So, what’s all this hullabaloo about Data governance? Data governance (DG) may seem like an emerging trend that will die down before the next fad comes along but, in fact, it’s one of the most important processes for a company to have long-term trust that their data is always in the right hands, and always at the right time. Data governance is a set of processes by which an enterprise can formally manage its data assets. In other words, different departments within an organization are assigned different access and permission rules to analyze, revise or access their data with the purpose of preventing any inconsistencies, breaches or contaminations of data with respect to both internal and external regulations.
It also eliminates wait-time for certain departments who need information instantly and allows any data inconsistencies to be discovered and corrected in a timely manner. These assignments will depend on the department’s capabilities, roles, and business-critical tasks as well as compliance needs. With more and more businesses capturing growing volumes of business-critical data, DG plays an important role in ensuring that the data sets on which analytics are run—and decisions are made—are “clean”, complete, up-to-date, accessible, and secure.
DG has introduced a new role to enterprise—data stewardship—which Tech Target defines as: “…the management and oversight of an organization’s data assets to help provide business users with high-quality data that is easily accessible in a consistent manner.” Especially as more security and privacy requirements are being put in place (GDPR, HIPAA, PCI DSS, FedRamp, etc.), more and more organizations are appointing data stewards to help improve data security and quality. Data stewards have the ever-important role of incorporating and implementing these organization processes all information is compliant with internal and external rules and regulations. The data steward knows how the data is collected, maintained, and interpreted in and out. The job revolves around, but is not limited to, the following questions: Although they certainly require IT support, data stewards should sit squarely at the heart of an enterprise’s core business team and have a deep, holistic understanding of the organization’s data assets. In this article, we’ll explore the challenges and, more importantly, the benefits of data governance.
Data, Data Everywhere—but is It Trustworthy?
With more and more businesses undergoing digital transformations, it is accepted that the size of the digital universe will (at least) double every two years; i.e., a 50X increase from 2010 to 2020. In a typical enterprise today, large volumes of data flow in every day from a wide variety of customer-facing or internal apps and platforms—sales, marketing, production, accounting, logistics, and more. In order to turn big data into business intelligence, it has to be analyzed and used. However, some estimate that as things stand today, less than 0.5 percent of the data being created or aggregated is turned into actionable insights. One of the key reasons for this underuse of big data is ineffective data governance. DG makes sure that the data can be trusted and is accessible to the relevant business users. Effective data governance reduces ROT (redundant, obsolete, or trivial) data, provides permission-based self-service access to a wide range of users, and keeps data assets secure. DG policies and processes must also take into account that different data sets have different functions within the organization, and require different levels of accessibility, veracity, and security.
No Robust DG Without Master Data Management
An important aspect of DG is Master Data Management (MDM), which Gartner defines as: “…a technology-enabled discipline in which business and IT work together to ensure the uniformity, accuracy, stewardship, semantic consistency and accountability of the enterprise’s official shared master data assets…” MDM allows an enterprise to link its critical data to a master file that provides a single, consistent, trusted view across diverse, fragmented data sources. As Michael Hiskey wrote recently, MDM and DG are two sides of the same coin—DG describes the practices, and MDM describes the discipline and technology. Without MDM, data policies and procedures cannot be enforced.
Data Governance and GDPR
Since a lot of the data collected by an enterprise is related to individuals (customers, prospects, and so on), DG must also comply with consumer protection frameworks such as the European Union’s General Data Protection Regulations (GDPR), which comes into effect on May 25, 2018, the very first update since the Data Protection Act 1998 was applied to protect personal data. Among its many provisions, GDPR requires that an enterprise provides individuals full visibility to the data it has collected about them—and must destroy that data upon request. Only robust DG will allow an enterprise to track with confidence all the places where an individual’s data may be located, and for what purpose. GDPR also requires that personal data is protected against misuse at every stage of its lifecycle, that proper audit trails be in place, and that data can be instantly recoverable given an outage or data breach. GDPR is binding on any company doing business in the European Union, and fines for non-compliance are very high. The time is ticking and companies must start working on their GDPR plan by implementing the proper processes and solutions.
DG and AWS Shared Responsibility Model
AWS is currently, the king of the cloud, and they have managed to change the way enterprises manage and store data by helping to significantly save on costs and time. The AWS cloud has eliminated the need to maintain physical data centers by allowing companies to manage virtual servers in their ever-emerging cloud infrastructure. AWS provides handy controls and cloud services which organizations can easily use via their dashboard to automate their data governance (i.e. EBS, EC2). However, organizations need to remember that, although these resources help to mitigate security risk and relieve a ton of operational burden, AWS is only responsible for these services, and not for a company’s cloud backup and disaster recovery. Organizations still have a responsibility to maintain the security of everything within their cloud. In other words, companies not only choose which cloud services to use but also must fully protect their cloud data by meeting RTO and RPO requirements. Luckily there are ways to automatically do this and avoid deep holes in security and data governance.
A Final Note
DG ensures high-quality data that is properly secured and used appropriately. The business benefits are measurable, and they can be substantial. According to an August 2017 Aberdeen report, companies with effective MDM/DG programs in place are 2.2 times more likely to see year-over-year revenue growth and three times more likely to see year-over-year decreases in operating costs. Leading technology trends such as AI-based M2M applications, IoT, blockchains, and the ever-expanding AWS cloud —such as Amazon Dynamo DB— backup & disaster recovery tools are now generating (and supporting) even bigger waves of data. Therefore, it is important to have a scalable DG and MDM infrastructure in place that can use this data for better business outcomes.