Podcast

Data Governance & Data Access Management: Access Controls, Data Catalogs & Access-as-Code

Open original DataTalks.Club episode

Data Governance & Data Access Management: Access Controls, Data Catalogs & Access-as-Code

Original Episode

Use these links for the canonical episode and media sources.

• Open the original DataTalks.Club podcast page
• Watch on YouTube
• Listen on Spotify
• Listen on Apple Podcasts

Episode Overview

How do you scale data access management—from access controls and data catalogs to access-as-code—without slowing innovation? In this episode, Bart Vandekerckhove, co-founder and CEO at Raito and former PM of Privacy at Collibra, walks through practical approaches born from consulting with banks (BCBS 239) and tackling early data governance pain.

People

Use these links to connect the episode to guest notes.

• Bart Vandekerckhove

Chapter Summary

Use these checkpoints to decide whether to open the source transcript.

• 0:00 - Podcast Introduction
• 1:27 - Episode Overview: Data Access Management & Guest Summary
• 2:23 - Guest Introduction & Career Path
• 3:26 - Consulting Background: Banks, BCBS 239 and data trauma
• 4:40 - Early Data Governance Pain: Manual tools and outdated lineage
• 5:20 - Defining Data Governance: Building trust in data
• 6:52 - Legacy Governance Problems: Top-down models and friction
• 8:58 - Data Catalogs, Dictionaries & Lineage: Purpose and differences
• 11:20 - Data Access Management Defined: Cloud consolidation and Chinese walls
• 13:34 - Ownership Models: Data teams, governance teams, and data mesh
• 14:47 - Data Engineers & Access Requests: Skill gaps and role mismatch
• 17:18 - Governance Skillset: Change management and DMBOK guidance
• 19:48 - Maturing Access Management: Incremental improvement and scaling
• 21:50 - Learning Resources: Books, Slack communities, and conferences
• 23:03 - When to Invest: Size, maturity signals, and trust erosion
• 25:05 - Start with Access Controls Early for Sensitive Data
• 27:49 - Core Processes: Access requests, approvals, reviews, revocation
• 29:36 - Churn Use Case: Catalog discovery, purpose-based access requests
• 32:08 - Privilege Creep & Best Practices: Time-bound access and revocation
• 33:22 - Regulatory Context: GDPR, privacy awareness, and EU perspective
• 35:35 - Debugging in Production: Temporary access and investigation workflows
• 37:19 - Privacy vs Security Stakeholders: DPO needs and CISO responsibilities
• 42:20 - Data Mesh & Sensitive Data: Federated governance, masking, filtering
• 44:55 - Avoiding Role Explosion: Role inheritance, reviews, and alerts
• 46:42 - Governance in DataOps: Active metadata, automated tagging, and pipelines
• 50:08 - Access-as-Code Beginnings: Terraform, IAM and early patterns
• 53:50 - Build vs Buy: Maintenance cost, connector updates, key-person risk
• 54:42 - Gradual Adoption Strategy: Visibility-first onboarding and automation
• 55:56 - Open Source Options: Raito CLI, Terraform patterns and limitations