Why enterprises need to think about data governance

How companies can get to grips with their data governance strategy, implementation, and compliance

Data is increasing at a rate never before witnessed. Exabytes and zettabytes of data are now regularly talked about and organisations need to deal not only with the volume of data, but also data governance.

With GDPR due to come into force in the UK on 25 May 2018 (despite Brexit), there is a real need for organisations to think and actually do something about data governance. But where should firms start?

Advertisement - Article continues below

Issues around data governance include the software costs, management consulting costs and technical implementation costs, and the promise of return on investment from data governance needs to be cast iron.

Another issue is that good data governance looks different for different industries, accrding to Dan Telling, managing partner at data consultancy Bench.

"What is good for a pharmaceutical company may be quite different to what is good for a retailer," he says.

"It also exposes a failing in traditional approaches to data value management projects as common wisdom would ask an organisation to consider people process and technology."


One of the biggest challenges organisations face when trying to get a handle on their data is understanding what they have, where it lives, who can access it, who has been accessing it and how has that access been used, says John Hughes, enterprise director at Varonis.

Advertisement - Article continues below

"With the upcoming GDPR regulation, organisations will be tasked with shoring up their data governance, and that includes identifying files containing sensitive data, reducing access on a need-to-know basis, monitoring access and ensuring the data is properly disposed when no longer necessary to operations," he says.

Advertisement - Article continues below

Creating a data governance strategy

Hughes says that a data governance strategy first starts by "turning on the lights".

"Organisations cannot protect what they cannot see. They do this by classifying their data, assessing where it lives, who has access, how they were granted access and what they are doing with that access."

There should also be a corporate policy in place with named and accountable data owners. "Ownership should be at board level, preferably the CEO. The policy should cover all three sides of the triangle, Availability, Integrity and Confidentiality. This should cascade down to documented procedures and guidelines. All staff should have mandatory data training," says Manish Trivedy, an ITSM consultant at Soitron. He adds that availability should include critical systems for business to continue functioning, including links to its business continuity and disaster recovery.

Steve Murphy, SVP and general manager EMEA at Informatica says that it's important to make sure data governance tools are unified across the enterprise so that everyone can get the best out of them.

Advertisement - Article continues below

"A single comprehensive solution will reduce running costs, decrease time-to-value and improve business outcomes. Data governance that combines technical data on the backend with a business lens on the front-end results in programme and business agility," he says.

Implementing strategy

When it comes to implementing the newly-created data governance strategy, organisations must get a clear picture of their data landscape. "Next, they need to identify how that data is processed across business systems, where it is stored and how it travels," says Murphy. Automating data discovery is a good way of achieving this, as the data landscape of a business changes constantly, and humans cannot process that data in real time. An automated data discovery and management approach speeds up the process and increases its accuracy based on varying data inputs.

Advertisement - Article continues below

Nick Coleman, global head of cyber security intelligence at IBM, says he would advocate referring to a target Data Governance (DG) operating model (people, processes, technology and data) to know what good looks like, and drive out the gaps.

Advertisement - Article continues below

"We frequently produce a heatmap for clients to help visualise this information," he says.

He adds that in doing so, this will identify both 'quick wins' and longer-term objectives that organisations can work towards. "As the most significant positions are filled within the Data Governance organisation, then the establishment of metrics and decision-making bodies can begin," says Coleman.

Getting the benefit

With a data governance strategy in place and operational, Murphy says this can help companies develop a unified approach so that all data sources can be exploited for common goals, with siloes between departments removed and collaboration across international boundaries improved. "In turn, a holistic view of data supports companies [to] improve customer service. Having a single source of information means organisations can pre-empt their likely purchases or the problems that they're trying to solve. By responding to these needs, it's much more likely that revenues will increase and clients will be engaged. Good data makes for a successful business," he says. But Murphy warns that pitfalls come when trying to change the existing culture to make room for this new, unified approach, as doing so requires a change in how different stakeholders store and use information. "CIOs in particular need to take responsibility for leading the change and helping employees to get involved - data governance is a cultural shift as much as a technology project," he says.

Advertisement - Article continues below

Ken Krupa, CTO at MarkLogic says there are caveats to be mindful of when implementing governance programs. "The boil the ocean' mentality must be avoided at all costs. Agility and incremental successes are key."

"Additionally, if the data governance program focuses more on the governance part and not enough on the data part of the equation, there's a risk of creating an internal bureaucracy that may achieve the opposite of what is intended," he adds.

The future and GDPR

With GDPR looming in the future, crippling fines could be imposed on organisations that don't get a grip on data and its governance.

Alastair Broom, UK security practice director at Logicalis, warns that the regulation also introduces the right to be forgotten' where EU residents can request the deletion of their personal data, if there's no compelling reason for it to be held by an organisation.  

"This will drive the requirement for information lifecycle management, so that data is managed not just through creation and use but also through destruction," he says.

Advertisement - Article continues below

"This will prove a big challenge, as it is very easy to create data, but once it is out there, it is much harder to track down all instances of it and ensure it has been deleted."

Having data governance in place will help organisations establish the rules and help avoid hefty penalties.

Main image credit: Bigstock

WATCH: Learn more about the security threats facing businesses today and how to combat them in this free webinar WATCH NOW

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020

The growing case for IT flexibility

30 Jun 2020