The evolving landscape of data governance presents significant challenges for organisations as they prepare to navigate the complexities introduced by generative artificial intelligence (AI), regulatory demands, and persistent cybersecurity threats. As 2025 approaches, it is increasingly clear that traditional methods of managing data governance are inadequate.
The rapid adoption of generative AI technologies has intensified the complexities surrounding data governance. Large language models, which underpin generative AI applications, rely on vast amounts of data for training, raising serious concerns about data locations and processing sites. Organisations must grapple with potential data sovereignty issues, particularly for firms based in the European Union that utilise AI tools developed in the United States. Additionally, there are critical confidentiality risks associated with the use of sensitive data within generative AI.
To mitigate these risks, organisations are advised to centralise their data management. This could involve the implementation of a document management system (DMS), allowing for better control of data intended for AI training. A centralised approach would not only enforce security policies but also facilitate the curation of knowledge assets that the AI can utilise, while ensuring compliance with data sovereignty and geolocation regulations.
In conjunction with AI-related challenges, the regulatory landscape continues to evolve. Issues around data governance have gained prominence alongside stricter privacy laws, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. The expansion of similar legislative measures across various states is increasing the burden of compliance on organisations. Meanwhile, the National Institute of Standards and Technology (NIST) has emphasised data governance as a fundamental principle in its Cybersecurity Framework 2.0. Such frameworks highlight the importance of understanding what data entities possess, where it is stored, and the measures in place for its retention and disposition.
As regulation tightens, public awareness surrounding data rights has also grown, leading to an increase in Data Subject Access Requests (DSARs) that organisations must efficiently manage. Having data scattered across multiple systems complicates this task; hence, a centralised data storage solution can significantly aid in compliance efforts and bolster customer trust.
Despite the emergence of generative AI and evolving regulations, traditional phishing threats continue to pose significant risks to organisations. Although phishing attacks are not a new phenomenon, the sophistication afforded by generative AI has enhanced the ability of threat actors to launch large-scale phishing campaigns. Consequently, comprehensive education for employees regarding recognising phishing attempts has become paramount. Additionally, conducting phishing simulations could highlight vulnerabilities and reinforce sound cybersecurity practices.
Organisations are also urged to adopt a Zero Trust framework, which restricts access to only those users with appropriate authorisations. This framework is crucial for mitigating risks associated with phishing and other cyber threats, helping to establish a robust defence against unauthorised access and data breaches.
Multi-factor authentication (MFA) is expected to gain increased adoption in 2025, fuelled in part by Microsoft's decision to make MFA a default requirement for its Azure services. This initiative forms part of a broader effort to enhance security, as MFA significantly reduces the likelihood of unauthorised access. The push for MFA is echoed by cyber insurance providers who have begun mandating it as a requirement for coverage, as well as by governmental and regulatory bodies.
The imperative for organisations is clear: MFA should be implemented by default, leveraging the strongest available options. This approach aligns with the Zero Trust principle of simplicity in security measures. As security threats continue to evolve, organisations that neglect MFA risk falling behind in their cybersecurity posture.
In summary, as 2025 approaches, organisations need to prioritise data governance in response to the complexities introduced by generative AI, regulatory changes, and persistent phishing threats. By enhancing data management practices and adopting measures such as MFA and Zero Trust, businesses can better secure their data, mitigate risks, and position themselves for the future.
Source: Noah Wire Services