Developing a strong data governance strategy isn’t easy, yet it’s essential
Feb 15th, 2017

By Mike Rees, Territory Account Manager for South Africa at Commvault

The lifeblood of any enterprise is data. Along with knowledge, data is the business’ most important, irreplaceable asset and data governance is necessary to protect such assets. This is the process by which an organisation’s information assets are proactively and efficiently managed throughout the organisation and comprises the collection of of data, its revision and standardisation to make it suitable for business use. Data governance ensures that critical data is available at the right time to the right person in a standardised and reliable form, and ensures that where information is personal or business-sensitive, it is protected in accordance with legislative provisions. However, implementing a data governance framework isn’t easy and complicating factors might arise. Developing a successful data governance strategy requires careful planning, the right people and appropriate tools and technologies to avoid the dangers of making costly mistakes and assumptions concerning data governance.

Data governance is not optional

By now it should be clear that there is no getting around the issue of compliance when it comes to securing personal customer information. Complying with the Protection of Personal Information Act (PoPI) and other national regulations is not optional, and businesses should be tackling the issue of compliance now proactively before it becomes a problem that needs to be dealt with reactively. This means understanding that a comprehensive data management strategy is both a legal and a business requirement and because of this, leaving it to the IT department alone to resolve is not an option. Data governance is something that needs to be defined by business management, which strategy can then be executed in conjunction with IT management. A data management strategy is necessary to define the types of data the organisation has and is essential to categorising different data sets in order to determine the level of security necessary for each data set. it is necessary to ensure that such a strategy provides the business with the appropriate processes to identify important data and must therefore facilitates data management in the most efficient and cost-effective way in the long-term. It must also consider ways to ensure data is easily accessible, whether on premise, in the cloud or offline, over the retention period.

Mistakes to avoid

Tackling a data management strategy at a business level has been challenging for some organisations, for a variety of understandable reasons. Some of the pitfalls that enterprises have been faced with, due to a significant increase in the amount of data they must handle include making the mistake of treating data governance (and PoPI compliance) as a grudge undertaking and only doing the bare minimum, which is a short-sighted view. Instead of viewing data management as a financial drain on the company, it should be seen as an opportunity to leverage the data for the benefit of the business. For example, data gathered over a period can deliver significant insights like buyer behaviour, trends and the like. Consequently, where data is required to be kept for a long time, organisations can use the compiled information and derive business benefit from the data.

It would also be irresponsible to take the easy way out in terms of data management, and decide to back-up everything. This may appear to be a safe way to do things with the assumption that, if everything is kept, the business cannot go wrong. This view doesn’t factor in the increase in storage required, as well as the associated infrastructure demands, management requirements, power and cooling and all other resources needed to retain the data. Data management complexity increases unnecessarily by hoarding data and the costs spiral upwards. Furthermore, businesses will need to get out of the mindset of working in silos, as this could result in crucial data being overlooked. Such crucial data might live on a laptop or at branch offices, and failing to include this data in the data governance and compliance process is a mistake. The protection of personal information (and governance and compliance in general) becomes more challenging when data is fragmented. Most organisations will quickly find that their structured and unstructured data is fragmented geographically. A good data management solution will lay the foundation that simplifies the data collection, data movement, data storage, and data tracking, making it easier for organisations to understand their data to comply with their data governance strategy.

A cautious approach is smart

To prevent such tactical mishaps, a good data governance strategy must ensure that the whole business is integrated into the retention and management process, which requires businesses to prepare themselves by conducting research on their compliance requirements. This will pave the way for a data management strategy that empowers the business to understand their data currently under management and assess the type, age, ownership, location and governance requirements per the defined policy, which will then have the effect of reducing potential liability and the cost of data ownership.

Once the strategy has been defined and implemented, the issue of data management (and legislative compliance) is not over. It is important that this process be reviewed on a regular basis and adapted and refined as required in order to meet changes in legislation and business needs. When dealing with data, enterprises need to be mindful of certain security and compliance concerns before they become problematic. Forewarned is forearmed, and businesses should be wary of implementing cloud solutions without fully understanding how these solutions affect their capacity to comply with their data governance provisions that affect them. Although cloud is an ideal platform for long-term data storage it may not comply with the data governance regulations. An example of such an issue relates to the location of where the data resides, physically. Compliance with PoPI requires that data be stored within the borders of South Africa, which is problematic where cloud providers host data offshore.

In short, an effective data governance strategy is something that businesses should be considering now, if they aren’t already. Technologies and data-driven processes will continue to grow and the need for a data governance policy is only going to become more pressing, as the interconnected nature of digital business and consumers continues to expand through the Internet of Things. The amount of data that businesses are having to deal with is only going to keep getting larger so it is important to address data governance now, before that data becomes overwhelming. | Commvault Press Office.