Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Forrester Wave data governance results: what IAM teams should notice


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Data governance is becoming a control plane for AI readiness, not just a reporting function, according to Forrester, which named Collibra a Leader in its Data Governance Solutions Wave after assessing 13 vendors across 28 criteria, with the report highlighting AI governance, lineage analysis, observability, and policy modelling as key differentiators. The result matters because data governance is becoming a control plane for AI readiness, not just a reporting function.

NHIMG editorial — based on content published by Collibra: Collibra named a Leader in The Forrester Wave™: Data Governance Solutions, Q3 2025

Questions worth separating out

Q: How should security teams connect data governance with IAM controls?

A: Security teams should connect data governance with IAM by tying asset classification, policy decisions, and lineage evidence back to named owners and entitlement records.

Q: Why does lineage matter for identity and access governance?

A: Lineage matters because it shows how data moved, who touched it, and which rules applied along the way.

Q: When should organisations treat a data governance platform as part of security architecture?

A: Organisations should treat a data governance platform as part of security architecture when it affects access approval, sensitive-data sharing, auditability, or AI consumption paths.

Practitioner guidance

  • Map data governance outputs to access decisions Require the governance platform to show who approved access, which policy applied, and what downstream datasets or models inherited that access.
  • Test lineage for AI and audit use cases together Validate whether lineage survives data movement across warehouses, BI tools, and AI pipelines.
  • Align workflow ownership with sensitive-data classes Assign explicit approvers for high-risk data classes and ensure the workflow engine records ownership, escalation, and retention.

What's in the full article

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

  • How the platform maps data classification, lineage, and policy modelling into a single operating model
  • Which governance criteria Forrester says distinguish mature platforms, including workflow and observability
  • The full set of product positioning around AI governance, data sharing, and compliance support
  • The vendor's own explanation of why configurability matters for complex enterprise governance needs

👉 Read Collibra’s post on the Forrester Wave for data governance solutions →

Forrester Wave data governance results: what IAM teams should notice?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Data governance is becoming identity governance by another name. As platforms move from cataloguing data to controlling access, lineage, and policy, the boundary between data governance and IAM narrows. The same control questions recur across human users, service identities, and AI-driven access paths: who is authorised, what was touched, and how is it proven. Practitioners should treat governance tooling as part of the access control stack, not a separate reporting layer.

A few things that frame the scale:

  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
  • A separate finding from the same study shows that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which underscores how quickly governance breaks when access paths are not observable.

A question worth separating out:

Q: What should practitioners look for in AI governance capabilities?

A: Practitioners should look for capabilities that preserve policy, context, and traceability as data moves into AI use cases. If an AI governance feature cannot explain which datasets were used, who authorised access, and what review trail exists, it is not sufficient for high-trust deployment.

👉 Read our full editorial: Forrester’s data governance wave signals a wider AI governance shift



   
ReplyQuote
Share: