on 11 March 19
Whatever the size of companies operating in current times, chances are that their IT departments are no longer the sole custodians of enterprise data. Business users everywhere have more and more access to various types of data and information from various sources. They need this data access in order to operate more efficiently and in order to be able to make decisions faster. They also want their data to be more portable, so that they can transfer it from one device to another easily, or share it with other users quickly and on-demand.
Many enterprises have already responded to some demands by creating BYOD (Bring Your Own Device) policies. But with the rapid and sudden proliferation of smartphone and tablet-based apps, and freeware for all sorts of specialised business purposes, the democratization of enterprise data has moved to a different scale altogether. With the Internet of Things also already here, there's a deluge of data pouring in from various sources. With these advances, new challenges continuously present themselves in the form of data security issues, data versioning issues, data privacy issues, and data ownership issues.
We've moved past the era of trying to decide how to better keep data tightly secured within the realm of the IT department and the notion of it's sovereign infrastructure. The data is already out there and it's freely flowing around. Progressive enterprises have shifted focus from merely how to keep data in centralized control to how to provide a different model of governance for the democratic flow of data, given that this flow is going to happen anyway.
Dealing with the challenges presented by data democractization requires a management perspective and a solution that creates order along the three usual axes of people, processes and technology, and addresses the why, what, where, which, when and how questions that help define the governance framework.
"People" refers to the data governance organization.
- Who owns various elements of data and information, and how do they interact and relate to each other?
- Is there more than one chief owner?
- Who are the authorized producers (or releasers) of data?
- Who are the approvers of those releases?
- Who are the reviewers and testers of data?
- Who can update data?
"Processes" refers to management system around the production and flow of enterprise data, and largely answer the "how", "when" and "where" questions. How will data be controlled and secured as it flows in and through the enterprise? - What are the points at which it comes in?
- Where will it be stored, and which downstream users have access it?
- From where will those users access it?
- When will they have access?
- What happens to released data that is manipulated locally?
- How are updates and versions controlled so that the right data is available at the right time?
- Do any business processes need to be tweaked in order to adapt to data needs and realities?
"Technology", of course, refers to the entire set of IT hardware and software that acts as the enabler of the processes and systems.
- What is the architecture philosophy to be followed?
- What combination of products and technology services/activities best provides the capabilities that the business need?
- What training and know-how do we need to use these products?
- What tools or apps should the business be dissuaded (if at all) from using because of known drawbacks that might impact them adversely?
- What modifications does the existing IT governance need?
- What new standards, guidelines and best practices should be created and made available for users who process data themselves?
While this is by no means an exhaustive list of questions, it is simply meant to provide some starting pointers to the paths that need to be traversed in order to ensure that enterprise data governance is ready for the new age of data democratization.