In today’s digitised world, data is stored and processed across an increasingly broad range of locations. Whilst before organisations had their own data centres to host all of their data, many organisations now store multiple data types across a complex strategy of on-premise, in-cloud and SaaS solutions. In addition, companies often have hundreds of applications, each generating, manipulating and storing data volumes that are growing exponentially. With the ability of any employee to subscribe to new apps and services in a matter of seconds, many businesses have also lost control of their IT estate.
Both of these issues can create a huge problem when it comes to data governance. IT and governance teams are totally out of the loop when it comes to data generation, where it is stored and where it is shared, leaving the potential for severe cybersecurity breaches. This was exactly the case in Pennsylvania in April 2021 when data was leaked from Insight Global, who were contracted by the Pennsylvania Department of Health to provide a COVID-19 contact tracing service. Employees using several Google accounts, rather than in-house platforms, were sharing the names, email addresses and other personal data of 70,000 patients across a prohibited collaboration channel, which was then accessed and leaked by unauthorised individuals.
Data governance is, therefore, a crucial part of any cybersecurity strategy. It is crucial that IT teams know exactly what data is being generated and where it is stored to ensure that it is properly protected. Taking it to the next level, data governance can also provide organisations with highly valuable insights into their data. These insights allow for major improvements to be made across an organisation, not only in terms of compliance, but also for decision making and growth.
The trouble with tools
To keep data secure and protected whilst reaping the benefits that effective data governance offers, organisations are investing in software tools in large numbers. However, many of these organisations quickly become frustrated with their new technologies, which promise the world but deliver very little value.
Some of these issues are a consequence of the difference between modern and legacy technologies. Organisations frequently make the mistake of investing in legacy governance tools that were designed for an environment where organisations hosted all of their data within their own data centre. These tools generated business value when applied to datasets that were much less voluminous and scattered than the data sets that most organisations hold today.
In addition, many of these tools give little insight into where violations might exist and simply produce a CSV of objects. For example, they struggle to tell the difference between Personal Information (PI) and Personal Identifiable Information (PII). This immediately devalues the process because, as PI data doesn’t identify a specific person, it isn’t as critical when identifying governance violations. Therefore, users are forced to manually filter and differentiate between PI and PII data, adding a huge complexity to the process.
All too common are the delays in or failure of data governance projects that waste budget and resources. These poor experiences often result in a reluctance in reinvesting in such projects to avoid falling into the same trap for a second time, leaving many organisations unable to implement an effective data governance strategy and without any value derived from their data.
Finding the right tool
Amongst the myriad of data governance tools on the market, it can be daunting to know where to start and how to find the ones that will derive the most value. To make it easier, here are the top three criteria that your data governance tool should have:
- Discovery and classification as its starting point
Ultimately, if the tool does not start with discovery and classification, it will not derive any value. No data governance strategy can efficiently use, manage or protect your data assets without first identifying what data your organisation holds and where it is stored.
- A single platform
Wherever your data is stored, a data governance tool should enable organisations to view, classify and correlate it – otherwise, no value can be added to the governance process. Ideally, this should be possible from a single platform to remove any unnecessary complexities.
- Show where PII is being held
Effective governance tools will enable organisations to correlate their governance processes across all data sources to show where PII is being held. This makes the outputs much more accurate, so in a scenario where there are 20 million potential violations, users can immediately identify which of them are PII and thus, the most critical.
This criteria represents the gold standard for where data governance needs to start. Just because you have tools doesn’t mean they will support you in what you need to do, unless you have invested in the right ones. Tools that blend discovery, classification and correlation from a single platform will drive value and organisations can reap the benefits from an effective and successful data governance project with the guarantee that all their data is secure and protected.
Michael Queenan is the co-founder and CEO of consultancy-led data services integrator, Nephos Technologies. A decade ago, Michael and his business partner Lee Biggenden identified a gap in the data market for a services-led integrator to guide the largest organisations through the complex process of data strategy, governance and analytics. They believed this expertise would enable their customers to drive business growth, compliance and insights from their data assets.
In 2012 he founded Nephos Technologies with Lee, to provide true expertise and value around data integrity and challenge organisations to think differently about one of their most valuable assets. As CEO, Queenan plans Nephos Technologies’ future strategy and direction, identifying trends 24-36 months ahead of time and building centres of excellence to deliver on those trends.