If data isn’t managed well, your organization could be at significant risk. This list will help you spot areas where your data governance may fall short.
One thing we all can agree on is that hindsight makes things much more clear. When we’re discussing and reviewing past issues in technology systems and failed projects, we can usually make a data path to the problem. Data governance issues can exist in organizations of any size, but if you don’t know much about data governance, that’s an indication of a potential issue.
Especially as company data sprawls and grows more complex, there is a growing global initiative to get data governance and management under control, regardless of data size or profile. I came up with this list of 10 indications that you may have a data governance issue; with this knowledge of common data governance problems, you can hedge off many data issues in your organization!
1: You have pockets of adoption
When it comes to data and its access, pockets of adoption may not cut it. If you hear this type of conversation, keep in mind that it takes only one problem spot to cause a data handling issue. Adopting data governance has to include the entire cycle and scope of the organization. The reality is that it takes just one system to improperly handle a piece of sensitive data and cause an issue.
2: There is no internal data dictionary or business glossary
The notion of a data dictionary is usually implemented on database systems and enterprise applications. But with as many systems as are involved in today’s complex web of IT systems, it becomes a priority to ensure that all data dictionaries and business glossaries are the same. How often have you been in a situation where a field or term in one department is not the same as in another department? That’s a different issue, but the principle is the same: It’s a good idea to have one data dictionary for the organization and ensure that applications and their data profiles are modeled around that dictionary for data standardization.
3: There is no data steward
If you can’t answer the question of which person or group is in charge of data administration for both definitions and data quality management, that’s a sign of a data governance issue. The data steward isn’t usually the person or group that purchases the hardware or does the backups but is the one in charge of making sure the right data is presented in the right places, the data is correct, and its lifecycle is managed correctly. Part of the lifecycle includes data archiving and eventual deletion. Who addresses these topics in your organization? Make sure you have at least one data steward with clearly delineated roles and responsibilities.
SEE: How do I become a data steward? (TechRepublic)
4: There are multiple data stewards
Somewhat the opposite of the point above, it is altogether possible that two groups are staking claim to the role of a data steward. While this is more of an organizational problem, it may increase the risk of things falling through the cracks or being incorrectly governed if roles are not clearly defined. This can be especially problematic in a data deletion situation, where one group needs the data and another group doesn’t need it. Multiple data stewards can coexist but only if they are each responsible for clearly-defined projects, data sets, and/or data use cases.
5: Multiple systems access governed data
Interoperable systems play a big part in our application and infrastructure profiles today. While we do good things like using strong passwords and common authentication models, we may also have poorer practices like not letting all steps of the process take requisite care of the data. This can include storage systems, file share permissions, lack of encryption in connected systems or related technologies that we may not even think of, such as logging and command-line interfaces. This is especially relevant for administrative tools, such as remote command-line interfaces or debug logging systems for critical applications. Generically speaking, there can be logs or session data that may include credentials, data and more kept on local PCs or other server systems.
6: Some issues are “too difficult to correct”
If it is too hard to fix a data issue, and it seems better to simply keep working around the issue, there may be big limits to that mindset. These types of technology situations can cripple businesses over time as operations and data use cases evolve. Imagine that the size of the business doubled or tripled: would these workarounds still seem valid?
7: Operational limits are causing failures
If operational situations arise where organizations can’t close the books quickly enough due to multiple systems and workarounds, data issues may be slowing the organization down. This can lead to other organizational failures around coordination due to the multiple systems in use.
To be fair, we live in a world where organizations acquire and divest companies frequently. This organizational behavior makes these data situations more common, even if for retention and archival reasons. In these cases, regular audits and detailed documentation are helpful ways to avoid problems that are rooted in operational visibility issues.
8: Regulatory needs have changed
We also live in a world of constantly changing and evolving requirements for regulatory compliance. Financial services, insurance, medical organizations and others know that this is a serious responsibility. If a data profile is in-scope for any regulatory or compliance requirement, it’s important to know where the new boundaries are. This can mean additional costs to go through the compliance drills as well as any corrective actions, but it’s a reality for the businesses we are operating now.
9: Correction processes are too difficult
A sign of mature data management empowers non-data stewards and other end users to start corrective action procedures for data. Corrective actions include fixing incorrect classification, addressing the improper handling of certain data and matching up data that is duplicated. If this process is too complex and not intuitive, users will not do it. It’s that simple. The process doesn’t necessarily need to be completed entirely by end users in the organization, but a work request to data stewards can greatly improve the overall data quality in an organization.
10: There’s a lack of data stewardship flow
Having a clear protocol for how data will be handled by a data steward is a great starting place for effective data management. Three key areas include specifying stakeholders, enacting data stewards and implementing technology to tend to data. The company must be able to implement corrections to data as it exists in this lifecycle.
Data quality is where it’s at
There’s no disagreement that data is a critical part of technology. Especially as data is growing massively, there is a significant risk if that data is not managed well. The risks are many and you can surely identify your own. How can we make data better? Do any of these catch points exist in your organization? What other indications would you offer that may point to a data governance issue? Organizations of varying sizes and maturities will likely find that one of these problems exists in their organization and needs to be addressed for better data governance.
Top 3 GRC Solutions
1
RSA
RSA Archer removes silos from the risk management process so that all efforts are streamlined and the information is accurate, consolidated, and comprehensive. The platform’s configurability enables users to quickly make changes with no coding or database development required. Archer was named a Leader in Gartner’s 2020 Magic Quadrant for IT risk management and IT vendor risk management tools. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave.
2
StandardFusion
StandardFusion is a cloud-based GRC platform designed for information security teams at any sized organization, large or small, to easily manage risk, compliance, audits, & vendors with an intuitive user experience and top-ranked customer service. Our mission is to make GRC simple and approachable for any sized company.
3
ThreatInsight
ThreatInsight: This security monitoring assessment tool collects logs and gives you insight into your organization’s threats. MSPs use it as a sales tool to demonstrate the value of SIEM & SOC and help them decide which security monitoring solution is right for them. With ThreatInsight MSPs can onboard all their clients and their devices unto Vijilan’s SIEM for $99/month. Spots available while seats last.