost immediately—with minimal setup and configuration.

Data Sense therefore gives you much deeper insight into the information you store on your systems, so you can manage it much more effectively.

AWS Config or Cloud Data Sense? They’re Better Together

AWS Config helps you meet your AWS data governance objectives by automating conformance of your resources to desired configurations. Data Sense, on the other hand, takes a more strategic approach and offers a broader set of features.

Both products work together in harmony to simplify data stewardship, providing a rounded set of capabilities for use by storage and operational teams as well as data governance and privacy professionals.

Senior Marketing and Strategy Manager

-