Intelligence and compliance ­depend on data governance

June 2018 Editor's Choice, Information Security, Security Services & Risk Management

Data governance is nothing new, it is simply the process of managing your data in a way that is convenient and accessible to you. Data governance is why a company sorts its documents alphabetically in a filing cabinet or buys a CRM (customer relationship management) system to manage its customer data.

Gartner defines data governance as: “The specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organisation to achieve its goals.”

Today, data governance is also increasingly being forced on organisations and even individuals by legislation designed to ensure the safe and legal capture, storage and use of data. Unfortunately, the growth of data in all its forms caused data governance to become increasingly complex, to the point where it is a skill in itself.

Maureen Grosvenor.
Maureen Grosvenor.

APPSolve is a technology consultancy offering advisory and technology services to clients, including in the business intelligence (BI) space. APPSolve director, Maureen Grosvenor, says that over the years the company has been in operation, it has always included data governance in its services as it’s a necessity if you want to obtain good BI from your data.

Of late, however, Grosvenor says governance has become a service on its own because of the amount of data companies collect and the challenges in structuring it in a way that delivers value. Data governance is not simply a technical issue, but more of a business issue that requires planning and strategising to ensure your data is collected, stored, accessed, archived and deleted in a manner that supports the business and meets legal requirements.

It’s an asset

Data today is no longer seen as something you collect while doing business, but most companies recognise the ‘gold mine’ they have in their data and see it as an asset. How you handle this asset will impact on the performance of your company as it relates to running the business, and impacts customers, staff and suppliers. The old cliché of ‘garbage in, garbage out’ is more relevant than ever, and the consequences of ‘garbage data’ today translates directly to the bottom line.

APPSolve’s Tessa Lillie, who is currently doing a PhD in data governance, explains that there are different approaches to governance. In the financial market, for example, the primary goal may be regulatory compliance, which has been a growing challenge since 2008 when the Basel Accord regulations were updated (known as Basel III).

And while the Basel III stipulations go far beyond data governance, the risk management demands require effective management of financial companies’ data. And to repeat, while IT plays a large role in data governance, the technology must be led by business-risk considerations.

Lillie says data governance requires a strategy, approved by the highest ranks in the company, that determines how data is used in an integrated manner across the board in the organisation. In most companies this does not exist and each department will have its own silo of data that it collects and uses for its purposes. The starting point for data governance is therefore finding out what data you have, what format it is in, and then devising a strategy to integrate it and manage it effectively.

Getting it done

The process of implementing your data governance strategy is far from simple. As noted, each company has various silos of data, some structured and therefore easier to manage, and some unstructured. Unstructured data could be the data individuals store in spreadsheets on their computers, or it could be social media data collected to determine market trends, for example.

The initial discovery phase should be used to find all of it, decide what data is important to the business and then work out ways to ‘clean’ the data and integrate it into a better and more manageable solution. By cleaning data, we mean getting your data consistent. For example, ensuring that city and customer names are spelled correctly, that identity numbers all have 13 numbers that correspond to the official structure of these numbers and so on.

Grosvenor adds that you can’t do it all, meaning that unless you are a small company, you can’t incorporate all the data in a business in the governance project. You have to decide what is necessary and required and start with that. Perhaps one could start on financial systems and the related data and ensure it is all 100% before moving onto the next department?

This, according to Lillie, means it is vital that you understand the value and meaning of the data to your business. The data architecture designed should then marry the data’s value to the business requirements while also tying the technology used to the business value attainable from the information.

A key element of data governance is not simply to make the data look nice at one particular stage of the company’s existence, but to align business and IT to ensure that data collected in the future will be captured and treated according to the new rules – data governance is a huge project and you don’t want to have to start at the beginning every few years. This means aligning the strategic, tactical and operational levels of your data strategy and keeping them aligned.

As an example, she says that companies often have a well-managed database of information, but then someone would pull data from the database to populate a spreadsheet they are working on. Data would be changed or added, but not updated back to the main data store, leaving two sets of different data – starting the problem all over again.

Everybody needs a data governance strategy

While the financial industry has its own set of regulations it needs to comply to, the same can be said for every company in South Africa that collects information. The GDPR, for one, requires every company dealing with EU residents to have a handle on their data to ensure the personal data of residents is secured according to the legislation’s guidelines.

On the local front, the Protection of Personal Information Act (PoPIA) will also require similar data standards to be in place, and these rules apply to everyone in South Africa (as well as juristic persons) and failure to observe them can result in stiff fines or even incarceration.

Unfortunately, Grosvenor notes that PoPIA is going to be a data wake-up call for many South African businesses as they discover how out of control their data governance processes actually are. In fact, some companies may choose to pay the fines as they would be less than the cost of getting their data under control (did we mention that data governance is a huge task?).

On a journey

Grosvenor concludes that data governance is not a simple project, but a journey. The more data you have stored in different places and formats, the tougher the process will be. The key is to devise a strategy and get on with it. You may not get it all done at once, but you need to start and follow a strategic process to get it done over time, ensuring that the wins you have attained are maintained as you integrate new data and data sources.

For more information, contact APPSolve, +27 (0)12 743 5115, [email protected], www.appsolve.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

Read more...
Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Read more...
The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Read more...
Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

Read more...
AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
From the editor's desk: AI and events
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Surveillance Handbook. Reading through this issue will demonstrate that AI has undoubtedly made its mark on the surveillance industry. Like ‘traditional’ video ...

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...
The TCO of cloud surveillance
DeepAlert Verifier Technews Publishing Surveillance Infrastructure
SMART Security Solutions asked two successful, home-grown cloud surveillance operators for their take on the benefits of cloud surveillance to the local market. Does cloud do everything, or are there areas where onsite solutions are preferable?

Read more...