BLOG
Login
Get Demo
Data Governance Framework | Egnyte

6 Achievable Ways to Improve Data Governance

Why Data Governance Matters More Than Ever

Protecting your organization’s mission-critical data is always a top priority. However, data security has gained additional importance in the AI era. 

Summary: 6 Pillars to Modern Data Governance

In this blog, I outline six practical steps you can take to improve data governance. Use these proven strategies to mitigate risk and ensure your data remains an asset, not a liability. I’ll outline them below, dive deeper later in this blog, and, to keep learning, watch my webinar at the end of the article. 

  • Establish Responsible AI Policies: Bridge the gap between usage and formal policies to prevent sensitive data exposure.
  • Unify Governance: Move to a "single pane of glass" for managing IT security.
  • Programmatic Compliance: Shift from one-time projects to ongoing programs.
  • Zero Trust Architecture: Protect your users wherever they work with MFA, and only allow users to access formally approved devices. 
  • Proactive Ransomware Prevention: Use AI-powered detection to counter attacks and install ransomware protection on all devices.
  • Integrated Incident Response: Develop and maintain a proper incident response plan with regular tabletop exercises. 

#1: Establish a Responsible AI Usage Policy

In a recent global study by McKinsey & Company, 88% of respondents reported regular AI usage in at least one function at their companies. However, in a separate S&P Global study, only 36% of respondents’ companies leveraged a dedicated AI policy or had an AI policy integrated into their other governance policies. The disparity between the two figures indicates that many organizations are using AI across their organizations, without sufficient AI security policies in place, which places sensitive content at risk.

Best practices to protect sensitive data from AI exposure include the following:

  • Determine who in the organization uses AI, what they use it for, and where they use it.
  • Based on the usage details you uncover, determine the organization's current level of AI risk.
  • Standardize on a private AI solution for your company, which provides the required level of security protection.
  • Concurrently, create a responsible AI usage policy that’s supported by executive management and for all groups that use AI.
  • Conduct ongoing user education that’s focused on the “Do’s and Don’ts” of AI usage, using relatable examples like similarities between the data protection use-cases for AI and email. 
  • Continuously reinforce the difference between public and private AI, reminding users not to analyze customers’ data and competitive data via public AI tools.

#2: Unify Governance Under a Single Pane of Glass

According to a recent report by Zero Threat, approximately 60% of SMBs experience at least one cyberattack per year. One of the easiest ways to prevent attacks is by unifying data governance under a single pane of glass. However, achieving a comprehensive view of data security is easier said than done, since the companies I work with typically have at least 10 to 15 security tools implemented.

Here’s how to manage security preparedness with a single pane of glass:

  • Begin by assessing which tools your security teams and end-users utilize, with special attention paid to shadow IT installations.
  • When your analysis is complete, develop administrative controls specifying approved technology providers and the technical use cases for those vendors.
  • Then, assess technical controls, such as which governance features are available in the solutions that you’ve purchased.   
  • Identify any solution gaps you might have, with a laser focus on the technology that will enable you to correlate security alerts.
  • As you evaluate new technology, prioritize solutions that enable you to review risk status with a risk management dashboard and empower you to take immediate action to fix vulnerabilities.

#3: Treat Regulatory Compliance as a Program, Not a Project

In addition to managing risk, the vast majority of companies are now required to comply with a wide range of cybersecurity and data privacy regulations. Based on my experience, focusing on compliance is an effective way to improve cybersecurity protection, but only when compliance is elevated to an ongoing program, not treated like a one-time project.

Here’s how to instill a programmatic approach to compliance:

  • Compliance programs need to have a single owner to prevent organizational confusion and finger-pointing when things go wrong.
  •  Your executive team needs to realize that compliance isn’t just about IT—compliance responsibilities extend well beyond IT to corporate training, legal, end users, etc.
  •  Since attaining compliance can be a major undertaking, you need to bring in outside help when you have gaps.
  • For maximum effectiveness, automated solutions such as Egnyte’s Compliance Center should be integrated into the process.

#4: Protect Your Company’s Users, Wherever They Work

Despite best efforts to maximize cyber-protection and comply with regulations, today’s “Work from Anywhere” culture significantly expands the risk landscape. Realistically, the hybrid approaches your company uses to protect its infrastructure can be adopted by cyberattackers that are looking to harm you.

You can maximize your users’ data protection by:

  •  Checking who’s actively logging into your network, and with what devices.
  •  Implementing protection measures like Zero Trust security and multifactor authentication (MFA), at all access points.
  •  Paying special attention to Bring Your Own Device (BYOD) technology, including having the devices formally approved by an administrator and registered.
  • Reducing overall data sprawl and users’ access to the sensitive data you need to protect.

#5: Implement Strong Ransomware Prevention Measures

Even with powerful security measures in place, ransomware attacks remain a critical concern for SMBs. According to published reports, ransomware downtime averaged 24 days in 2025, meaning that very few organizations can withstand the productivity and financial impacts of major attacks. In my experience, ransomware attacks have become superpowered with AI, with only 10 to 20 minutes of response time between the attack’s initial point of entry to encryption of the first file.

Key approaches to protect your company from ransomware attacks include:

  • Focusing users’ education on the cause-and-effect relationship between phishing messages and successful ransomware attacks.
  • Using AI and machine learning to combat potential attacks by “fighting AI with AI.”
  • Installing ransomware protection tools on all relevant devices.
  • Operating with the realization that paying a ransom should be considered a last resort, since cyberattackers can release your valuable data even after they’re paid.

#6: Integrate Incident Response Into Your Governance Framework

Even highly secure organizations can eventually become victims of cyberattacks. That’s why it’s important to have a current incident response plan in place. In a worst-case scenario, you don’t want confusion, negative social media buzz, customer complaints, and employee dissatisfaction to drive your recovery narrative.

Follow these incident response best practices:

  • If you don’t have up-to-date incident response and IT security plans in place, develop them now by following these guidelines.
  • Your incident response plan should include:
    • All important contact names, including the company’s key decision-makers, cyber insurance provider, local law enforcement organization(s), forensics provider, etc.
    • Contact information stored outside of the network (such as on users’ business phones), as the network is likely to be unavailable
    • Relationships that are established with forensics companies prior to an incident, so they know what tools you use and can help you to recover more quickly
    • Scenarios regarding who does what when an attack takes place, including how long the company can function in the event of an attack
    • A detailed communications strategy that extends well beyond IT, which includes how often customers and business partners will receive communications from the company, what communications channels will provide those updates, etc.
  •  Engage in tabletop exercises with a proven facilitator prior to an actual incident, and use 
  • Include company leadership in the tabletop exercises and give them a significant role throughout the exercises.

Learn More

To learn more about data governance best practices, watch and share my recent webinar replay.

Share this Blog

TAGS

AUTHOR

Bill Goldin
SVP of Cybersecurity at Network Coverage
View All Posts

Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte’s Privacy Policy.

US: 1-877-734-6983
EMEA: +44.20.3356.3714

© 2026 Egnyte, Inc. All rights reserved.