Data governance used to be treated as a compliance obligation. In the energy sector, such an approach is no longer viable. Governance now plays a central role in protecting infrastructure, meeting regulatory obligations, and enabling technology like AI.

At Data Leaders Forum, Secoda CEO Etai Mizrahi sat down with Shane Coleman, Chief Data Security Evangelist at Cyera, to talk about how governance is evolving in the energy sector and what’s driving teams to invest earlier.

What emerged was a clear picture of governance as more than a checklist. It’s a strategic priority for safeguarding infrastructure, accelerating audit readiness, and setting the stage for responsible AI.

Here are the key themes from the discussion, along with real-world examples of what’s working.

Governance is starting earlier for energy teams

Energy organizations operate under unique pressures. Alongside common threats like phishing and remote access vulnerabilities, these teams are tasked with protecting national infrastructure. That includes control systems, operational technology environments, and the data pipelines supporting them.

“Energy organizations also have this massive push to modernize all these diverse systems,” Shane noted. “They have to constantly evaluate and audit their infrastructure controls because they’re well aware of the impact to their nation should an attack succeed.”

Multiple frameworks exist to guide this work, including NERC, C2M2, IEC 62443, and NIST. But implementation is challenging, especially given the number of data sources involved. Smart meters, grid telemetry, weather feeds, and operational systems all contribute to the growing volumes of sensitive information that must be governed. According to a Deloitte study, only about a quarter of energy organizations fully trust their data - a number that may be even lower if teams account for unknown exposures or inconsistencies.

To close these gaps, some organizations are adopting practices that combine classification tools with metadata systems, enabling both security and data teams to work from the same source of truth.

Audits are pushing governance forward

Governance often gains momentum through stakeholder support when it prevents costly disruption. For energy organizations, audits are one of the clearest examples. Governance, risk, and compliance (GRC) teams must regularly support internal audits, external regulatory audits, and urgent assessments prompted by shifting risk profiles.

Large organizations may have up to 20 GRC auditors managing over a dozen audits each quarter. In one case, a data materiality audit took a single employee three months to complete. Without centralized ownership, lineage tracking, or real-time visibility, these types of investigations become organizational bottlenecks.

That timeline isn’t sustainable. As Shane said, “Being able to respond to an audit within minutes, versus months, is very valuable.”

With Secoda, energy teams can now see Cyera’s sensitive data tags alongside lineage and audit logs. That allows them to track an asset’s origin, usage, and downstream impact in a single view. It also reduces tool switching, speeds up investigations, and helps teams stay ahead of audits instead of reacting to them.

AI is raising expectations for data quality and classification

Grid optimization, demand forecasting, and predictive maintenance have long been part of the energy industry. What has changed is the urgency. Models are moving into production faster than ever, which raises the bar for data quality and accuracy. Strong classification and high data quality are essential at this stage.

“Why would you put data into a model if you don’t know it’s accurate? Garbage in, garbage out.”

To prevent these issues, some organizations are applying governance earlier in the machine learning lifecycle. This includes tagging datasets based on sensitivity, assigning clear ownership, and validating inputs before model training begins. These practices reduce the risk of compliance gaps or performance failures without slowing down development.

AI is no longer a downstream concern. It’s reshaping how organizations classify and manage data from the very beginning.

Small, focused wins are driving larger transformations

Governance success isn’t coming from top-down overhauls. It’s coming from small, well-scoped projects that build momentum over time.

Shane shared how one organization used discovery tools to inventory their data in three weeks. In the following three weeks, they eliminated over 14 million records flagged as out of policy. Another team used lineage and classification insights to restructure backups, prioritize sensitive assets, and reduce cloud costs.

In both examples, teams began with shared context and consistent tagging. They leaned on automation to minimize manual effort and used early outcomes to build support.

Governance projects tied to revenue or regulation tend to see the strongest adoption. “It’s so much easier to get the ear of the people you need to talk to when it’s directly tied to metrics that matter,” he said.

Culture is just as important as tooling

Both panelists agreed that governance tools only work if the culture supports them. Shane shared the story of a privacy leader who repositioned governance as a pathway to secure innovation. Instead of being seen as a blocker, she became a go-to advisor for product and engineering teams.

“Now she’s got business owners coming to her, asking, ‘Can I do this securely?’” he explained.

Etai noted that teams are also finding ways to quantify progress. Metrics like data ownership coverage and data quality scores are helping data leaders track improvements and communicate value more effectively. When paired with clear classification standards, these metrics build trust across the business.

Getting started means getting visibility

When asked what he would prioritize if stepping into a new data security role in energy, Shane’s answer was clear. “A fast, accurate data risk assessment. You can’t recalibrate your governance strategy if you don’t know what’s at risk.”

Data teams are encouraged to begin where governance efforts are easiest to justify. Revenue-critical data, compliance-linked datasets, and decision-making assets are all high-impact places to start.

Both speakers emphasized that you don’t need to boil the ocean. Governance doesn’t have to start big. It needs to start with clear use cases and measurable outcomes. If teams can respond faster to audits, reduce unnecessary data sprawl, and increase model accuracy, they’re already proving that governance can support innovation instead of slowing it down.

At Secoda, we support that shift by helping teams automate access, document lineage, monitor quality, and apply policies in the context of their existing workflows.

If you're working to operationalize governance and make it easier for teams to adopt, we're here to help.