Tag: data breach

The Role of An Effective Data Governance Initiative in Customer Purchase Decisions

Post author By Michael Pastore
Post date May 31, 2018
No Comments on The Role of An Effective Data Governance Initiative in Customer Purchase Decisions

A data governance initiative will maximize the security, quality and value of data, all of which build customer trust.

Without data, modern business would cease to function. Data helps guide decisions about products and services, makes it easier to identify customers, and serves as the foundation for everything businesses do today. The problem for many organizations is that data enters from any number of angles and gets stored in different places by different people and different applications.

Getting the most out of your data requires that you know what you have, where you have it, and that you understand its quality and value to the organization. This is where data governance comes into play. You can’t optimize your data if it’s scattered across different silos and lurking in various applications.

For about 150 years, manufacturers relied on their machinery and its ability to run reliably, properly and safely, to keep customers happy and revenue flowing. A data governance initiative has a similar role today, except its aim is to maximize the security, quality and value of data instead of machinery.

Customers are increasingly concerned about the safety and privacy of their data. According to a survey by Research+Data Insights, 85 percent of respondents worry about technology compromising their personal privacy. In a survey of 2,000 U.S. adults in 2016, researchers from Vanson Bourne found that 76 percent of respondents said they would move away from companies with a high record of data breaches.

For years, buying decisions were driven mainly by cost and quality, says Danny Sandwell, director of product marketing at erwin, Inc. But today’s businesses must consider their reputations in terms of both cost/quality and how well they protect their customers’ data when trying to win business.

Once the reputation is tarnished because of a breach or misuse of data, customers will question those relationships.

Unfortunately for consumers, examples of companies failing to properly govern their data aren’t difficult to find. Look no further than Under Armour, which announced this spring that 150 million accounts at its MyFitnessPal diet and exercise tracking app were breached, and Facebook, where the data of millions of users was harvested by third parties hoping to influence the 2016 presidential election in the United States.

Customers Hate Breaches, But They Love Data

While consumers are quick to report concerns about data privacy, customers also yearn for (and increasingly expect) efficient, personalized and relevant experiences when they interact with businesses. These experiences are, of course, built on data.

In this area, customers and businesses are on the same page. Businesses want to collect data that helps them build the omnichannel, 360-degree customer views that make their customers happy.

These experiences allow businesses to connect with their customers and demonstrate how well they understand them and know their preferences, like and dislikes – essentially taking the personalized service of the neighborhood market to the internet.

The only way to manage that effectively at scale is to properly govern your data.

Delivering personalized service is also valuable to businesses because it helps turn customers into brand ambassadors, and it’s a fact that it’s much easier to build on existing customer relationships than to find new customers.

Here’s the upshot: If your organization is doing data governance right, it’s helping create happy, loyal customers, while at the same time avoiding the bad press and financial penalties associated with poor data practices.

Putting A Data Governance Initiative Into Action

The good news is that 76 percent of respondents to a November 2017 survey we conducted with UBM said understanding and governing the data assets in the organization was either important or very important to the executives in their organization. Nearly half (49 percent) of respondents said that customer trust/satisfaction was driving their data governance initiatives.

What stops organizations from creating an effective data governance initiative? At some businesses, it’s a cultural issue. Both the business and IT sides of the organization play important roles in data, with the IT side storing and protecting it, and the business side consuming data and analyzing it.

For years, however, data governance was the volleyball passed back and forth over the net between IT and the business, with neither side truly owning it. Our study found signs this is changing. More than half (57 percent) of the respondents said both and IT and the business/corporate teams were responsible for data in their organization.

Once an organization understands that IT and the business are both responsible for data, it still needs to develop a comprehensive, holistic strategy for data governance that is capable of:

Reaching every stakeholder in the process
Providing a platform for understanding and governing trusted data assets
Delivering the greatest benefit from data wherever it lives, while minimizing risk
Helping users understand the impact of changes made to a specific data element across the enterprise.

To accomplish this, a modern data governance initiative needs to be interdisciplinary. It should include not only data governance, which is ongoing because organizations are constantly changing and transforming, but other disciples as well.

Enterprise architecture is important because it aligns IT and the business, mapping a company’s applications and the associated technologies and data to the business functions they enable.

By integrating data governance with enterprise architecture, businesses can define application capabilities and interdependencies within the context of their connection to enterprise strategy to prioritize technology investments so they align with business goals and strategies to produce the desired outcomes.

A business process and analysis component is also vital to modern data governance. It defines how the business operates and ensures employees understand and are accountable for carrying out the processes for which they are responsible.

Enterprises can clearly define, map and analyze workflows and build models to drive process improvement, as well as identify business practices susceptible to the greatest security, compliance or other risks and where controls are most needed to mitigate exposures.

Finally, data modeling remains the best way to design and deploy new relational databases with high-quality data sources and support application development.

Being able to cost-effectively and efficiently discover, visualize and analyze “any data” from “anywhere” underpins large-scale data integration, master data management, Big Data and business intelligence/analytics with the ability to synthesize, standardize and store data sources from a single design, as well as reuse artifacts across projects.

Michael Pastore is the Director, Content Services at QuinStreet B2B Tech. This content originally appeared as a sponsored post on http://www.eweek.com/.

Read the previous post on how compliance concerns and the EU’s GDPR are driving businesses to implement data governance.

Determine how effective your current data governance initiative is by taking our DG RediChek.

erwin Expert Blog

Five Pillars of Data Governance Readiness: Team Resources

Post author By Bunny Tharpe
Post date April 12, 2018
No Comments on Five Pillars of Data Governance Readiness: Team Resources

The Facebook scandal has highlighted the need for organizations to understand and apply the five pillars of data governance readiness.

All eyes were on Mark Zuckerberg this week as he testified before the U.S. Senate and Congress on Facebook’s recent data drama.

A statement from Facebook indicates that the data snare was created due to permission settings leveraged by the Facebook-linked third-party app ‘thisisyourdigitallife.’

Although the method used by Cambridge Analytica to amass personal data from 87 million Facebook users didn’t constitute a “data breach,” it’s still a major data governance (DG) issue that is now creating more than a headache for the company.

The #DeleteFacebook movement is gaining momentum, not to mention the company’s stock dip.

With Facebook’s DG woes a mainstay in global news cycles, and the General Data Protection Regulation’s (GDPR) implementation just around the corner, organizations need to get DG-ready.

During the past few weeks, the erwin Expert Blog has been exploring the five pillars of data governance readiness. So far, we’ve covered initiative sponsorship and organizational support. Today, we talk team resources.

Facebook and the Data Governance Awakening

Most organizations lack the enterprise-level experience required to advance a data governance initiative.

This function may be called by another name (e.g., data management, information management, enterprise data management, etc.), a successful organization recognizes the need for managing data as an enterprise asset.

Data governance, as a foundational component of enterprise data management, would reside within such a group.

You would think an organization like Facebook would have this covered. However, it doesn’t appear that they did.

The reason Facebook is in hot water is because the platform allowed ‘thisisyourdigitallife’ to capture personal data from the Facebook friends of those who used the app, increasing the scope of the data snare by an order of magnitude.

For context, it took only 53 Australian ‘thisisyourdigitallife’ users to capture 310,000 Australian citizens’ data.

Facebook’s permission settings essentially enabled ‘thisisyourdigitallife’ users to consent on behalf of their friends. Had GDPR been in effect, Facebook would have been non-compliant.

Even so, the extent of the PR fallout demonstrates that regulatory compliance shouldn’t be the only driver for implementing data governance.

Understanding who has access to data and what that data can be used for is a key use case for data governance. This considered, it’s not difficult to imagine how a more robust DG program could have covered Facebook’s back.

Data governance is concerned with units of data – what are they used for, what are the associated risks, and what value do they have to the business? In addition, DG asks who is responsible for the data – who has access? And what is the data lineage?

It acts as the filter that makes data more discoverable to those who need it, while shutting out those without the required permissions.

The Five Pillars of Data Governance: #3 Team Resources

Data governance can’t be executed as a short-term fix. It must be an on-going, strategic initiative that the entire organization supports and is part of. But ideally, a fixed and formal data management group needs to oversee it.

As such, we consider team resources one of the key pillars of data governance readiness.

Data governance requires leadership with experience to ensure the initiative is a value-adding success, not the stifled, siloed programs associated with data governance of old (Data Governance 1.0).

Without experienced leadership, different arms of the organization will likely pull in different directions, undermining the uniformity of data that DG aims to introduce. If such experience doesn’t exist within the organization, then outside consultants should be tapped for their expertise.

As the main technical enabler of the practice, IT should be a key DG participant and even house the afore-mentioned data management group to oversee it. The key word here is “participant,” as the inclination to leave data governance to IT and IT alone has been a common reason for Data Governance 1.0’s struggles.

With good leadership, organizations can implement Data Governance 2.0: the collaborative, outcome-driven approach more suited to the data-driven business landscape. DG 2.0 avoids the pitfalls of its predecessor by expanding the practice beyond IT and traditional data stewards to make it an enterprise-wide responsibility.

By approaching data governance in this manner, organizations ensure those with a stake in data quality (e.g., anyone who uses data) are involved in its discovery, understanding, governance and socialization.

This leads to data with greater context, accuracy and trust. It also hastens decision-making and times to market, resulting in fewer bottlenecks in data analysis.

We refer to this collaborative approach to data governance as the enterprise data governance experience (EDGE).

Back to Facebook. If they had a more robust data governance program, the company could have discovered the data snare exploited by Cambridge Analytica and circumvented the entire scandal (and all its consequences).

But for data governance to be successful, organizations must consider team resources as well as enterprise data management methodology and delivery capability (we’ll cover the latter two in the coming weeks).

To determine your organization’s current state of data governance readiness, take the erwin DG RediChek.

To learn more about how to leverage data governance for GDPR compliance and an EDGE on the competition, click here.

erwin Expert Blog

Data Governance 2.0 for Financial Services

Post author By Bunny Tharpe
Post date January 25, 2018
2 Comments on Data Governance 2.0 for Financial Services

The tempo of change for data-driven business is increasing, with the financial services industry under particular pressure. For banks, credit card, insurance, mortgage companies and the like, data governance must be done right.

Consumer trust is waning across the board, and after several high-profile data breaches, trust in the way in which organizations handle and process data is lower still.

Equifax suffered 2017’s largest breach and the fifth largest in history. The subsequent plummet in stock value should have sent a stark warning to other financial service organizations. As of November, the credit bureau reported $87.5 million in expenses following the breach, and the PR fallout plummeted profits by 27 percent.

But it could be said that Equifax was lucky. If the breach had occurred following the implementation of the General Data Protection Regulation (GDPR), it also would have been hit with hefty sanctions. Come May of 2018, fines for GDPR noncompliance will reach an upper limit of €20 million or 4 percent of annual turnover – whichever is greater.

Data governance’s purpose – knowing where your data is and who is accountable for it – is a critical factor in preventing such breaches. It’s also a prerequisite for compliance as organizations need to demonstrate they have taken reasonable precautions in governing.

Equifax’s situation clearly implies that financial services organizations need to review and improve their data governance. As a concept, data governance for regulatory compliance is widely understood. Such regulations were introduced a decade ago in response to the financial crisis.

However, data governance’s role goes far beyond just preventing data breaches and meeting compliance standards.

Data Governance 2.0 for Financial Services

Data governance has struggled to gain a foothold because the value-adds have been unclear and largely untested. After new regulations for DG were introduced for the financial services industry, most organizations didn’t bother implementing company-wide approaches, instead opting to leave it as an IT-managed program.

So IT was responsible for cataloging data elements to support search and discovery, yet they rarely knew which bits of data were related or important to the wider business. This resulted in poor data quality and completeness, and left data and its governance siloed so data-driven business was hard to do.

Now data-driven business is more common – truly data-driven business with data at the core of strategy. The precedent has been set thanks to Airbnb, Amazon and Uber being some of the first businesses to use data to turn their respective markets on their heads.

These businesses don’t just use data to target new customers, they use data to help dictate strategy, find new gaps in the market, and highlight areas for performance improvement.

With that in mind, there’s a lot the financial services industry can learn and apply. FinTech start-ups continue to shake up the sector, and although the financial services industry is a more difficult industry to topple, traditional financial organizations need to innovate to stay competitive.

Alongside compliance, the aforementioned purpose of DG – knowing where data is stored and who is accountable for it – is also a critical factor in fostering agility, squashing times to market, and improving overall business efficiency, especially in the financial services industry.

In fact, the biggest advantage of data governance for financial services is making quality and reliable data readily available to the right people, so the right decisions can be made faster. Good DG also helps these companies better capitalize on revenue opportunities, solve customer issues, and identify fraud while improving the standard for reporting on such data.

These benefits are especially important within financial services because their big decisions have big financial impacts. To make such decisions, they need to trust that the data they use is sound and efficiently traceable.

Such data accountability is paramount. To achieve it, organizations must move away from the old, ineffective Data Governance 1.0 approach to the collaborative, outcome-driven Data Governance 2.0.

This means introducing data governance to the wider business, not just leaving it to IT. It means line-of-business managers and C-level executives take leading roles in data governance. But most importantly, it means a more efficient approach to data-driven business for increased revenue. A BCG study implies that financial services could be leaving up to $30 billion on the table.

Although the temptation to just meet regulatory compliance might be strong, the financial services industry clearly has a lot to gain from taking the extra step. Therefore, new regulations don’t have to be seen as a burden but as a catalyst for greater, proactive and forward-thinking change.

For more best practices in business and IT alignment, and successfully implementing data governance, click here.

Tags data-driven business, data governance, General Data Protection Regulation, GDPR, consumer trust, equifax data governance, data governance business outcomes, data governance value, data finances, data banking, banking, data governance for financial services, financial services, financial institutions, data governance 2.0, data breach

erwin Expert Blog

Digital Trust: Enterprise Architecture and the Farm Analogy

Post author By Bunny Tharpe
Post date November 9, 2017
1 Comment on Digital Trust: Enterprise Architecture and the Farm Analogy

With the General Data Protection Regulation (GDPR) taking effect soon, organizations can use it as a catalyst in developing digital trust.

Data breaches are increasing in scope and frequency, creating PR nightmares for the organizations affected. The more data breaches, the more news coverage that stays on consumers’ minds.

The Equifax breach and subsequent stock price fall was well documented and should serve as a warning to businesses and how they manage their data. Large or small, organizations have lessons to learn when it comes to building and maintaining digital trust, especially with GDPR looming ever closer.

Previously, we discussed the importance of fostering a relationship of trust between business and consumer. Here, we focus more specifically on data keepers and the public.

Digital Trust and The Farm Analogy

Any approach to mitigating the risks associated with data management needs to consider the ‘three Vs’: variety, velocity and volume.

In describing best practices for handling data, let’s imagine data as an asset on a farm. The typical farm’s wide span makes constant surveillance impossible, similar in principle to data security.

With a farm, you can’t just put a fence around the perimeter and then leave it alone. The same is true of data because you need a security approach that makes dealing with volume and variety easier.

On a farm, that means separating crops and different types of animals. For data, segregation serves to stop those without permissions from accessing sensitive information.

And as with a farm and its seeds, livestock and other assets, data doesn’t just come in to the farm. You also must manage what goes out.

A farm has several gates allowing people, animals and equipment to pass through, pending approval. With data, gates need to make sure only the intended information filters out and that it is secure when doing so. Failure to correctly manage data transfer will leave your business in breach of GDPR and liable for a hefty fine.

Furthermore, when looking at the gates in which data enters and streams out of an organization, we must also consider the third ‘V’ – velocity, the amount of data an organization’s systems can process at any given time.

Of course, the velocity of data an organization can handle is most often tied to how efficiently a business operates. Effectively dealing with high velocities of data requires faster analysis and times to market.

However, it’s arguably a matter of security too. Although not a breach, DDOS attacks are one such vulnerability associated with data velocity.

DDOS attacks are designed to put the aforementioned data gates under pressure, ramping up the amount of data that passes through them at any one time. Organizations with the infrastructure to deal with such an attack, especially one capable of scaling to demand, will suffer less preventable down time.

Enterprise Architecture and Harvesting the Farm

Making sure you can access, understand and use your data for strategic benefit – including fostering digital trust – comes down to effective data management and governance. And enterprise architecture is a great starting point because it provides a holistic view of an organization’s capabilities, applications and systems including how they all connect.

Enterprise architecture at the core of any data-driven business will serve to identify what parts of the farm need extra protections – those fences and gates mentioned earlier.

It also makes GDPR compliance and overall data governance easier, as the first step for both is knowing where all your data is.

For more data management best practices, click here. And you can subscribe to our blog posts here.

Tags digital trust, DDOS, data farm, data breach, equifax breach, volume velocity variety, data security, three vs, data governance, data management, GDPR, data-driven, enterprise architecture