By Gary Alleman, MD at Master Data Management
A recent survey conducted by Forrester Research shows that business is increasingly regarding the cloud as an avenue to bypass IT. The research shows that nearly 60% of respondents are running mission critical workloads in the unmanaged public cloud – in most cases in contravention of policy. For IT executives this increases the cost and complexity of ensuring that services meet enterprise requirements for performance, security and availability.
Another survey conducted by Symantec has indicated that the cost of lost or stolen data has increased for the fifth consecutive year – reaching approximately R1000 (£79) per lost record. This loss is mainly the result of negligence resulting from poor data governance policies.
As personal protection legislation becomes more prevalent, companies will have to ensure that data is adequately protected or face increasingly stringent penalties. In many countries, for example, it is illegal to move client data across borders. This means that public cloud solutions must be hosted within the country of origin if the company is not to be exposed to legal action.
IT-driven policies are effectively being ignored by business users who see the cloud as a mechanism to “get the job done” quickly and easily. Business leaders seek out cloud computing and implement a cloud strategy as a way of bypassing IT. However, the end result of this can be massive business risk, as data may be stored offsite without systems in place for governance in accordance with policy.
Adding to this challenge, the increasing numbers of laws and regulations around the management of information must be complied with at risk of heavy financial penalties. The majority of hastily implemented cloud strategies ignore IT policy, which often means that cloud data storage is not compliant. Non-compliance introduces further levels of risk. In order to mitigate this risk, sound data governance is once again required.
Data governance is essential in managing the complexities that the cloud introduces, but many organisations still make the mistake of assuming that data governance is an IT project. Both the Forrester and Symantec research serve to highlight the fact that data governance needs to be driven by the business in order to effectively manage risk. If business is instrumental in setting data policies then it follows that these policies will be taken into account even when business seeks to bypass IT in order to get a job done quickly. Business driven data governance ensures that the data itself meets the needs of the business and that the management of data mitigates business risk.
Cloud strategy is something that has emerged as an important feature on the business landscape, as there are many legitimate business benefits that can be leveraged from cloud computing. However the reality is that storing business data and running mission-critical business processes in the public cloud is a poor business decision if it introduces risk and is not compliant with legal requirements.
A comprehensive cloud strategy that includes data governance and management should be an imperative for business over the coming year. This strategy needs to address the issues of security, data policies and business processes related to data in order to bridge the ubiquitous gap between business and IT. IT should not prescribe policy; data governance policies should be driven by and owned by business.
By involving both business and IT, all risk implications are considered, which helps to make certain that decisions taken, whether regarding the cloud or anything else, will be in the best interest of the organisation as a whole. In the same vein, governance cannot only involve IT but should be a strategic business project. This will ensure that decisions are not made in isolation, but that all of the facts, risks and implications are considered beforehand.