Securiti Named a 2022 Cool Vendor in Data Security by Gartner

Download Now

What is the CDMC?

Cloud Data Management Capabilities (CDMC) is a framework of best practices for companies that are migrating to or adopting cloud services. The framework enables organizations to securely migrate to cloud/hybrid cloud or multi-cloud environments, better protect their sensitive data, and leverage automation for improved cloud data management. It lays out how companies can establish clear accountability, controls, and governance around the broad spectrum of data and assets that exists within their cloud infrastructure.

How the CDMC Framework Came to Be

The three major cloud providers, Amazon, Microsoft, and Google, as well as many leading global 1000 companies, realized that most organizations were facing numerous challenges, when migrating to or leveraging the cloud. There was a clear lack of consistency around data management best practices, when companies were looking to migrate to or operate in cloud/hybrid cloud or multi-cloud environments. This group of market-leading companies got together and founded the Enterprise Data Management (EDM) Council. This organization's goal was to develop and promote consistent data standards and best practices around data management in the cloud. Since its inception, the EDM Council has continued to grow. It is now composed of over 250 member organizations globally and 10,000 individual members.

As the EDM council began to work on standards and best practices, they quickly realized the industry as a whole was seeing data, technology, regulatory, and planning challenges in almost every cloud implementation. At the same time, they understood that the standards and best practices had to be able to span multiple clouds, since more than 90% of all companies with cloud environments are leveraging 2 or more clouds. Out of this work emerged the CDMC framework, which they designed to define best practices and address challenges companies were now facing in a hybrid/multicloud world.

Since the EDM Council is truly global, they looked for the CDMC framework to not only tackle best practices in hybrid/multicloud implementations but also to overcome many of the multi-jurisdictional challenges that global organizations face with cloud implementations. They looked for ways in which these best practices could streamline and improve cloud adoption across numerous jurisdictions and geographic regions.

Measuring Cloud Maturity

The extent to which a company leverages the cloud can vary widely from company to company. Some companies are just starting the process of cloud adoption, while many others are mature, long-term users of cloud infrastructure. Not only can the time and scope of a company’s usage of the cloud vary widely from company to company, but the maturity level around data governance and data management in the cloud also varies widely as well. It is important that any company looking to improve the overall manageability, security, and governance in the cloud clearly understand their cloud data management starting point and maturity level. The CDMC framework helps companies assess the maturity of their cloud data management capabilities and how they can be improved.

CDMC Framework’s Top Objectives

The CDMC framework is formulated to help enterprise organizations with the adoption and implementation of cloud, hybrid cloud, or multi-cloud. Also, the framework further seeks to enable organizations to achieve the following objectives:

  • To have clearly defined controls and governance for data created or moved to the cloud.
  • To have complete insights into sensitive data assets and data residency.
  • To have automated controls for ease of access, transparency, and data security.
  • To have established controls for managing data across its lifecycle.
  • To have carefully designed and configured supporting technologies to meet business objectives.

CDMC’s 14 Key Controls

The EDM Council’s framework consists of 14 key controls that fall into 6 main component areas. These important controls and automation enable organizations to effectively manage their sensitive data in the cloud.

For the sake of this blog, let’s take a quick look at those key components and controls.

Cdmc Component Key Control and automations
1. Governance & Accountability (1) Data Control Compliance
(2) Ownership Field
(3) Authoritative Data Sources and Provisioning Points
(4) Data Sovereignty & Cross-Border Movement
2. Cataloging & Classification (5) Cataloging
(6) Classification
3. Accessibility & Usage (7) Entitlemants and Access For Sensitive Data
(8) Data Consumption Purpose
4. Protection & Privacy (9) Security Controls
(10) Data Protection I mpact Assessments
5. Data Lifecycle (11) Data Rention, Archiving and Purging
(12) Data Quality Measurement
6. Data & Technical Architecture (13) Cost Metrics
(14) Data Lineage

Governance & Accountability

The four main controls that exist in the Governance and Accountability component are Data Control Compliance, Ownership Field, Authoritative Sources & Provisioning Points, Data Sovereignty & Cross-Border Movement. These controls are meant to help companies address problems around areas such as data ownership, trustworthiness, data consumption, and data sovereignty within their cloud environments.

By leveraging these controls, organizations can ensure that they have a clear set of guidelines so when they are sourcing, managing, and moving data as well as automating governance in the cloud.

Cataloging & Classification

Many companies have difficulties identifying all of their data assets, especially when they migrate to the cloud. The Cataloging & Classification controls are meant to help with this problem. They lay out a set of best practices when it comes to creating, managing, and leveraging data catalogs. These controls layout how data needs to be discovered, classified and cataloged based on the data’s sensitivity. These capabilities ensure that a company’s data users can find, understand as well as reuse the data that they need for their business processes.

Accessibility & Usage

With many governments now establishing new data and privacy laws, it is more critical than ever before that companies are able to understand what their data is being used for, as well as who can and is using the data. The Entitlement & Access for Sensitive Data and the Data Consumption Purpose controls are meant to help organizations put in place a framework that allows them to enforce and track who can access data, and for what purpose it is being accessed.

Protection & Privacy

The Protection & Privacy component is made up of the Security and Data Protection and Impact Assessment (DPIA) controls. These controls are meant to ensure that sensitive data is protected, especially as required by regulations. It helps companies put in place a framework that enables them to guard critical data from unauthorized access or loss as well as comply with their corporate policies around data sensitivity and protection.

Data Lifecycle

Many companies have difficulties with the complexities of data lifecycle management within their cloud environments. The Data Retention, Archiving, and Purging as well as the Data Quality Measurement controls help them tackle the complexities of defining a lifecycle framework. This can help put in place automatic processes to manage critical data from creation to archiving. The controls also help companies define and implement data quality processes to ensure data quality standards.

Data & Technical Architecture

The last two controls in the Data and Technical Architecture component are Data Lineage and Cost Metrics. These controls look to help companies understand where data has traveled throughout its lifecycle, as well as provide insight into the costs associated with leveraging their cloud infrastructure. Understanding where data came from, provides insight into data validity and quality as well as system interdependencies. Insight into costs helps companies understand better cloud resources to spend and facilitate overall cloud environment optimization.

Who Needs the CDMC Framework?

The CDMC framework best practices are highly recommended for every organization that is dealing with sensitive data in the cloud, hybrid cloud, or multi-cloud environments.

Share this

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Solutions

Systems

Newsletter


Securiti PrivacyOps Named a Leader in The Forrester WaveTM

View