Demystifying Data Governance

October 15, 2015
455 Views

Data governance can be described, quite simply, as how you oversee your data – which in practice is far from simple. It concerns the management of your data: the storage strategy, the availability, integrity, and security of your data, and the uses to which it is put.

Data governance can be described, quite simply, as how you oversee your data – which in practice is far from simple. It concerns the management of your data: the storage strategy, the availability, integrity, and security of your data, and the uses to which it is put. A complete data governance plan on the enterprise level should include a governing body of some type, and a defined strategy regarding data collection, use, maintenance, and storage – the complete data lifecycle.

Today’s business is data-driven, and ensuring your data is reliable, safe, and accurate, and that it can be retrieved as needed for your business use while safely protected from cybercriminals, is critical to business success in every arena, from development to sales. Having control over that data is of the utmost importance, and to gain that control, you must go through phases of planning, requirements gathering, and business analysis to develop a strategy that covers all the phases of the data lifecycle. This plan constitutes your data governance, and having such a plan should be of interest to anyone who can be considered a “data stakeholder” – that is, anyone concerned in the creation and collection, processing, manipulation, use, or storage of data.

IT people in the process of doing their jobs make many decisions regarding data, in the normal course of events. The IT professionals assigned to that task might choose a type of storage, but if the question is about developing strategic metadata, for instance, which enables reuse of the data in ways that support the business process, these are decisions that need the input of people who use the data to drive business. Ensuring that those decisions are made in the right arena is the job of data governance, and more specifically, of the body or council assigned that role.

Data governance is data’s system of quality control. It scales to the size of the business that needs to enforce it. Whatever the size of your business, you have a need to consider at least some of the following:

  • Various rules that apply to data, from its collection to its archiving and storage, including the relevant metadata
  • Storage
  • Access
  • Input
  • Accountability
  • Monitoring
  • Security

Not every business has a formal data governance plan in place, and not every small business needs one, but every business down to the sole proprietor-freelancer has had to think about how they handle their data. Large organizations need to institute a formal system of data governance, often including a data governance council, under a number of circumstances.

According to the Data Governance Institute, there are four situations, which would absolutely require a formal data governance plan:

  • The organization gets too large to manage data-related activities among multiple departments or businesses;
  • The organization’s data systems get too complicated to be navigated by the people who need to;
  • The organization’s data architects or other internal groups need to support a program that requires an enterprise-level view of data;
  • Regulation, compliance, or legal requirements call for formal data governance.

A good data governance plan will include a governing body, as well as a formal set of rules governing every phase of the data lifecycle.

How to Launch a Data Governance Program?

The goals of a data governance program will include making rules governing data, resolving issues, and overseeing compliance while also ensuring the needs of business stakeholders are met. Getting one started, especially at the enterprise level, can be a daunting task, however. If data drive the business, then there is a lot of it, and most likely, an enterprise is faced with an abundance of outdated, specialized data tools, each of which serves an important function, and none of which talk to each other. Where and how to start, like any enterprise-level undertaking, can cause hesitation, many levels of justification, and a sense of functional paralysis. But there are some commonalities in this kind of implementation to help you build your road map:

  1. Define the business owners of data – specifically, the people who generate and consume data within your organization, and experts in data management. From this set, define a working group that represents a variety of user types. A group like this should have among its members intimate knowledge of how the business uses data, familiarity with existing systems, and expertise in data security and storage. There may be a need for regulatory experts on the staff as well. The group might start by establishing a business case for a data governance program, but even if the program has already been mandated by a regulatory change or another requirement, a working group ensures that the result of your data governance meets your business needs long-term: better data, or better or more secure access to your data, or better provenance – as your business demands.
  2. Define the business goals. Understand who in your organization accesses data, why, and how. Ensure valid use of data is maximized, and security risks are minimized. Be sure you understand what you intend or need to establish using data governance.
  3. Develop a framework in which you understand what pieces are required, and how they will fit together. If you need to retrieve your data a certain way, you want to make sure your metadata supports that, and that all your systems – and perhaps your new ones – support the metadata, and so on. You’ll need to define, if multiple systems are involved, the flow of data from one to another and which system owns which data at which point in the life-cycle, which merely store it, and which view or display it. Policies should support the use of the data, as well as meet security demands while enabling access for established business purposes, including development and testing. Any additional technology, whether hardware or software, should be part of the framework. Systems that exist must still be integrated, and your framework should account for this as well.
  4. Define a limited pilot. This should be something that tests your strategy, and which has a definable scope and criteria for success. While you don’t want a single group to dominate the conversation, you do want a place to test your strategy, to ensure that overall business needs are being met. This allows you to test something out – for instance, a storage and sharing system – on a small scale, and to see what large-scale items don’t work or need refinement. The pilot won’t cover every use case, but it will allow you to see if, overall, your data governance rules will work for your organization.
  5. Know what the measures of success are for your pilot. Your working group will know what those are, based on a broader knowledge of other business areas. It is important to know what the scope of your pilot is and to stay within it. Another important thing will be to have a system to review and implement changes. No large system can be rolled out free of bugs and exactly as needed – but you can use your pilot experience either to force people to limit how they work, or to better the system so people can work better. And when the pilot is complete, follow it up with a well-supported rollout, and expect that nearly every new group you bring on board will find some new gap that needs closing.
  6. Enterprise-level implementation can be done as a series of smaller initiatives, with each rollout an opportunity for improvement. Supply solutions, not workarounds, as you find the troubled areas in your supporting systems and processes. At every stage, stop and verify that the systems and strategy you chose resulted in better data, using clear benchmarks. Each business has its own measure of success, but some criteria that are shared by many businesses include:
    • Data can be loaded into the system, without regard to its origin or structure.
    • Data can be accessed by users and applications in defined and approved ways, and when that access is appropriate, it can be done simply and without system issues.
    • Data is valid.
    • Multiple systems recognize the same data in the same ways.
    • Data is safe.

Why it Matters to Business

Information is an asset, and assets need to be managed. A limo fleet takes care of its cars, and numbers each one, and knows where it is at all times, and those who need to can always contact the driver of it. It’s the same with any asset: you want to take care of it, know where to find it, have something to call it, and so on. Data governance allows you to track and manage your data assets.

Though your data is an asset, it has no value if it can’t be used, or if it can only be used in a limited way. If your systems can’t connect because although they have the same data, they have it structured differently, it will be a drag on your productivity. Clear, consistent, predictable data that can go across systems gives you options for using and comparing your data in ways you weren’t able to before. In order to have data that is defined and structured predictably throughout the organization, you need to have control over your data, or data governance.

Analytics can’t be performed with bad or unreliable data. Your data processing systems need predictable data to work – most errors are a result of bad data, not software problems. Creating and enforcing data standards ensure that data can be shared between systems, reducing redundancies and allowing comparison of a broader range of data for better results in analytics and processing.

Data rules also determine how information can be searched for and retrieved, as well as who can do so. Access rules are a crucial piece in any business security plan. Data governance also defines levels of access and account shutdown procedures.

Data Governance Strategies

If compliance or a security breach is the motivator, the goal of data governance may be to increase control and limit access. In that case, a focus of the data governance plan would be to define levels of access and qualifications, while ensuring that those who need it have the access necessary to perform their jobs.

Conversely, data governance may be driven by a need for better systems integration and data sharing and flow. In this case, the strategy may focus more on normalizing data and tagging it constructively than in hierarchies of access. The strategy would focus on normalizing and tagging data for retrieval, particularly when the data comes from multiple sources and formats.

In defining data governance strategies, they each run along two axes: that of control on one axis, and on the other, access. The challenge is often to find the balance between open access and effective security. In addition, whatever strategy you employ, and whether you have a formal system in place or not, you have certainly had to think about your data; how to collect it, how to retrieve it, how to store it – in short, how to use it. That is what data governance is about.