August 13, 2019
August 13, 2019
The speed of change is so quick that it is easy to forget that modern, mainstream technologies and business practices are often still relatively young. For example, that smartphone in your pocket didn’t exist 12 years ago. Neither did the widespread term that has become common in the boardroom and vital to modern businesses: data governance.
Data governance refers to the set of people, processes, and technologies required to ensure that data is managed as a corporate asset. The standard methodology of data governance involves making sure a company’s data is always available, secured, and providing value to the business throughout its lifecycle.
The initial business cases for adopting data governance as a standard operational protocol included a growing information overload problem, and the realization that there was both opportunity and risk involved with the exponential growth in data volume available to companies. With the adoption of the internet and other technology, suddenly there was the opportunity to derive valuable business intelligence from this data, and the risk of potential legal exposure stemming from unmanaged, undiscovered data falling into the wrong hands.
Around 2005, in the earliest days of data governance, the term was defined as “data in databases that we control.” This definition has changed wildly in the intervening years, thanks to the proliferation of smart phones, cloud computing, and the Internet of Things, as well as the need to be able to manage unstructured data—another term for information that is not held in databases. It has further evolved thanks to new definitions proposed by standard-setting organizations that recognized the increased value of data sets. All of these factors have made data governance more difficult because of the increased volume and variety of data, and the velocity at which data is generated, stored, and mined for insight.
New, strict privacy regulations such as the European General Data Protection Regulation (GDPR) and California’s Consumer Protection Act, paired with the ever-expanding and complex threat landscape, make meeting the goals of data governance more difficult than ever for those charged with the task.
Data governance evolved over time into a set of competencies, as can be seen by the Data Management Association’s functional data governance framework. Successfully implementing these functions would give organizations the ability to effectively manage the data deluge that companies have come to expect and to derive powerful new competitive advantages through the use of business intelligence (BI) and analytics.
Today, however, the objective of data governance is changing once again, as enterprise security risk becomes a tier-1 board concern and data security and compliance emerge as two of the greatest sources of this risk for companies.
This introduces two problems:
Overcoming these problems requires a change in mindset. “Classic” data governance has opened up a world of opportunity for businesses to benefit from BI, artificial intelligence (AI), and digital transformation. However, none of these modern advancements will deliver the anticipated benefits if implementing them opens up the enterprise to excessive risk.
To reap the benefits of BI, AI, and digital transformation, organizations today must embrace a new model of risk-centric data governance, and the board can help those leading the data governance function by pressing for change. This is how organizations can overcome the two challenges articulated above:
Data is the currency of business today. It is also the greatest source of risk. By ensuring that the data governance leaders at your company adopt a risk-centric approach to data governance, companies can reap the full rewards of next-generation data initiatives without unintentionally introducing massive new sources of risk.
Julie Talbot-Hubbard is the general manager and global vice president for Identity & Data Management at Optiv. Interested in hearing more from Julie? Register to attend the 2019 NACD Global Board Leaders’ Summit. She will speak on an “Ask the Experts” panel on cybersecurity and data privacy.