Author: Bunny Tharpe

Categories
erwin Expert Blog

An Agile Data Governance Foundation for Building the Data-Driven Enterprise

The data-driven enterprise is the cornerstone of modern business, and good data governance is a key enabler.

In recent years, we’ve seen startups leverage data to catapult themselves ahead of legacy competitors. Companies such as Airbnb, Netflix and Uber have become household names. Although the service each offers differs vastly, all three identify as ‘technology’ organizations because data is integral to their operations.

Data-Driven Business

As with any standard-setting revolution, businesses across the spectrum are now following these examples. But what these organizations need to understand is that simply deciding to be data-driven, or to “do Big Data,” isn’t enough.

As with any strategy or business model, it’s advisable to apply best practices to ensure the endeavor is worthwhile and that it operates as efficiently as possible. In fact, it’s especially important with data, as poorly governed data will lead to slower times to market and oversights in security. Additionally, poorly managed data fosters inaccurate analysis and poor decision-making, further hampering times to market due to inaccuracy in the planning stages, false starts and wasted cycles.

Essentially garbage in, garbage out – so it’s important for businesses to get their foundations right. To build something, you need to know exactly what you’re building and why to understand the best way to progress.

Data Governance 2.0 Is the Underlying Factor

Good data governance (DG) enables every relevant stakeholder – from executives to frontline employees – to discover, understand, govern and socialize data. Then the right people have access to the right data, so the right decisions are easier to make.

Traditionally, DG encompassed governance goals such as maintaining a business glossary of data terms, a data dictionary and catalog. It also enabled lineage mapping and policy authoring.

However, Data Governance 1.0 was siloed with IT left to handle it. Often there were gaps in context, the chain of accountability and the analysis itself.

Data Governance 2.0 remedies this by taking into account the fact that data now permeates all levels of a business. And it allows for greater collaboration.

It gives people interacting with data the required context to make good decisions, and documents the data’s journey, ensuring accountability and compliance with existing and upcoming data regulations.

But beyond the greater collaboration it fosters between people, it also allows for better collaboration between departments and integration with other technology.

By integrating data governance with data modeling (DM), enterprise architecture (EA) and business process (BP), organizations can break down inter-departmental and technical silos for greater visibility and control across domains.

By leveraging a common metadata repository and intuitive role-based and highly configurable user interfaces, organizations can guarantee everyone is singing off the same sheet of music.

Data Governance Enables Better Data Management

The collaborative nature of Data Governance 2.0 is a key enabler for strong data management. Without it, the differing data management initiatives can and often do pull in different directions.

These silos are usually born out of the use of disparate tools that don’t enable collaboration between the relevant roles responsible for the individual data management initiative. This stifles the potential of data analysis, something organizations can’t afford given today’s market conditions.

Businesses operating in highly competitive markets need every advantage: growth, innovation and differentiation. Organizations also need a complete data platform as the rise of data’s involvement in business and subsequent frequent tech advancements mean market landscapes are changing faster than ever before.

By integrating DM, EA and BP, organizations ensure all three initiatives are in sync. Then historically common issues born of siloed data management initiatives don’t arise.

A unified approach, with Data Governance 2.0 at its core, allows organizations to:

  • Enable data fluency and accountability across diverse stakeholders
  • Standardize and harmonize diverse data management platforms and technologies
  • Satisfy compliance and legislative requirements
  • Reduce risks associated with data-driven business transformation
  • Enable enterprise agility and efficiency in data usage.

Data governance is everyone's business

Categories
erwin Expert Blog

The Key to Improving Business and IT Alignment

Fostering business and IT alignment has become more important than ever.

Gone are the days when IT was a fringe department, resigned to providing support. But after so long on the sidelines, many businesses still struggle to bring IT into the fold, ensuring its alignment with the wider business. But this should be a priority for any data-driven enterprise.

On a fundamental level, it requires a change of perception and culture. The stereotype of basement-housed IT teams was widely acknowledged and satirized. It formed the basis of the popular British sitcom The IT Crowd, which focused on the escapades of three IT staff members in the dingy basement of a huge corporation. Often their best professional input was “turn it off and on again.”

Today, the idea of such a small IT team supporting a huge business is almost too ridiculous to satirize..

Bring IT Out of the Basement

In the age of data-driven business, IT now takes center stage. And it has been promoted out of the basement – at least in principle.

Although IT has moved away from its legacy of support and “keeping the lights on,” many businesses still have a long way to go in fostering business and IT alignment.

But the data-driven nature of modern business demands it. Not only is the wider business responsible for understanding, making use of and capitalizing on data; the business as a whole, including IT, is responsible for upholding the regulations associated with it.

Fostering Business and IT Alignment

The key here, then, is a collaborative data governance program. For business and IT to be sufficiently aligned, the business needs access to all the data relevant to its various departments, whenever it is needed.

This means the right data of the right quality, regardless of format or where it is stored, must be available for use, but only by the right people for the right purpose.

Therefore, the notion that IT can manage and govern data independently is unthinkable. It’s the business that will use data the most, and it’s the business that stands to lose the most when decisions are made based on bad data.

Companies had long neglected this reality. Past efforts to implement data governance programs (Data Governance 1.0) often fell short in adding value. When left solely to IT, Data Governance 1.0 was solely focussed on cataloging data. This, and the disparity between IT and the business meant the meaning of data assets, and their relationship within the wider data landscape, was unclear.

This is what Data Governance 2.0, and its innately collaborative nature aims to resolve. With Data Governance 2.0, the strategy encompasses defined business, IT and business-IT requirements.

Data Governance for Business and IT Alignment

Business Requirements: The business is responsible for defining data, including setting standards for the ownership and meaning of data assets so the organization can use data with a uniformed approach.

IT Requirements: IT manages data at the base level: from mapping data – which may exist across various systems, reports and data models – to physical data assets (databases, files, documents and so on). This, in turn, enables IT to accurately assume the impact of things like data-glossary changes across the enterprise. That’s a key enabling factor in enterprise architecture, allowing for cost-effective and thorough risk management by identifying data points that require the most security.

Business-IT Requirements: A joint effort allows IT to effectively publish data to relevant roles/people. This way, the business can readily use data that is meaningful and relevant to it across various departments, while maintaining compliance with existing and upcoming data protection regulations.

Additionally, those using data can follow data chains back to the source, providing a wider, less ambiguous view of data assets and thus reducing the likelihood of poor decision-making.

For more best practices in business and IT alignment, and successfully implementing data governance, click here.

Business and IT alignment - Data governance

Categories
erwin Expert Blog

The Top 6 Benefits of Data Governance

It’s important we recognize the data governance benefits (DG) beyond General Data Protection Regulation (GDPR) compliance.

Data governance is mandatory for GDPR, so the incentive in implementing it before the May 2018 deadline is clear. However, the timeline’s pressures could also be viewed as somewhat of a double-edged sword.

On the one hand, introducing a mandate shines a spotlight on a practice many businesses have neglected. A First San Francisco Partners (FSFP) study found that only 47.9% of respondents have a DG program in place.

We are beginning to see the shift, though. The FSFP study also found that 29% of businesses are in the early stages of a DG roll-out, with an additional 19% at the research and planning stage.

The sword’s other edge is that much of this swing is reactionary, encouraged by the fast-approaching GDPR deadline.

By introducing a mandate for data governance on a timeline, many businesses will be tempted to do the bare minimum just to meet the standards for compliance.

Unfortunately, that means the following data governance benefits will be left on the table.

Data Governance

Data Governance Benefits

Better Decision-Making

One of the key benefits of data governance is better decision-making. This applies to both the decision-making process, as well as the decisions themselves.

Well-governed data is more discoverable, making it easier for the relevant parties to find useful insights. It also means decisions will be based on the right data, ensuring greater accuracy and trust.

Operational Efficiency

Data is incredibly valuable in the age of data-driven business. Therefore, it should be treated as the asset it is.

Consider a manufacturing business’ physical assets, for example. Well-run manufacturing businesses ensure their production-line machinery undergoes regular inspections, maintenance and upgrades so the line operates smoothly with limited down-time.

The same approach should apply to data.

Improved Data Understanding and Lineage

Data governance is about understanding what your data is and where it is stored. When implemented well, data governance provides a comprehensive view of all data assets.

It also provides greater accountability. By assigning permissions, it is far easier to determine who’s responsible for specific data.

Greater Data Quality

As data governance aids in discoverability, businesses with effective data governance programs also benefit from improved data quality. Although technically two separate initiatives, some of their goals overlap.

These include, but are not limited to, the standardization of data and its consistency. One way to clearly differentiate the two programs is to consider the questions posed by each field.

Data quality wants to know how useful and complete data is, whereas data governance wants to know where the data is and who is responsible for it.

Data governance improves data quality, because answering the latter makes it easier to tackle the former.

Regulatory Compliance

As mentioned in the introduction, if you haven’t yet adopted a data governance program, compliance is perhaps the best reason to do so. Hefty fines with an upper limit of €20 million or 4% or annual global turnover – whichever is greater – are nothing to baulk at.

That said, GDPR fines are only incentivising something you should already be keen to do. Data-driven businesses that aren’t enjoying the aforementioned benefits are fundamentally stifling their own performance.

It could even be argued that to be truly data-driven, data governance is a must.

Increased Revenue

Driving revenue should, in fact, be higher on the DG benefit list. However, it’s positioned here because the aforementioned benefits cumulatively influence it.

All the benefits of data governance addressed above help businesses make better, faster decisions with more certainty.

It means that less costly errors – in the form of false starts and even data breaches – are made. It means that you spend less money by managing risk, and closing the most vulnerable holes in your business’ security, instead of more money retrospectively, dealing with PR and financial fallout.

What You Need to Do

Considering the benefits and their accumulative real-term value , data-driven organizations can’t afford to leave data governance to IT alone. This is why Data Governance 1.0 has ultimately failed.

But even now, 23% of businesses in the FSFP study said information technology leads their data governance efforts.

In the current climate, this mind-set is inherently flawed. We’ve reached a new business age in which data is considered more valuable than oil. Yet many businesses are still reluctant in treating data with the same care as their physical assets.

This needs to change. If data is indeed this valuable, we need to treat data governance as a strategic initiative.

Data Governance 2.0 involves the entire enterprise, including department heads and C-level executives, who stand to benefit from data insights gained throughout the process.

For more data governance best practices and useful statistics, download our resource: Data Governance Is Everyone’s Business.

Subscribe to the erwin Expert Blog

Once you submit the trial request form, an erwin representative will be in touch to verify your request and help you start data modeling.

Categories
erwin Expert Blog

The Secret to Data Governance Success

Data governance (DG) 1.0 has struggled to get off the ground, but now DG is required for General Data Protection Regulation (GDPR) compliance, so businesses need a new approach to achieve data governance success.

When properly implemented, data governance is an empowering tool for businesses. But for many organizations just getting started with DG, implementation will be reactionary because of its mandatory status under (GDPR).

As such, businesses might be tempted into doing the bare minimum to meet compliance standards. But done right, data governance is a key enabler for any data-driven business.

The data governance success story

The first step in achieving data governance success is to define what it should look like. With clear goals, businesses can take the collaborative approach data governance requires – with the whole company pulling in the same direction – for proper implementation.

Data governance success typically manifests itself as:

  • Defined data: Consistency in how a business defines data means it can be understood across divisions, enabling greater potential for collaboration.
  • Guaranteed quality: Trusted data eases the decision-making process, allowing a business to make both faster and more assured decisions that lead to fewer false starts.
  • Compliance and security: With data governance, neither are sacrificed even as the volume of data and the accessibility of such data expands when silos are broken down. Of course, this is a key component of any business putting data at the heart of their operations.

With this in mind, your next steps should be to introduce Data Governance 2.0 by addressing the baggage of its predecessor, and learning from it. Two key lessons to take away: 1) treat data like physical assets and 2) treat data governance itself as a strategic initiative.

Treat data like physical assets

This year data went mainstream. In the two years prior, more data was created than in the whole of human history. With more and more businesses acknowledging the value of data insights, analysts correctly predicted that data would be considered “more valuable than oil” in 2017.

Businesses that have already experienced data-driven success recognized data’s potential value early on. Yet for the most part, data typically has been considered separate from physical assets. It has, therefore, been given subdued levels of vigilance compared to physical assets that are often tracked, maintained and updated to maintain peak operational performance.

Take the belt on a production line, for example. Lack of maintenance leads to faults, production delays, increased time to market and ultimately stifled profits and overall performance. Continuous neglect results in more costly repairs not to mention the costs related to down-time. The same is true for data.

If your data isn’t governed with due care, silos and bottlenecks easily develop, shutting off access to employees who need it and slowing down everything from data discovery to analytics.

Persistent neglect means your business will not understand where your most sensitive data is stored, making it more susceptible to breaches. As Equifax and Uber have demonstrated recently, such data breaches are costly enough without the fines that soon will be levied because of  GDPR.

Considering recent revelations surrounding the value of data, plus the imminent regulatory changes, it’s time businesses begin treating data with as much respect and care as their physical assets.

Treat data governance as a strategic initiative

The problem with historical data governance implementation is that it was seen exclusively as an IT-driven project. Therefore, governance was shoehorned through a collection of siloed tools with no input from the wider organization. More specifically, from line managers and C-Level executives to whom governed data is arguably most valuable.

In recent years, the problems with this approach have become further exacerbated by:

  • A demand for big data and analytics-driven growth
  • A need for digital trust in business dealings between organizations or between businesses and consumers
  • Upcoming personal data removal mandates with stronger individual privacy protections

In the current business climate, more than 35 percent of companies use information to identify new business opportunities and predict future trends and behavior. An additional 50 percent agree that information is highly valued for decision-making, and should be treated as an asset (BI-Survey.com).

Clearly, it’s paramount that organizations view their data as a valuable asset, and the governing of their data as a strategic initiative in and of itself.

For more best practices in achieving data governance success, click here.

Data governance is everyone's business

Categories
erwin Expert Blog

Data Governance and Risk Management

Risk management is crucial for any data-driven business. Former FBI Director Robert Mueller famously said, “There are only two types of companies: those that have been hacked and those that will be.” This statement struck a chord when first spoken in 2012, and the strings are still ringing.

As data continues to be more deeply intertwined in our day-to-day lives, the associated risks are growing in number and severity. So, there’s increasing scrutiny on organizations’ data governance practices – and for good reason.

Governmental scrutiny, in particular, is gearing up. The General Data Protection Regulation (GDPR) introduces strict formality in the way data is governed across the European Union, including organizations outside the EU that wish to do business with its member nations.

But in certain sectors, public scrutiny is just as – if not more – important to consider. We’ve been talking since September about the data breach at Equifax, which has just been hit with a 50-state, class-action lawsuit.

And we just learned that Uber was hacked, resulting in the personal data of 57 million customers and Uber drivers being stolen. What’s more, the company concealed the breach for more than a year.

Whether we’re talking about financial or reputational damage, it’s absolutely clear that bad data governance is bad business.

Risk Management Data Governance

Risk Management for IoT

Think about the Internet of Things (IoT) for a moment …

IoT devices are gaining more stock in daily life – from the mundane of smart refrigerators and thermostats to the formidable of medical devices. Despite the degree of severity here, personal data is personal data, and the steps taken to mitigate security risks must be evidenced to be compliant.

Data governance is fundamental to risk mitigation and management. That’s because data governance is largely concerned with understanding two key things: where your data is kept and what it’s used for. Considering the scope of IoT data, this is no easy feat.

Estimates indicate that by 2020, 50 billion connected devices will be in circulation. Misunderstanding where and what this data is could leave the records of millions exposed.

On top of the already pressing need for effective data governance for risk management, we’re constantly approaching uncharted territories in data applications.

Lessons from Driverless Cars

The driverless car industry is one such example on the not-too-distant horizon.

Businesses from BMW to Google are scrambling to win the driverless car race, but fears that driverless cars could be hacked are well founded. Earlier this year, a Deloitte Insights report considered the likely risks of introducing autonomous vehicles onto public roads.

It reads, “The very innovations that aim to enhance the way we move from place to place entail first-order cybersecurity challenges.” It also indicates that organizations need to make radical changes in how they view cybersecurity to ensure connected vehicles are secure, vigilant and resilient:

  • Secure – Work on risk management by prioritizing sensitive assets to balance security and productivity.
  • Vigilant – Integrate threat data, IT data and business data to be equipped with context-rich alerts to prioritize incident handling and streamline incident investigation.
  • Resilient – Rapidly adapt and respond to internal or external changes to continue operations with limited business impacts.

The first thing organizations should take away is that this advice applies to the handling of all sensitive data; it’s by no means exclusive to autonomous vehicles. And second, security, vigilance and resilience all are enabled by data governance.

Data Governance Leads the Way

As discussed, data governance is about knowing where your data is and what it’s used for.  This understanding indicates where security resources should be spent to help mitigate data breaches.

Data governance also makes threat data, IT data and business data more readily discoverable, understandable and applicable, meaning any decisions you make regarding security investments are well informed.

In terms of resilience and the ability to rapidly respond, businesses must be agile and collaborative, points of contention in traditional data governance. However, Data Governance 2.0 as defined by Forrester addresses agility in terms of “just enough controls for managing risk, which enables broader and more insightful use of data required by the evolving needs of an expanding business ecosystem.”

As GDPR looms ever near, an understanding of data governance best practices will be indispensable. To get the best of them, click here.

Data governance is everyone's business

Categories
erwin Expert Blog

Data Governance 2.0: Collaborative Data Governance

Data Governance 1.0 has been too isolated to be truly effective, and so a new, collaborative data governance approach is necessary.

This rings especially true when considering the imminent implementation of the General Data Protection Regulation (GDPR). Compliance is required from all EU-based companies and those trading with the EU.

It’s extremely likely that your business falls under GDPR’s scope. Failure to comply will leave your company liable for penalties up to €20 million or 4% or annual global turnover – whichever is greater.

With the amount of data a modern business has to manage, and the copious access points, GDPR compliance will require everyone to sing from the same hymn sheet.

This is where Data Governance 2.0 comes in. As defined by Forrester, it is “an agile approach to data governance focused on just enough controls for managing risk, which enables broader and more insightful use of data required by the evolving needs of an expanding business ecosystem.”

The principles of Data Governance 2.0 were designed with modern, data-driven business in mind. This new approach acknowledges the demand for collaborative data governance, tears down organizational silos, and spreads responsibilities across more roles.

Collaborative Data Governance

Collaborative Data Governance – Shattering Silos

As addressed above, modern businesses must deal with volumes of data that legacy systems and policies just weren’t designed to manage. This problem is exacerbated by the variety of data, both structured and unstructured, historically managed by different departments within an organization.

To shatter such silos, organizations can leverage a collaborative data governance approach to foster better data use and accountability. A governance tool that can sort, regulate and manage data access through secure checkpoints and assigned roles is key. Then the right data of the right quality, regardless or format or location, is available to the right people for the right purpose.

Such a data governance tool is paramount not only to help ensure GDPR compliance but also for effective business operations. It’s important to stress that data governance is a key revenue driver.

In this digital age, data is more valuable than oil. But as with oil, it must be refined.

Collaborative Data Governance – The Data Refinery

Data Governance 1.0 was mainly concerned with cataloging data to support search and discovery. However, it fell short in adding value because it neglected the meaning of data assets and their relationships within the wider data landscape.

Many of the IT professionals involved in data governance recognized this, but calls for business leaders to be more active in governance often fell on deaf ears. Now that data has become a more critical business asset, we’re starting to see a shift.

Collaborative data governance encourages involvement throughout the organizational hierarchy. This is especially important now that business leaders, from CMOs to CTOs, are intrinsically involved in data management on a day-to-day basis.

As the best placed individuals in an organization to advocate and implement change, bringing ranking business leaders into the fold helps inform and enable the effort’s return on investment – both in limiting data exposures and driving new opportunities.

In the case of the CMO, data analysis might indicate that email open rates exceed targets, but click-through rates are underperforming. The CMO then can adjust content strategy to provide prospects with more relevant information and calls to action.

To learn more about collaborative data governance and the tool to foster this approach, click here.

Data governance is everyone's business

Categories
erwin Expert Blog

Digital Trust: Enterprise Architecture and the Farm Analogy

With the General Data Protection Regulation (GDPR) taking effect soon, organizations can use it as a catalyst in developing digital trust.

Data breaches are increasing in scope and frequency, creating PR nightmares for the organizations affected. The more data breaches, the more news coverage that stays on consumers’ minds.

The Equifax breach and subsequent stock price fall was well documented and should serve as a warning to businesses and how they manage their data. Large or small,  organizations have lessons to learn when it comes to building and maintaining digital trust, especially with GDPR looming ever closer.

Previously, we discussed the importance of fostering a relationship of trust between business and consumer.  Here, we focus more specifically on data keepers and the public.

Digital Tust: Data Farm

Digital Trust and The Farm Analogy

Any approach to mitigating the risks associated with data management needs to consider the ‘three Vs’: variety, velocity and volume.

In describing best practices for handling data, let’s imagine data as an asset on a farm. The typical farm’s wide span makes constant surveillance impossible, similar in principle to data security.

With a farm, you can’t just put a fence around the perimeter and then leave it alone. The same is true of data because you need a security approach that makes dealing with volume and variety easier.

On a farm, that means separating crops and different types of animals. For data, segregation serves to stop those without permissions from accessing sensitive information.

And as with a farm and its seeds, livestock and other assets, data doesn’t just come in to the farm. You also must manage what goes out.

A farm has several gates allowing people, animals and equipment to pass through, pending approval. With data, gates need to make sure only the intended information filters out and that it is secure when doing so. Failure to correctly manage data transfer will leave your business in breach of GDPR and liable for a hefty fine.

Furthermore, when looking at the gates in which data enters and streams out of an organization, we must also consider the third ‘V’ – velocity, the amount of data an organization’s systems can process at any given time.

Of course, the velocity of data an organization can handle is most often tied to how efficiently a business operates. Effectively dealing with high velocities of data requires faster analysis and times to market.

However, it’s arguably a matter of security too. Although not a breach, DDOS attacks are one such vulnerability associated with data velocity.

DDOS attacks are designed to put the aforementioned data gates under pressure, ramping up the amount of data that passes through them at any one time. Organizations with the infrastructure to deal with such an attack, especially one capable of scaling to demand, will suffer less preventable down time.

Enterprise Architecture and Harvesting the Farm

Making sure you can access, understand and use your data for strategic benefit – including fostering digital trust – comes down to effective data management and governance. And enterprise architecture is a great starting point because it provides a holistic view of an organization’s capabilities, applications and systems including how they all connect.

Enterprise architecture at the core of any data-driven business will serve to identify what parts of the farm need extra protections – those fences and gates mentioned earlier.

It also makes GDPR compliance and overall data governance easier, as the first step for both is knowing where all your data is.

For more data management best practices, click here. And you can subscribe to our blog posts here.

erwin blog

Categories
erwin Expert Blog

Enterprise Architecture for GDPR Compliance

With the May 2018 deadline for the General Data Protection Regulation (GDPR) fast approaching, enterprise architecture (EA), should be high on the priority list for organizations that handle the personal data of citizens in any European Union state.

GDPR compliance requires an overview of why and how personal data is collected, stored, processed and accessed. It also extends to third-party access and determining – within reason – what internal or external threats exist.

Because of EA’s holistic view of an organization and its systems, enterprise architects are primed to take the lead.

Enterprise Architecture for GDPR

Enterprise architecture for GDPR: Data privacy by design

The fragmented nature of data regulation and the discrepancies in standards from country to country made GDPR inevitable. Those same discrepancies in standards make it very likely that come May 2018, your organization will be uncompliant if changes aren’t made now.

So, organizations have two issues to tackle: 1) the finding problem and 2) the filing problem.

First, organizations must understand where all the private, personal and sensitive data is within all their systems . This also includes all the systems within their respective value chains. Hence, the finding problem.

Second, organizations must address the filing problem, which pertains to how they process data. As well as being a prerequisite for GDPR compliance, tackling the filing problem is essentially a fix to ensure the original finding problem is never as much of a headache again.

Starting with business requirements (A) and working through to product application (B), organizations have to create an environment whereby data goes from A to B via integral checkpoints to maintain data privacy.

This ensures that through every instance of the application development lifecycle – analysis, design, development, implementation and evaluation – the organization has taken all the necessary steps to ensure GDPR standards are met.

Enterprise architecture provides the framework of data privacy by design. By understanding how your organization’s systems fit together, you’ll see where data is as it moves along the application development lifecycle.

Enterprise architecture for GDPR: The benefits of collaboration

Of course, one of the requirements of GDPR is that compliance and all the steps to it can be demonstrated. Dedicated EA tools have the capacity to model the relevant information.

A dedicated and collaborative enterprise architecture tool takes things to the next level by  simplifying the export and sharing of completed models.

But there’s more. Truly collaborative EA tools allow relevant stakeholders (department heads, line managers) directly involved in handling the data of interest to be involved in the modeling process itself. This leads to more accurate reporting, more reliable data, and faster turnaround, all of which have a positive effect on business efficiency and the bottom line.

Approaching GDPR compliance with enterprise architecture does more than complete a chore or tick a box.  It becomes an opportunity for constant business improvement.

In other words, organizations can use enterprise architecture for GDPR as a catalyst for deeper, proactive digital transformation.

erwin partner Sandhill Consultants has produced a three-part webinar series on Navigating the GDPR Waters.

The first webinar covers the identification and classification of personally identifiable information and sensitive information and technologies, such as enterprise architecture, that can assist in identifying and classifying this sort of data.

Click here to access this webinar.

erwin blog

Categories
erwin Expert Blog

Digital Trust: Earning It and Keeping It with Data Governance

Digital trust can make or break a brand.

Amazon understood this concept early on. When the company first launched as an online bookseller in 1994, consumer confidence in online shopping was low, to say the least.

Exclusively competing with local bookstores, Amazon and many e-tailers throughout the 90s and early 2000s had to work to create trust in online shopping. Their efforts paid off, ushering in a new era and transforming the way we all shop today.

Amazon is a good example of digital trust making a brand. But data breaches are a telling metric of how lack of digital trust can break a brand.

Frequency of Data Breaches and Its Impact on Consumer Trust

Since Privacy Rights Clearinghouse began tracking data breaches in 2005, 7,731 have been reported, with an estimated 1 billion individual records breached. And that estimate is conservative. While a data breach may have been reported, the number of individual records involved isn’t always known.

The Ponemon Institute’s 2017 Cost of Data Breach Study suggests the odds of suffering a data breach within the year are as high as one in four. As if the growing number of data breaches isn’t enough to contend with, considerable evidence suggests their impact is increasing too.

Although the Ponemon Institute study found the financial cost of a data breach fell by 10 percent between 2016 and 2017, the “financial cost” doesn’t account for the various intangible effects of a data breach that can, and do, add up.

For example, the reputational cost more than likely outweighs the clean-up costs of a high-profile data breach like the one Equifax suffered recently. That incident is believed to have reduced Equifax’s market value by $3 billion, as share prices tumbled by as much as 17 percent.

In fact, any company disclosing a data breach saw its average stock price fall by 5 percent, according to Ponemon. And 21 percent of consumers included in its study reported ending their relationships with a company that had been breached. Why? They lost trust in those businesses.

Perhaps the most relevant finding here is that “organizations with a poor security posture experienced an increase of up to 7 percent customer churn, which can amount to millions in lost revenue.” Clearly this shows the correlation between digital trust and customer retention. It also demonstrates that the consumer is aware of such matters.

That’s why digital trust poses an opportunity. Yes, consumer trust is declining. Yes, high-profile breaches are increasing. But these are alarm bells, not death knells.

Businesses can use the issue of digital trust to their advantage. By making it a unique value proposition reinforced by a solid data governance (DG) program, you can set yourself apart from the competition – not to mention avoid GDPR penalties.

Building digital trust

Building Digital Trust Through Data Governance

In today’s digital economy, the consumer holds the power with more avenues of research and reviews to inform purchase decisions. Even in the B2B world, studies indicate that 47 percent of buyers view three to five pieces of content before engaging with a sales rep.

In other words, the consumer is clued in. But if a data breach occurs, it doesn’t have to lead to customer losses. It could actually reinforce customer loyalty and produce an uptick in new customers – if you are proactive in your response and transparent about your procedures for data governance.

Of course, consumer trust isn’t built overnight. It’s a process, influenced by sound data governance practices and routine demonstrations of said practices so trust becomes part of your brand.

While considering the long-term payoff, it’s also worth noting the advantages a data governance program has in the short-term. For better or worse, short-term positive outcomes are what business leaders and decision- makers want to see.

When it comes to both digital trust and business outcomes, DG’s biggest advantage is ensuring an organization can first trust its own data.

In addition to helping an organization discover, understand and then socialize its mission-critical information for greater visibility, it also improves the enterprise’s ability to govern and control data. You literally get a handle on how you handle your data – and not just to help prevent breaches.

Greater certainty around the quality of data leads to faster and more productive decision-making. It reduces the risk of misleading models, analysis and prediction, meaning less time, money and other resources are wasted.

Additionally, the very data used in such models and analysis benefits from improved clarity. Meaning what’s relevant is more readily discoverable, speeding up the entire strategic planning and decision-making process.

So, proactive and proficient data governance doesn’t just mitigate risk, it fundamentally improves operational performance and accelerates growth.

For more data best practices click here, and you can stay up to date with our latest posts here.

erwin blog

Categories
erwin Expert Blog

Using Enterprise Architecture to Improve Security

The personal data of more than 143 million people – half the United States’ entire population – may have been compromised in the recent Equifax data breach. With every major data breach comes post-mortems and lessons learned, but one area we haven’t seen discussed is how enterprise architecture might aid in the prevention of data breaches.

For Equifax, the reputational hit, loss of profits/market value, and potential lawsuits is really bad news. For other organizations that have yet to suffer a breach, be warned. The clock is ticking for the General Data Protection Regulation (GDPR) to take effect in May 2018. GDPR changes everything, and it’s just around the corner.

Organizations of all sizes must take greater steps to protect consumer data or pay significant penalties. Negligent data governance and data management could cost up to 4 percent of an organization’s global annual worldwide turnover or up to 20 million Euros, whichever is greater.

With this in mind, the Equifax data breach – and subsequent lessons – is a discussion potentially worth millions.

Enterprise architecture for security

Proactive Data Protection and Cybersecurity

Given that data security has long been considered paramount, it’s surprising that enterprise architecture is one approach to improving data protection that has been overlooked.

It’s a surprise because when you consider enterprise architecture use cases and just how much of an organization it permeates (which is really all of it), EA should be commonplace in data security planning.

So, the Equifax breach provides a great opportunity to explore how enterprise architecture could be used for improving cybersecurity.

Security should be proactive, not reactive, which is why EA should be a huge part of security planning. And while we hope the Equifax incident isn’t the catalyst for an initial security assessment and improvements, it certainly should prompt a re-evaluation of data security policies, procedures and technologies.

By using well-built enterprise architecture for the foundation of data security, organizations can help mitigate risk. EA’s comprehensive view of the organization means security can be involved in the planning stages, reducing risks involved in new implementations. When it comes to security, EA should get a seat at the table.

Enterprise architecture also goes a long way in nullifying threats born of shadow IT, out-dated applications, and other IT faux pas. Well-documented, well-maintained EA gives an organization the best possible view of current tech assets.

This is especially relevant in Equifax’s case as the breach has been attributed to the company’s failure to update a web application although it had sufficient warning to do so.

By leveraging EA, organizations can shore up data security by ensuring updates and patches are implemented proactively.

Enterprise Architecture, Security and Risk Management

But what about existing security flaws? Implementing enterprise architecture in security planning now won’t solve them.

An organization can never eliminate security risks completely. The constantly evolving IT landscape would require businesses to spend an infinite amount of time, resources and money to achieve zero risk. Instead, businesses must opt to mitigate and manage risk to the best of their abilities.

Therefore, EA has a role in risk management too.

In fact, EA’s risk management applications are more widely appreciated than its role in security. But effective EA for risk management is a fundamental part of how EA for implementing security works.

Enterprise architecture’s comprehensive accounting of business assets (both technological and human) means it’s best placed to align security and risk management with business goals and objectives. This can give an organization insight into where time and money can best be spent in improving security, as well as the resources available to do so.

This is because of the objective view enterprise architecture analysis provides for an organization.

To use somewhat of a crude but applicable analogy, consider the risks of travel. A fear of flying is more common than fear of driving in a car. In a business sense, this could unwarrantedly encourage more spending on mitigating the risks of flying. However, an objective enterprise architecture analysis would reveal, that despite fear, the risk of travelling by car is much greater.

Applying the same logic to security spending, enterprise architecture analysis would give an organization an indication of how to prioritize security improvements.