Data is valuable. As the challenge of protecting customer data mounts, more and more businesses are embracing data-governance strategies to manage the information that serves as the lifeblood of the company. Without a doubt, data has become the raw material of the information economy, and data governance is a strategic imperative.
Increasingly, companies seeking competitive advantage are also leveraging data governance to proactively add value to the bottom line. It is about getting the right information to the right people at the right time and enabling the entire organization to seize new opportunities rather than simply operating in a reactionary way.
Such opportunities don’t wait, and neither do crises. Businesses need to know what’s happening not just in their own organizations, but also within all of the companies they touch, whether they are vendors, customers or partners. Having real-time access to information is crucial. It is important to know where the data resides and what it is worth, and calculate the probability of risk and cost to the organization in the event that it’s stolen.
With more than a billion people connected online today, we are at the dawn of a data explosion, and it is becoming increasingly difficult to manage and control the terabytes of data residing within different parts of the organization. Many companies use the “fortress” method, a big thick perimeter wall to keep out the bad guys. But this method can be problematic since not all data has the same value, not all risks are outside the perimeter, and not all controls can effectively prevent fraud. The fortress model of data security creates a one-size-fits-all approach, allowing organizations to overprotect low-quality data and underprotect high-value information like customer account details or employee Social Security numbers, regardless of business context or use.
Governing data today is an organizational responsibility, and there is clearly a need for common solutions and governance models to protect and share data on different levels across the organization. Moreover, the complexity extends beyond structured customer data. Organizations are concerned about governing access to many types of data including unstructured content, trade secrets, financial data, patient information, video, audio, etc.
Beyond new methods to protect data, effective data governance can play a vital role in driving new business opportunities and retaining existing customers by improving overall data quality and business intelligence. Companies seeking to get a true handle on their data must go beyond simply protecting it.
Here are six simple steps that every company can take today to govern data successfully:
Step 1: Get a governor and the right people in place to govern
The first step in any successful data-governance program is identifying an individual within the organization who carries the delegated authority of the CEO and making that person accountable to make things happen. There is no substitute for strong leadership.
Data governance is a political challenge that requires building consensus among many diverse stakeholders. Political leadership within the organization is therefore a priority. Once established, the governor can create a governing council composed of organizational stakeholders to formulate stewardship policies and report progress to the CEO and board of directors.
Step 2: Survey your situation
Once you have the leadership team in place, it needs to survey the territory and inventory current practices across many diverse domains. The teams need to see across the stovepipes, and an enterprise data-governance assessment methodology is imperative for this task. It helps benchmark where the organization’s data-governance program is today and delivers a road map to determine where it will be tomorrow.
Step 3: Develop a data-governance strategy
After the data-governance assessment, the governance council should look into creating a vision of where it wants the company’s data-governance practices to be in the next few years, thereby creating a vision for the future. The council should work backward, and create realistic milestones and project plans to fill relevant gaps by establishing key performance indicators to track progress and deliver annual reports to the CEO and the board to validate results.
Step 4: Calculate the value of your data
If companies don’t know what it’s worth, they can’t enhance, protect or measure the value of the data to the bottom line. Data isn’t a normal commodity. It’s like water out of a tap—vital to life yet so often taken for granted. But you can’t calculate the value of something if you don’t know its price.
If you want to calculate the value of your data, build an internal marketplace for data based on user entitlements and the utility of IT services. When everyone in an organization is paying for IT services and data directly, the value of data is part of the business P&L.
Step 5: Calculate the probability of risk
Knowing how data has been used and abused in the past is an indicator of how it might be compromised and disclosed in the future. Every organization has causes, events and losses that are lost in stovepipes, hierarchies and business reports. This data is already available and unused by most organizations. Collecting it, relating its meaning and studying loss trends over time can help any organization transform risk management into a fact-based, business intelligence method for analyzing past events, forecasting future losses and changing current policy requirements to improve your mitigation strategies.
Step 6: Monitor the efficacy of your controls
Data governance is largely about organizational behavior. Organizations change every day, and therefore their data, its value and risk also shift rapidly. Unfortunately, most organizations assess themselves only once a year. If a business isn’t able to change organizational controls to meet demands on a daily or weekly basis, it isn’t governing change.
Data governance is much more than simple security, compliance or risk management. It’s all of them and more. It’s a new composite discipline, bridging organizational stovepipes to redefine the value and protection of data. It’s about how an organization uses data to benefit and protect itself. With high-profile data breaches all over the news, data governance is on every CIO’s agenda this year.
To manage risks, organizations must govern data usage and ensure effective governance by putting in place a consistent method of documenting organizational best practices and technology that supports the human decision-making process. Safeguarding corporate information and using improved data quality will help companies not only keep auditors and regulators satisfied, but also retain customers and drive new business opportunities.
Steven Adler is the director of data governance solutions at IBM and chairman of the Data Governance Council. He has been an expert on the area of security and privacy for the past 1o years. IBM has formed the Data Governance Council with leading companies, institutions and technology solution providers in a global effort to clarify and resolve common data-governance challenges and solutions as they relate to security, privacy, trust and corporate compliance issues.