fbpx

Data Governance Strategy for the Rest of Us

by | Jun 21, 2021 | Data Security, Data Privacy, Data Security, IT Security | 0 comments

Data Governance

Over the last year as the pandemic bought in technology as one of saviours, businesses had a few wins and some challenges.

Work from home now became an accepted practice even with companies that were strictly against data access outside the physical premise. There was a few weeks of resistance and confusion, that later turned into a necessity by the mid of 2020.  Various employees could now access data and though not as per best practice, access rights had become important and a key responsibility with stakeholders.

The Challenge

That brings a consideration for the businesses on now how they shall manage data governance. There are various approaches. Yet they are primarily driven by 4 factors. This may sound odd, but it does not depend on the nature of work and the risk analysis.

  1. Size of the organisation in terms of users who work with data. This could and will, as we go ahead include frontline workers as they now must interact with IT systems.
  2. Structure how is the organisation designed and how does reporting work. MSME’s prefer a fixed hierarchy where the control and support functions are well defined.
    The challenge to this is the chain of commands that has been set, is not monitored, and controlled as intended. Due to changed priorities and a gap in communications, the SOP’s change without understanding impact. Subsequently when there is a breakdown, it is found that intention and application are completely disconnected.
  3. Culture: Many organisations, from Micro and Small to Medium have a culture that has been created by the founders. From decision making to ideology to understanding of current environment, the founders and management define how the approach to governance is. The traditional model is a top-down control. Decisions are based on seniority and hierarchy.

The Dynamic 4th

Here we take into mind one more factor that influences change that is the mindset of the employees. With a large workforce now under 35, there is a need for the management to enlist their support through their values to bring in good governance.

Shadow IT

With regards to creation and sharing of data, the restrictions are based through IT policies that are not aligned to business needs. This is one of the main reasons of Shadow IT and thus resulting breaches and data leakage. Employees use unauthorized third-party apps to accomplish various content creation and data sharing tasks that becomes a bigger risk. The objective is not to discourage external sharing as it is a necessity but to make it easier to use and monitor than third party tools.  Since the outcome of the project or task is relayed and not the process, it is never corrected and that is the beginning of gaps that would only increase.

We have the gap, and so what would be the solution?

The Approach

Let us examine what is our final goal. Data governance for a business it to set processes and rules that need to be followed for operations of an organised business as they create, store and transfer information.

For Data Governance your main objectives should be

  • Ensure collaboration is easy and remains as an asset inside the organisation.
  • To protect your Intellectual property.

As these companies go digital, it is vital that the governance of data and information to be aligned to these parameters. Yet modernization projects fail as they do not account for alignment of technology to existing governance model of the company.

There is a road and approach that will have to be followed to make governance and culture an enabler rather than impedance.

Organisations will thrive that encourage better collaboration of people and data, yet they must ensure that this is done within the framework of organisational and statutory compliance. This reduces the need of enforcement through penalty of any kind and improves motivation.

This is done by using tools that engage the workforce to follow operational practices inside a framework that protects the data and other critical assets of the company. Legacy IT-provided tools have not evolved to fit inside this collaborative framework. E-mails are already being replaced with chats. Visits and meetings are now virtual. Mobile phones have replaced laptop as preferred devices. And personal devices are used for work and vice versa.

The Solution

  • The first focus on setting up data governance would be to design the collaboration within and outside the organisation.
  • Within the organisation, the focus should be on correct access rights depending on department and projects.

Many services have been introduced to adapt to this and Microsoft 365 has been able to get the balance correct for businesses. With introduction of Microsoft Groups, and then Microsoft Teams, a platform is available to unity data storage, access, communication, and productivity tools.

This has resulted into a balance of governance with a more modern user experience leading to collaborative governance.

Collaboration Governance in Microsoft 365 addresses control over information in any form, across devices and with the same user experience.  It is important to note that this is a platform, and its immense power needs to be channelized through a compliance architect who would map the business functions along with the security officer to bring the access rights within the framework of the company’s standard operating procedure.

To prevent development of shadow IT, the organisation should invest in training to upskill their employees and demonstrate the advantage, ease of use, of these tools vis-à-vis those being used currently. Once there is lesser resistance, then these can be configured using best practices and the power of the platform to monitor and control the data exchange.

Final Words

Data Governance, hence, is not the aspect of making rules and policies and enforcing them. It is the understanding of the risks to an organisation as the tools change. Then mitigating these risks using a system that is enabled through a robust platform, training, and sensible architecture that builds towards better control and monitoring of information.

That is all for now…

Feel free to contact me on

Author

Parvez Diwan
Managing Director
Matrix3D Infocom Private Ltd.
LinkedIn: https://www.linkedin.com/in/parvezdiwan/

And

Nazmeen Ansari
CEO
Matrix3D Infocom Private Ltd.
LinkedIn: https://www.linkedin.com/in/nazmeenansari/

Submit a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected!!