Data Governance – Not Just For Big Business Anymore
Perhaps size used to matter – up until recently, many people seemed to think that data governance was a practice reserved for large organizations. It is possible this might be because smaller organizations did not typically deal with large amounts of data. In turn, the senior executives at small-sized and medium sized businesses were either not concerned about the risks of ungoverned data management, or if they did, did not have the proper discipline to handle recurring data issues in a formal way.
And even where there was recognition of the value of data governance, informal methods might have been sufficient to enable those smaller organizations to meet their business needs. Perhaps a smaller number of fingers in the “data pot” were enough to gain consensus about data element names, definitions, and semantics, or about observing corporate data policies.
But (adopting the words of Bob Dylan), the times they are a-changing. Small organizations are growing their data analytics programs, seeking out new and diverse data sources, ingesting massive data volumes, and ratcheting up their reporting and analyses. Companies with few staff members are able to leverage a variety of cloud services and cloud data sources while also collecting data on their own, and as a result are performing analytics tasks to service their clients in ways that only large organizations could have in recent past years. And if small companies are capable of expanding their data horizons and touching greater data volumes, medium-size organizations are also intensifying their data analytics activities.
Of course, increased data consumption exposes these organizations to increased data risks associated with privacy protection, data security, compliance with data use agreements, compliance with industry standards, and regulatory compliance – the same compliance issues that big businesses need to address! Consequently, small and medium businesses are going to be confronted with many of the same daunting data governance requirements as their larger competitors.
Smaller businesses may be more nimble in attacking their data governance challenges, especially when getting buy-in from key stakeholders, adopting methodologies, and gaining consensus for metadata definitions. Yet data governance does require guidance, resources, and perhaps most importantly, discipline. And, as we have been hearing on our briefings with a number of technology vendors whose products are engineered to support data governance programs, some best practices are emerging that can guide organizations of all sizes in tackling their governance needs by organizing their data policies according to business priorities.
Externally-imposed business policies (such as observing industry standards or regulatory compliance) embed data requirements. Data governance practitioners apply an iterative approach to iteratively decompose the inherent data dependencies associated with the business directives, and can employ technical methods to implement data standards and business rules. Each iteration is tackled in priority order based upon the organizations business objectives and requirements.
This means that instead of attempting to impose a bunch of ambiguous high-level data policies from the top-down, the data governance team can identify the most pressing areas to tackle. The approach ensures that only those areas of significance to the business are dealt with – helping make sure that members don’t get bogged down with minutia that distracts from the success of the business. The data governance team can avoid being overwhelmed by addressing the most critical issues first and capitalize on lessons learned while growing the data governance practice.
A growing cohort of data governance tools help link each low-level data standard or rule with the governing data and business policies, and enable corporate-wide collaboration for all aspects of definition, agreement, deployment, and continued monitoring of data policies, standards, and rules. Some employ business-rule engines to continuously monitor compliance with data rules; some tools increasingly adopt machine learning algorithms to assess data sensitivity (supporting privacy protection), identify data anomalies, or find patterns in data that might be indicative of potential compliance risks.
Yet how can those small organizations implement the necessary infrastructure for governance, given their limited staff and resources? Fortunately, a number of the vendor data governance solutions are available as cloud offerings. This allows smaller organizations to leverage remote infrastructure and services of the host provider, often eliminating the need for increasing organizational staff. Some vendor solutions are configured to support particular industries and perform validation checks ensuring the consistency of the organization’s data with the corresponding industry data standards and making sure that compliance requirements are met.
Technology solutions do not eliminate the need for discipline and vigilance. However, the maturing cadre of data governance tools will help simplify the process. And as more of these solutions are made available through the cloud, the corresponding costs of data governance will decrease while allowing smaller groups to have access to many of the same capabilities that only larger organizations could afford or implement.