Data: your most valuable asset. A business case for data governance | I AM TECHNOLOGY blog by Trey Warme, San Diego
Unstructured data comprises 80% of most company’s total data volume. The average organization’s data volume is doubling every two years, and much of that data must be managed for years to come in order to meet regulatory compliance laws. Data governance, the management and security of your data, is the most important challenge faced by organizations today. Your organization runs on data, some critical to operations, much of it confidential. Let’s face it; your data is your most valuable asset.
Many organizations today spend millions on security technology rather than a fraction of that on information management risk assessments and data process (governance) improvements. Organizations rarely have a full accounting of all the data they create, transact and store, but they do have detailed inventories of the hardware on which that data resides. Addressing this problem is not easy without the proper tools.
Nearly all definitions of ‘information governance’ contain a stated goal to manage data as an asset. Many organizations toil with this concept: how do we calculate the ‘value’ of this asset, and if value is a subjective thing, then the whole notion of ‘business value for data’ becomes a weak argument for information governance. It can be difficult for organizations to arrive at accepted subjective units of measurement to calculate an agreed upon business value for their data. That being the case, the value of data is often not seriously examined until after disaster strikes, like a breach, or during a publicly transitional time, such as a merger.
Data is transactional in nature, meaning data is the result of some activity or process. In terms of unstructured data, it can be a work product, or it can be a conversation within an email. In either case, that data is a type of result. The value of that data in motion is now usefulness in a productive process, such as building customer relations or product research. The usefulness of that data in motion may diminish over time. A three-year-old email may not have the same business value in motion today as a current email exchange with a customer yesterday. The value of that three-year-old data now at rest is usefulness in meeting the mandatory data retention compliance laws enforced upon your industry and avoidance of stiff fines for penalties cited. If asked, can you answer the challenging yet vital questions of who has access to your unstructured data, who should and shouldn’t have access, who uses and who abuses their access? If a first attempt at answering that question is made during an emergency, the process will likely be costly and slow. Wouldn’t it be nice to be prepared to answer that question before asked?
What about the question of, which of your sensitive files, if any, are exposed to risk? These are tough questions to answer with the native tools in Windows Operating Systems. Unfortunately, with the break-neck speed of information technology development, the increasing barrage of security threats and ever changing landscape of BYOD connectivity, these questions are often left unanswered until disaster strikes, like a data breach.
Did you know that data breaches are one of the most common and costly security failures in any size organization? In fact, recent studies report that companies are attacked an average of 16,856 times a year, and that many of those attacks actually do result in a quantifiable data breach. And with data today moving freely between corporate networks, mobile devices, and the cloud, data breach statistics show this disturbing trend to be accelerating rapidly. Building a business case for data security management investment begins with quantifying the threat. Data breach statistics are plentiful on the web. But not all data breach statistics are reported, and some victims aren’t even aware they’ve been compromised.
Technology providers including IBM conduct their own research collected from the thousands of client networks which they monitor and share their data breach statistics in annual reports. Rest assured, the data breach threat is very real, and costly. IBM reports that the financial consequences of a data security breach today amount to an average 29% damage of reputation and brand, 19% loss of revenue and 21% lost productivity. Those are tough challenges to overcome. Many businesses are unable to regain public trust of their reputation and brand and do not survive another 2 years after a data breach. Fortunately, data breaches can be managed with a cohesive data governance plan, including proactive monitoring of your sensitive unstructured data combined with automation to secure any found sensitive files before unprivileged users have an opportunity to see or share.
Here’s another great question for you, who should be responsible for managing access rights to your data? For years IT has undertaken the complete responsibility of configuring data access rights and monitoring data access audit logs. A common problem is, oftentimes, IT does not know the context of the unstructured data for which they are responsible to secure access, and why should they? Why not put the responsibility for data access control on the actual data owners, those with the higher understanding of the data content and who should or should not be granted access and what type of access they should have?
Your company strategy, vision and goals are all contained in human-generated unstructured data documents, spreadsheets, presentations and multimedia files. Significant employee time and value are invested in creating and revising unstructured data critical to your business operations. Businesses lose nearly 20% of their productivity looking for previously created unstructured data and laboriously recreating it if it can’t be found. Richard Wozniak, Program Director, Information Management Marketing at IBM explains, “Companies often think that their IT requirements are only going to expand as the business does, and that the business isn’t going to be four times bigger any time soon. But what a lot of companies are seeing is that they need to drive increased profitability, increasing automation and reducing the amount of time that vital employees spend on non-productive tasks.” What if, employees could perform on-the-fly searches of your unstructured data returning only results pertinent to them? What new heights could your organization reach with 20% more productivity?
These are just some of the questions answered and business values achieved through a careful valuation of your data, then establishing processes and controls to mitigate the risks to which this asset is exposed, and establishing a framework to assign management of access control rights to data owners.
Does your business need a data governance plan? The answer is, yes, all organizations need to be able to make decisions about how to mange their data, realize value from it, reduce cost and complexity, mitigate risk and ensure compliance with the ever-growing legal and regulatory compliance requirements in your industry.
What are you doing to manage and secure your data? Please share what you are doing to manage your most valuable asset. Thank you!
Trey Warme is a leading expert in information systems infrastructure. He is currently actively seeking new opportunities in technical sales engineering with fast-paced industry leading information security providers to complement his advanced systems engineering skills. Trey provides professional information technology consulting services that harnesses the practical leadership abilities of an over 15-year cumulative immersion in progressively accountable direction of information technology infrastructure design and IT systems management. Contact Trey at firstname.lastname@example.org or call him directly @ 858-776-4172.
Article Featured: Data: your most valuable asset. A business case for data governance in Business and Strategic Planning on EzineArticles.
Professional Profile: http://treywarme.com
Facebook Page: http://facebook.com/treywarmedotcom