Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

What is the Cloud Data Management Capabilities (CDMC)?

Published April 3, 2022
Contributors

Anas Baig

Product Marketing Manager at Securiti

Muhammad Faisal Sattar

Data Privacy Legal Manager at Securiti

FIP, CIPT, CIPM, CIPP/Asia

Listen to the content

Cloud Data Management Capabilities (CDMC) is a framework of best practices for companies that are migrating to or adopting cloud services. The framework enables organizations to securely migrate to cloud/hybrid cloud or multi-cloud environments, better protect their sensitive data, and leverage automation for improved cloud data management. It lays out how companies can establish clear accountability, controls, and governance around the broad spectrum of data and assets that exists within their cloud infrastructure.

How the CDMC Framework Came to Be

The three major cloud providers, Amazon, Microsoft, and Google, as well as many leading global 1000 companies, realized that most organizations were facing numerous challenges, when migrating to or leveraging the cloud. There was a clear lack of consistency around data management best practices, when companies were looking to migrate to or operate in cloud/hybrid cloud or multi-cloud environments. This group of market-leading companies got together and founded the Enterprise Data Management (EDM) Council. This organization's goal was to develop and promote consistent data standards and best practices around data management in the cloud. Since its inception, the EDM Council has continued to grow. It is now composed of over 250 member organizations globally and 10,000 individual members.

As the EDM council began to work on standards and best practices, they quickly realized the industry as a whole was seeing data, technology, regulatory, and planning challenges in almost every cloud implementation. At the same time, they understood that the standards and best practices had to be able to span multiple clouds, since more than 90% of all companies with cloud environments are leveraging 2 or more clouds. Out of this work emerged the CDMC framework, which they designed to define best practices and address challenges companies were now facing in a hybrid/multicloud world.

Since the EDM Council is truly global, they looked for the CDMC framework to not only tackle best practices in hybrid/multicloud implementations but also to overcome many of the multi-jurisdictional challenges that global organizations face with cloud implementations. They looked for ways in which these best practices could streamline and improve cloud adoption across numerous jurisdictions and geographic regions.

Measuring Cloud Maturity

The extent to which a company leverages the cloud can vary widely from company to company. Some companies are just starting the process of cloud adoption, while many others are mature, long-term users of cloud infrastructure. Not only can the time and scope of a company’s usage of the cloud vary widely from company to company, but the maturity level around data governance and data management in the cloud also varies widely as well. It is important that any company looking to improve the overall manageability, security, and governance in the cloud clearly understand their cloud data management starting point and maturity level. The CDMC framework helps companies assess the maturity of their cloud data management capabilities and how they can be improved.

CDMC Framework’s Top Objectives

The CDMC framework is formulated to help enterprise organizations with the adoption and implementation of cloud, hybrid cloud, or multi-cloud. Also, the framework further seeks to enable organizations to achieve the following objectives:

  • To have clearly defined controls and governance for data created or moved to the cloud.
  • To have complete insights into sensitive data assets and data residency.
  • To have automated controls for ease of access, transparency, and data security.
  • To have established controls for managing data across its lifecycle.
  • To have carefully designed and configured supporting technologies to meet business objectives.

CDMC’s 14 Key Controls

The EDM Council’s framework consists of 14 key controls that fall into 6 main component areas. These important controls and automation enable organizations to effectively manage their sensitive data in the cloud.

For the sake of this blog, let’s take a quick look at those key components and controls.

Cdmc Component Key Control and automations
1. Governance & Accountability (1) Data Control Compliance
(2) Ownership Field
(3) Authoritative Data Sources and Provisioning Points
(4) Data Sovereignty & Cross-Border Movement
2. Cataloging & Classification (5) Cataloging
(6) Classification
3. Accessibility & Usage (7) Entitlemants and Access For Sensitive Data
(8) Data Consumption Purpose
4. Protection & Privacy (9) Security Controls
(10) Data Protection I mpact Assessments
5. Data Lifecycle (11) Data Rention, Archiving and Purging
(12) Data Quality Measurement
6. Data & Technical Architecture (13) Cost Metrics
(14) Data Lineage

Governance & Accountability

The four main controls that exist in the Governance and Accountability component are Data Control Compliance, Ownership Field, Authoritative Sources & Provisioning Points, Data Sovereignty & Cross-Border Movement. These controls are meant to help companies address problems around areas such as data ownership, trustworthiness, data consumption, and data sovereignty within their cloud environments.

By leveraging these controls, organizations can ensure that they have a clear set of guidelines so when they are sourcing, managing, and moving data as well as automating governance in the cloud.

Cataloging & Classification

Many companies have difficulties identifying all of their data assets, especially when they migrate to the cloud. The Cataloging & Classification controls are meant to help with this problem. They lay out a set of best practices when it comes to creating, managing, and leveraging data catalogs. These controls layout how data needs to be discovered, classified and cataloged based on the data’s sensitivity. These capabilities ensure that a company’s data users can find, understand as well as reuse the data that they need for their business processes.

Accessibility & Usage

With many governments now establishing new data and privacy laws, it is more critical than ever before that companies are able to understand what their data is being used for, as well as who can and is using the data. The Entitlement & Access for Sensitive Data and the Data Consumption Purpose controls are meant to help organizations put in place a framework that allows them to enforce and track who can access data, and for what purpose it is being accessed.

Protection & Privacy

The Protection & Privacy component is made up of the Security and Data Protection and Impact Assessment (DPIA) controls. These controls are meant to ensure that sensitive data is protected, especially as required by regulations. It helps companies put in place a framework that enables them to guard critical data from unauthorized access or loss as well as comply with their corporate policies around data sensitivity and protection.

Data Lifecycle

Many companies have difficulties with the complexities of data lifecycle management within their cloud environments. The Data Retention, Archiving, and Purging as well as the Data Quality Measurement controls help them tackle the complexities of defining a lifecycle framework. This can help put in place automatic processes to manage critical data from creation to archiving. The controls also help companies define and implement data quality processes to ensure data quality standards.

Data & Technical Architecture

The last two controls in the Data and Technical Architecture component are Data Lineage and Cost Metrics. These controls look to help companies understand where data has traveled throughout its lifecycle, as well as provide insight into the costs associated with leveraging their cloud infrastructure. Understanding where data came from, provides insight into data validity and quality as well as system interdependencies. Insight into costs helps companies understand better cloud resources to spend and facilitate overall cloud environment optimization.

Who Needs the CDMC Framework?

The CDMC framework best practices are highly recommended for every organization that is dealing with sensitive data in the cloud, hybrid cloud, or multi-cloud environments.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


Share


More Stories that May Interest You

Videos

View More

Mitigating OWASP Top 10 for LLM Applications 2025

Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...

View More

DSPM vs. CSPM – What’s the Difference?

While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...

View More

Top 6 DSPM Use Cases

With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...

View More

Colorado Privacy Act (CPA)

What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...

View More

Securiti for Copilot in SaaS

Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...

View More

Top 10 Considerations for Safely Using Unstructured Data with GenAI

A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....

View More

Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes

As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...

View More

Navigating CPRA: Key Insights for Businesses

What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...

View More

Navigating the Shift: Transitioning to PCI DSS v4.0

What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...

View More

Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)

AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 14:21

AI Governance Is Much More than Technology Risk Mitigation

AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3

You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge

Watch Now View
Spotlight 47:42

Cybersecurity – Where Leaders are Buying, Building, and Partnering

Rehan Jalil
Watch Now View
Spotlight 27:29

Building Safe AI with Databricks and Gencore

Rehan Jalil
Watch Now View
Spotlight 46:02

Building Safe Enterprise AI: A Practical Roadmap

Watch Now View
Spotlight 13:32

Ensuring Solid Governance Is Like Squeezing Jello

Watch Now View
Spotlight 40:46

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

Watch Now View
Spotlight 10:05

Unstructured Data: Analytics Goldmine or a Governance Minefield?

Viral Kamdar
Watch Now View
Spotlight 21:30

Companies Cannot Grow If CISOs Don’t Allow Experimentation

Watch Now View
Spotlight 2:48

Unlocking Gen AI For Enterprise With Rehan Jalil

Rehan Jalil
Watch Now View

Latest

View More

From Trial to Trusted: Securely Scaling Microsoft Copilot in the Enterprise

AI copilots and agents embedded in SaaS are rapidly reshaping how enterprises work. Business leaders and IT teams see them as a gateway to...

The ROI of Safe Enterprise AI View More

The ROI of Safe Enterprise AI: A Business Leader’s Guide

The fundamental truth of today’s competitive landscape is that businesses harnessing data through AI will outperform those that don’t. Especially with 90% of enterprise...

Data Security Governance View More

Data Security Governance: Key Principles and Best Practices for Protection

Learn about Data Security Governance, its importance in protecting sensitive data, ensuring compliance, and managing risks. Best practices for securing data.

A Comprehensive Overview of the NIS 2 Directive View More

A Comprehensive Overview of the NIS 2 Directive

Gain insights into the Network and Information System (NIS 2) Directive. Learn its scope, key obligations, noncompliance penalties, practical steps for applicable businesses, and...

View More

Top 10 Privacy Milestones That Defined 2024

Discover the top 10 privacy milestones that defined 2024. Learn how privacy evolved in 2024, including key legislations enacted, data breaches, and AI milestones.

View More

2025 Privacy Law Updates: Key Developments You Need to Know

Download the whitepaper to discover privacy law updates in 2025 and the key developments you need to know. Learn how Securiti helps ensure swift...

Comparison of RoPA Field Requirements Across Jurisdictions View More

Comparison of RoPA Field Requirements Across Jurisdictions

Download the infographic to compare Records of Processing Activities (RoPA) field requirements across jurisdictions. Learn its importance, penalties, and how to navigate RoPA.

Navigating Kenya’s Data Protection Act View More

Navigating Kenya’s Data Protection Act: What Organizations Need To Know

Download the infographic to discover key details about navigating Kenya’s Data Protection Act and simplify your compliance journey.

Gencore AI and Amazon Bedrock View More

Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock

Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...

DSPM Vendor Due Diligence View More

DSPM Vendor Due Diligence

DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...

What's
New