In my earlier blog, I gave a brief history of ,data protection and discussed how organizations are beginning to cope with it. In this blog we will look at the central issues involved in data governance in general and how they impact organizations in particular.
Let´s start with my library example; a library consists of three core elements:
- First, a system that allows you to search and browse for books,
- Second, a section which helps you borrow, return and get harassed for not returning books, and
- Third, the backend system that manages the books in the library (cataloging / versioning / replacing) etc
These activities are apart from the real use of the book which in many cases is reading it!
If you relate the same to data in organizations we will immediately see similarities:
- First, there is a storage system that allows for storage and retrieval,
- Second, there is some sort of access control system (security) that ensure orderly access to information and within limits,
- Third, is managing and maintaining the quality of data.
We, humans, seem to be able to grasp physical things more easily (no pun intended) than the logical ones. While we have built library systems that seem to run on common sense, we have difficulty in translating this to the virtual.
Let us say, one had to translate the previously mentioned four points: storage and retrieval, security, quality, and transformation and analytics from the library world to the IT world, then one has to tie in all the concepts and solutions of a library together.
We also have to learn from the library pitfalls and avoid similar ones in the virtual world, for example transforming a book into its electronic avatar requires OCR technology, which performs more consistently and accurately when the documents are clearly legible, use consistent fronts and sizes, so had the books all been of the same size and fonts, the conversion work would have been accomplished much faster.
While a formal data governance structure, policies and processes for an organization goes a long way, it is not always possible to make a perfect beginning or overhaul an entire working system (partially at least) and replace it with something completely different. Everyone acknowledges how difficult it is to manage change in organizations. It may still be possible to start making space for bite sized changes in crucial areas to gain maximum benefit instead of trying to boil the ocean.
These may include integrated strategies, tactical plans, policies and enforcement technologies for storage and retrieval, security, quality, transformation and analytics. For example, a strategy, plan or architecture designed for storage and retrieval system should also consider the impact of security, quality, transformation and analytics requirements.
Taking this example further - say if the organization is considering a document management system - then it should also consider how data will be classified, how people will get access, how the system will handle unstructured data, versioning, retention, archival and duplicates. It should also consider what formats (Excel, Access, SQL) should be used or enforced so that transformation and analytics can be supported in future.
Similarly, when thinking of - say a DLP (Data Leakage Protection) technology - one has to consider how the DLP can be made more effective in the future and planning data movement in business processes, data formats, types, access requirements and classification etc. in that manner.
You may think all this sounds like Big Data, but then big data is nothing but a set of best practices (read common sense) around management of data in an organization. While we may not have all the answers to everything, it just helps to have the right questions in your mind when you are planning and designing systems around your data.
Author:
Jayesh Kamath
Practice Head - IRAS, Aujas