Business is increasingly data-saturated, from processes, to services, to the proliferation of new data sources from both third and first parties. Industry-leading companies take advantage of the plethora of data types and are able to realize benefits because of effective data governance. Aberdeen research reveals that companies make better-informed business decisions than decisions made on gut feel and intuition when they can provide business users with timely access to reliable enterprise data; a resulting capability of effective enterprise data governance.
Timely access to trustworthy data means business users have the abilities to freely and widely share enterprise data. And when business users have increased access and capabilities to share data, the risks of data privacy, data security, and data-related regulatory compliance increase as well.
Optimizing Data Access Increases Risk
According to “The Other Side of Data Governance: Data Privacy, Data Security, and Data-related Compliance” by Aberdeen VP and Research Fellow of Information Security and IT GRC Practices Derek E. Brink, decision making, collaboration, or digitally enabled workflows and transactions involving significantly broader access to valuable or regulated enterprise data require corresponding initiatives to address data privacy, data security, and data-related compliance.
Regulated, sensitive, or valuable data includes personally identifiable information (PII), personal health information (PHI), confidential information (CI), intellectual property (IP), employee records, client or business partner data, and cardholder or bank data.
Concerns about freer and wider access to such data are fully justified. A look at 1,765 data breaches publicly disclosed in calendar year 2017 reveals insights into the scope of data security risks:
- About 97% of data breaches had a meaningful business impact
- Nearly 5 average data breaches per day
- From 1 to over 200M records per data breach
- About 2,000 median number of records per data breach
As data sources become more diverse and multitudinous, compliance requirements expand. Aberdeen research has found that, of 360 organizations studied:
- Only 61% of organizations able to report achievement of 11 common regulations and frameworks for data privacy and security
- About 3 out of 5 organizations experienced at least 1 data breach over the last year
- About 3 out of 4 experiences at least 1 non-compliance issue over the last year
This presents quite a conundrum for the myopic thinker: Data governance expands access to timely, trustworthy data, but the resulting better-informed business decisions come at a rewarded risk.
For the decision maker considering the big picture, however, the conundrum presents as more of a balance to be struck: Correlating data protection measures address the unrewarded risks of providing expanded access to regulated or valuable data.
These correlating measures have been identified in Aberdeen research as technology enablers for effective data governance and foundational capabilities for data protection.
The tech investments business leaders should make to enable effective governance are: data integration and preparation, interactive data discovery and visualization, business intelligence tools, data infrastructure, predictive and cognitive analytics, and master data management. The three foundational capabilities for effective data protection are: data discovery and classification; data handling; and a clear understanding of the likelihood and business impact of risks related to data privacy, security, and data-related regulatory compliance.
Don’t let the lists of tech enablers and capabilities let you lose sight of the key takeaway here: the focus is not on tech, but on the broader cause-and-effect connections between the tactical activities and strategic outcomes (the technologies, processes and people, and the better-informed business decisions and acceptable levels of data-related risk).