AWS Cloud Enterprise Strategy Blog

Governing by Enabling: A Strategic Approach to Data Governance for Executives

41% of respondents in AWS’s upcoming Chief Data Officer Report say that improving data governance policies and standards is a priority for their organization. But the traditional governance model centered around restriction can stifle creativity and productivity. Data governance is no longer about enforcing control of security and compliance—it’s about enabling innovation.

Governing by enabling fosters a culture of innovation and agility. In the post “Your AI is Only as Good as Your Data,” I discussed shifting from restriction to enablement—this post gives you the next steps. Learn how to start governing by enabling, address common concerns, and ensure your organization remains competitive and secure in today’s data-driven world.

The Shift from Restricting to Enabling

The traditional restriction-oriented governance model limits access to data and tools to mitigate risk and ensure compliance. It provides a high level of control but can also frustrate your teams.

Imagine your employees having access to a handful of pre-approved applications and every request for a new tool involving a lengthy approval process. This leads to bottlenecks, reduces efficiency, drives employees to find workarounds to governance policies, and limits their data access.

Executives who govern by enabling provide their teams with data and resources and embed controls and compliance measures behind the scenes. Team members can quickly pull relevant information, generate custom reports, and provide tailored solutions to clients. When governance is frictionless, employees become willing and eager to participate in the system because it benefits them.

Governing by Enabling: A Step-by-Step Guide

1. Shift the Organizational Mindset

Governing data by enabling requires a cultural shift within your organization—you must overcome the legacy mindset.

Use real-world examples to communicate the business value of an empowered, data-driven workforce to your organization’s data providers and consumers. Tell them how the sales team struggles to access the customer data they need to close deals, facing delays due to complex approval processes and data silos. Governing by enabling will give them streamlined, secure access to real-time customer insights and analytics, allowing them to respond quickly to leads, personalize sales pitches, and make data-driven decisions on the spot.

2. Deploy the Right Tools

Your data platform should make it easy for employees to browse available data sets, evaluate their relevance, and securely access information—all with minimal technical know-how. Tools like AWS Glue can help you build self-service data platforms by automating data cataloging, metadata management, and serverless data transformation, ensuring scalability and reliability to support your growing data needs.

To make data access more welcoming, conduct interviews and observe workflows to learn how your teams access and share data. Identify where employees struggle to find information and what unnecessary barriers exist in data discovery and access processes. Are complex approval processes discouraging data usage? Design your data environment to address these pain points and create intuitive self-service capabilities.

3. Implement Integrated, User-Centric Controls

Make the mechanics of data governance as seamless and invisible to users as possible by automating the enforcement of security, privacy, and compliance policies.

Leverage advanced technologies such as artificial intelligence (AI) and machine learning (ML) to handle the heavy lifting. AI-powered tools like Amazon Macie can automatically classify and tag your data based on sensitivity and ensure it is handled properly.

ML algorithms provide intelligent access control, analyzing user behavior patterns to dynamically grant or restrict access based on roles and context. Instead of relying on predefined roles and permissions, these algorithms learn from historical data access patterns, identifying what constitutes normal behavior for different roles within the organization. If an analyst frequently accesses sales data from the office network between 9:00 a.m. and 5:00 p.m., the system treats this as standard usage. If an attempt to access the same data is made at an unusual hour, from a new location, or through a different device, the ML model can flag this behavior as anomalous and either deny access outright or trigger additional authentication steps, such as multi-factor authentication.

ML systems can adjust access controls dynamically based on context. An employee working on a new project might be temporarily granted broader access based on collaboration patterns identified across teams, but this expanded access is automatically revoked once the project concludes. This approach ensures data remains secure yet accessible when needed, avoiding unnecessary bottlenecks. Through continuous monitoring and analysis, ML algorithms refine these patterns and become more accurate at predicting when access should be granted or restricted.

4. Clarify Governance Policies, Not Mechanics

While automating the enforcement of governance policies is crucial, it’s equally important to make those policies clear to users.

Communicate the overarching data management rules, guidelines, and standards in a way that helps employees understand the “why” behind controls. Explain how role-based access restrictions and monitoring for anomalous behavior patterns are in place to protect sensitive customer information and maintain compliance with regulations—but keep the technical details and enforcement mechanisms invisible.

Your teams should be able to access the data they need, collaborate seamlessly, and leverage analytics without worrying about the complex compliance and security protocols running in the background. This “governance by design” approach empowers your workforce, builds trust, and encourages the adoption of your data platform. Users recognize the platform’s value and realize they can work efficiently within guardrails.

Overcome Resistance to Change

As with any significant change, you may encounter resistance when starting to govern by enabling. Data security and compliance teams accustomed to a more restrictive governance model may hesitate to change existing policy enforcement processes. Middle managers, the historic enforcers of data access policies, may fear their authority is diminished. And some long-tenured employees, comfortable with the familiar “need-to-know” approach, may be skeptical of a more open, user-centric data environment. To overcome these concerns, stakeholder groups must be involved early in planning.

Demonstrate to the security and compliance teams how automated, AI-powered controls can strengthen data protection by reducing human error and adapting to evolving threats in real time. Position the data governance team as enablers, not gatekeepers, and show how a user-centric approach can improve data hygiene and compliance by integrating tools and guidelines into everyday workflows. Users are more likely to adhere to policies, reducing errors, data duplication, and inconsistencies.

Users are more likely to adhere to policies, which leads to:

  • Reduced errors, data duplication, and inconsistencies
  • Simplified compliance
  • Minimized risks
  • Consistent adherence across the organization
  • Efficient monitoring and auditing

Governing by enabling means middle managers focus more on supporting and empowering their teams rather than controlling access to data. Managers can use self-service analytics to guide their teams in leveraging data more effectively, helping them quickly make informed decisions. By ensuring that employees have secure, easy access to relevant data, they can spend less time on gatekeeping and more on providing strategic insights, coaching, and aligning team efforts with broader organizational goals. This shift enhances team agility and enables faster, data-driven problem-solving.

Conduct targeted training and change management workshops for tenured employees wary of change to address their concerns, showcase early success stories, and help them integrate the new data platform into their daily workflows.

Pro Tip: Governing by Enabling Extends Beyond Data

The principles of governing by enabling can be applied to other areas of your business. Consider Amazon’s use of IT vending machines and physical kiosks where employees can quickly obtain replacement equipment like power cords, mice, or headsets. It operates on the same core concept: Providing users the resources they need when they need them without unnecessary friction or bureaucracy. Employees simply scan their badge, select the required item, and the machine dispenses it. Underneath this seamless experience, the vending machine applies automated governance policies to prevent misuse, such as limiting the frequency at which individuals can request replacement items.

Real-World Example: AWS Data Exchange

AWS Data Exchange exemplifies “governing by enabling” in action. It offers a user-friendly platform where data providers can securely share data, and consumers can easily discover and use it. Governance is seamlessly integrated into the customer’s experience. Providers upload data and set permissions, while AWS handles security and access control. Data consumers browse, evaluate, and subscribe to datasets effortlessly, with governance policies enforced behind the scenes.

This robust framework ensures data integrity and compliance without burdening users. By embedding controls invisibly, AWS empowers consumers to acquire data freely while allowing providers to share it confidently. It’s governance that just works.

Lead the Way

By governing by enabling, you can lead your organization into a future where governance drives innovation, enhances productivity, and strengthens competitive advantage. This approach balances safeguarding with user-centricity, fostering a culture of trust, efficiency, and agility. Don’t just protect your data—unleash its power.

Tom Godden

Tom Godden

Tom Godden is an Enterprise Strategist and Evangelist at Amazon Web Services (AWS). Prior to AWS, Tom was the Chief Information Officer for Foundation Medicine where he helped build the world's leading, FDA regulated, cancer genomics diagnostic, research, and patient outcomes platform to improve outcomes and inform next-generation precision medicine. Previously, Tom held multiple senior technology leadership roles at Wolters Kluwer in Alphen aan den Rijn Netherlands and has over 17 years in the healthcare and life sciences industry. Tom has a Bachelor’s degree from Arizona State University.