Data Governance, also sometimes called IT Governance, is a key part of storage administration. And clearly, IT governance overall is closely linked to data governance: IT is an integral part of any data governance project.
Data governance is a framework of policies, processes, people, and technologies that enable an organization to formally manage its data assets. Front-end planning is critical to achieving organizational governance, which involves multiple stakeholders and has a wide impact on people and processes.
Data Governance and the 9 Sub-Domains
Most organizations start their data governance initiatives in response to a serious threat. Common high-level threats include costly non-compliance, security breaches, litigation, the inability to run analytics, and the high cost of discovering dark data.
Comprehensive data governance involves nine distinct sub-domains. Each sub-domain takes intensive time and resources to work toward governance, but few organizations will need to do them all. And no organization will try doing them all at once.
|9 Sub-Domains||Definition||Governance Driver|
|1. Data architecture management||Database models that support information governance and data visibility. Components include data models, planned table structures, efficient workflows, and integration.||Siloed databases with different schemas and quality levels. Original DBAs may have left for other pastures, taking their specialized IP with them.|
|2. Data development||Store application development information including procedures, test configurations, user-defined functions, XML artifacts, SQL scripts, and web services.||Poorly documented application development leads to fractured coding and guesswork as original developers change jobs or retire.|
|3. Database operations management||Establish management policies around database operations. Typical policies include controlling database environments, performance levels and service delivery, data protection, lifecycle management, and licensing.||Lacking consistent management policies, different databases have differing levels of data protection, security, and service level delivery.|
|4. Data security management||Organizations institute physical and digital security across all data. Cybersecurity includes physical and digital security controls and monitoring, anti-malware, and strong user authentication. Physical security requires hardened data centers that are protected against unauthorized personnel.||Businesses who suffer criminal attacks can’t pawn off the consequences on the criminals. The business is considered at fault if strong security measures were not in place.|
|5. Master data management||MDM creates an authoritative source of master data by deduplicating and standardizing data and incorporating rule-based policies that keep incorrect data from entering the system. (Note that MDM is a governance sub-domain, not data governance itself)||Departments and individuals may use their own methods of recording products, accounts, and parties in business transactions. This makes it very difficult to transactions using different identifiers for the same entity.|
|6. Data warehousing / big data for business intelligence||Centralized data supports BI by streamlining the analytics process. Businesses invest in data warehouses and/or big data frameworks like Hadoop to enable comprehensive BI analytics.||Consolidating structured and unstructured data into storage pools allows analysts to extract BI from both types of data.|
|7. Enterprise content management and document management systems||ECM is a comprehensive system for storing, sharing, indexing, and auditing corporate data. DMS is a simplified subset of ECM. It centralizes common types of corporate data into a secure document repository and monitors lifecycles.||ECM and DMS counter the phenomenon of dark data, where the organization stores large amounts of information that it cannot find or is unaware that it exists.|
|8. Metadata management||A consistent process for defining and enforcing metadata schema and models.||Searches are expensive, time-consuming, and prone to error without a consistent scheme for identifying metadata.|
|9. Data quality management||DQM monitors the quality of high-value business data for timeliness and accuracy. Typical DQM technologies include data cleansing, data profiling, and MDM.||Sending wrong or incomplete data to partners, analysts, end-users, or applications results in loss of reputation and even non-compliance fines.|
Building Holistic Data Governance
· Assessment and framework. Comprehensive governance starts with the will to establish a master governance framework, and the will originates with the senior executive council. The council works together with IT and business unit executives to define processes that put priority systems at risk. A formal assessment analyzes current governance measures and suggests and prioritizes governance projects. The project committee and partners methodically communicate the project and its importance to employees.
· Policies and Technology. The governance team prioritizes projects from the assessment report. Prime considerations should be to lower the risk of poor data security and non-compliance, to save on the high cost of inefficient data processes, and to gain significant business intelligence from previously invisible data. Project teams usually work with consultants and outsourcers to plan each project and its attendant tools, technology, and training.
· Oversight and roadmaps. Corporations do not achieve comprehensive governance overnight. Each organization needs to balance risk against resources when considering a governance initiative. If a mission- or business-critical domain presents a high risk to reputation, data loss, or compliance, then establishing governance is worth the resources. And once the hard work of governance is in place in one domain, it becomes simpler to extend it to others. Establish governance project roadmaps on additional areas as needed. For those areas where the corporation has established data governance, carry out an assessment review every 1-3 years.
Business Use Cases for Data Governance
Compliance is a common driver for governance initiatives. Two highly regulated industries are particularly involved with governance initiatives to stay in regulatory compliance, healthcare and financial services.
One of healthcare’s priority governance projects is complying with HIPAA, which regulates how the U.S. healthcare industry collects, stores, communicates, and transmits protected health information. Since the regulations affect nearly every IT domain related to healthcare, being in HIPAA compliance covers a range of data activities.
As more medical information is digitized, the importance of governing electronic PHI (ePHI) grows. HIPAA requires careful handling of electronic records including secure backup and restore of ePHI data, frequent verifiable backup, encryption for in-transit and at-rest, backup to a secure remote site, and documenting all policies and procedures.
Financial institutions are subject to several national and state regulations. Key national regulations include GLBA that protects personal financial information, SOX that protects investors by regulating corporate disclosures, FINRA for business continuity and DR plans, and SEC for secure securities transactions.
In addition, New York State passed a comprehensive set of cybersecurity regulations called NYCRR for all businesses subject to the state’s banking, insurance, and financial services laws. Other states are likely to follow suit.
Financial firms face real challenges as they try to match their governance projects to regulatory requirements. Common obstacles for these firms include employee error, insecure laptops and mobile devices, non-compliant cloud providers, and outdated and/or obscure regulations. But like HIPAA, agency investigators take a dim view of an unprepared and non-compliant financial service firm.
Data Governance Benefits
Businesses benefit from data governance internally and externally. Internal governance saves time by replacing inefficient processes with highly effective and consistent procedures. External governance keeps organizations in compliance and enables companies to improve their business reputation with highly efficient and trustworthy processes.
· Effective processes and highly trained employees save time and cost, and lower risk.
· Data visibility and management enables organizations to comply with regulations and industry best practices. Should there be an investigation, the company can quickly deliver verifiable results.
· Standardized data management across the enterprise improves information sharing and collaboration.
· Centralizing business data in data warehouses or big data pools enables analytics and BI, even on unstructured data.
· Revenue increases with more effective processes, and the ability to act on new business insights.
Data governance is a big project – indeed, a series of big projects. Even so, data governance is possible for any company and IT organization who are committed to making changes for improved productivity, greater revenue, and diminishing risk.