Tag: data security

Categories
erwin Expert Blog

Data Governance 2.0: The CIO’s Guide to Collaborative Data Governance

In the data-driven era, CIO’s need a solid understanding of data governance 2.0 …

Data governance (DG) is no longer about just compliance or relegated to the confines of IT. Today, data governance needs to be a ubiquitous part of your organization’s culture.

As the CIO, your stakeholders include both IT and business users in collaborative relationships, which means data governance is not only your business, it’s everyone’s business.

The ability to quickly collect vast amounts of data, analyze it and then use what you’ve learned to help foster better decision-making is the dream of business executives. But that vision is more difficult to execute than it might first appear.

While many organizations are aware of the need to implement a formal data governance initiative, many have faced obstacles getting started.

A lack of resources, difficulties in proving the business case, and challenges in getting senior management to see the importance of such an effort rank among the biggest obstacles facing DG initiatives, according to a recent survey by UBM.

Common Data Governance Challenges - Data Governance 2.0

Despite such hurdles, organizations are committed to trying to get data governance right. The same UBM study found that 98% of respondents considered data governance either important, or critically important to their organization.

And it’s unsurprising too. Considering that the unprecedented levels of digital transformation, with rapidly changing and evolving technology, mean data governance is not just an option, but rather a necessity.

Recognizing this, the IDC DX Awards recently resurfaced to give proper recognition and distinction to organizations who have successfully digitized their systems and business processes.

Creating a Culture of Data Governance

The right data of the right quality, regardless of where it is stored or what format it is stored in, must be available for use only by the right people for the right purpose. This is the promise of a formal data governance practice.

However, to create a culture of data governance requires buy-in from the top down, and the appropriate systems, tools and frameworks to ensure its continued success.

This take on data governance is often dubbed as Data Governance 2.0.

At erwin, we’ve identified what we believe to be the five pillars of data governance readiness:

  1. Initiative Sponsorship: Without executive sponsorship, you’ll have difficulty obtaining the funding, resources, support and alignment necessary for successful DG.
  2. Organizational Support: DG needs to be integrated into the data stewardship teams and wider culture. It also requires funding.
  3. Team Resources: Most successful organizations have established a formal data management group at the enterprise level. As a foundational component of enterprise data management, DG would reside in such a group.
  4. Enterprise Data Management Methodology: DG is foundational to enterprise data management. Without the other essential components (e.g., metadata management, enterprise data architecture, data quality management), DG will be a struggle.
  5. Delivery Capability: Successful and sustainable DG initiatives are supported by specialized tools, which are scoped as part of the DG initiative’s technical requirements.

Data Security

Data is becoming increasingly difficult to manage, control and secure as evidenced by the uptick in data breaches in almost every industry.

Therefore companies must work to secure intellectual property (IPs), client information and so much more.

So CIOs have to come up with appropriate plans to restrict certain people from accessing this information and allow only a small, relevant circle to view it when necessary.

However, this job isn’t as easy as you think it is. Organizations must walk the line between ease of access/data discoverability and security.

It’s the CIO’s responsibility to keep the balance, and data governance tools with role-based access can help maintain that balance.

Data Storage

The amount of data modern organizations have to manage means CIOs have to rethink data storage, as well as security.

This includes considerations as to what data should be stored and where, as well as understanding what data the organization – and the stakeholders within it – is responsible for.

This knowledge will enable better analysis, and the data used for such analysis more easily accessed when required and by approved parties. This is especially crucial for compliance with government regulations like the General Data Protection Regulation (GDPR), as well as other data regulations.

Defining the Right Audience

It’s a CIO’s responsibility to oversee the organization’s data governance systems. Of course, this means the implementation and upkeep of such systems, but it also includes creating the policies that will inform the data governance program itself.

Nowadays, lots of employees think they need access to all of an organization’s data to help them make better decisions for the company.

However, this can possibly expose company data to numerous threats and cyber attacks as well as intellectual property infringement.

So data governance that ensures only the right audience can access specific company information can come in handy, especially during a company’s brainstorming seasons, new products and services releases, and so much more.

Data governance is to be tailored by CIOs to meet their organizations’ specific needs (and wants). This is to ensure an efficient and effective way of utilizing data while also enabling employees to make better and wiser business decisions.

The Right Tools Help Solve the Enterprise Data Dilemma

What data do we have, where is it and what does it mean? This is the data dilemma that plagues most organizations.

The right tools can make or break your data governance initiatives. They encompass a number of different technologies, including data cataloging, data literacy, business process modeling, enterprise architecture and data modeling.

Each of these tools separately contribute to better data governance, however, increasingly, organizations are realizing the benefits of interconnectivity between them. This interconnectivity can be achieved through centralizing data-driven projects around metadata.

This means data professionals and their work benefits from a single source of truth, making analysis faster, more trustworthy and far easier to collaborate on.

With the erwin EDGE, an “enterprise data governance experience” is created to underpin Data Governance 2.0.

It unifies data and business architectures so all IT and business stakeholders can access relevant data in the context of their roles, supporting a culture committed to using data as a mission-critical asset and orchestrating the key mechanisms required to discover, fully understand, actively govern and effectively socialize and align data to the business.

You can learn more about data governance by reading our whitepaper: Examining the Data Trinity: Governance, Security and Privacy.

Examining the Data Trinity - Governance, Security and Privacy

Categories
erwin Expert Blog

Data Governance Makes Data Security Less Scary

Happy Halloween!

Do you know where your data is? What data you have? Who has had access to it?

These can be frightening questions for an organization to answer.

Add to the mix the potential for a data breach followed by non-compliance, reputational damage and financial penalties and a real horror story could unfold.

In fact, we’ve seen some frightening ones play out already:

  1. Google’s record GDPR fine – France’s data privacy enforcement agency hit the tech giant with a $57 million penalty in early 2019 – more than 80 times the steepest fine the U.K.’s Information Commissioner’s Office had levied against both Facebook and Equifax for their data breaches.
  2. In July 2019, British Airways received the biggest GDPR fine to date ($229 million) because the data of more than 500,000 customers was compromised.
  3. Marriot International was fined $123 million, or 1.5 percent of its global annual revenue, because 330 million hotel guests were affected by a breach in 2018.

Now, as Cybersecurity Awareness Month comes to a close – and ghosts and goblins roam the streets – we thought it a good time to resurrect some guidance on how data governance can make data security less scary.

We don’t want you to be caught off guard when it comes to protecting sensitive data and staying compliant with data regulations.

Data Governance Makes Data Security Less Scary

Don’t Scream; You Can Protect Your Sensitive Data

It’s easier to protect sensitive data when you know what it is, where it’s stored and how it needs to be governed.

Data security incidents may be the result of not having a true data governance foundation that makes it possible to understand the context of data – what assets exist and where, the relationship between them and enterprise systems and processes, and how and by what authorized parties data is used.

That knowledge is critical to supporting efforts to keep relevant data secure and private.

Without data governance, organizations don’t have visibility of the full data landscape – linkages, processes, people and so on – to propel more context-sensitive security architectures that can better assure expectations around user and corporate data privacy. In sum, they lack the ability to connect the dots across governance, security and privacy – and to act accordingly.

This addresses these fundamental questions:

  1. What private data do we store and how is it used?
  2. Who has access and permissions to the data?
  3. What data do we have and where is it?

Where Are the Skeletons?

Data is a critical asset used to operate, manage and grow a business. While sometimes at rest in databases, data lakes and data warehouses; a large percentage is federated and integrated across the enterprise, introducing governance, manageability and risk issues that must be managed.

Knowing where sensitive data is located and properly governing it with policy rules, impact analysis and lineage views is critical for risk management, data audits and regulatory compliance.

However, when key data isn’t discovered, harvested, cataloged, defined and standardized as part of integration processes, audits may be flawed and therefore your organization is at risk.

Sensitive data – at rest or in motion – that exists in various forms across multiple systems must be automatically tagged, its lineage automatically documented, and its flows depicted so that it is easily found and its usage across workflows easily traced.

Thankfully, tools are available to help automate the scanning, detection and tagging of sensitive data by:

  • Monitoring and controlling sensitive data: Better visibility and control across the enterprise to identify data security threats and reduce associated risks
  • Enriching business data elements for sensitive data discovery: Comprehensively defining business data element for PII, PHI and PCI across database systems, cloud and Big Data stores to easily identify sensitive data based on a set of algorithms and data patterns
  • Providing metadata and value-based analysis: Discovery and classification of sensitive data based on metadata and data value patterns and algorithms. Organizations can define business data elements and rules to identify and locate sensitive data including PII, PHI, PCI and other sensitive information.

No Hocus Pocus

Truly understanding an organization’s data, including its value and quality, requires a harmonized approach embedded in business processes and enterprise architecture.

Such an integrated enterprise data governance experience helps organizations understand what data they have, where it is, where it came from, its value, its quality and how it’s used and accessed by people and applications.

An ounce of prevention is worth a pound of cure  – from the painstaking process of identifying what happened and why to notifying customers their data and thus their trust in your organization has been compromised.

A well-formed security architecture that is driven by and aligned by data intelligence is your best defense. However, if there is nefarious intent, a hacker will find a way. So being prepared means you can minimize your risk exposure and the damage to your reputation.

Multiple components must be considered to effectively support a data governance, security and privacy trinity. They are:

  1. Data models
  2. Enterprise architecture
  3. Business process models

Creating policies for data handling and accountability and driving culture change so people understand how to properly work with data are two important components of a data governance initiative, as is the technology for proactively managing data assets.

Without the ability to harvest metadata schemas and business terms; analyze data attributes and relationships; impose structure on definitions; and view all data in one place according to each user’s role within the enterprise, businesses will be hard pressed to stay in step with governance standards and best practices around security and privacy.

As a consequence, the private information held within organizations will continue to be at risk.

Organizations suffering data breaches will be deprived of the benefits they had hoped to realize from the money spent on security technologies and the time invested in developing data privacy classifications.

They also may face heavy fines and other financial, not to mention PR, penalties.

Gartner Magic Quadrant Metadata Management

Categories
erwin Expert Blog

Top Use Cases for Enterprise Architecture: Architect Everything

Architect Everything: New use cases for enterprise architecture are increasing enterprise architect’s stock in data-driven business

As enterprise architecture has evolved, so to have the use cases for enterprise architecture.

Analyst firm Ovum recently released a new report titled Ovum Market Radar: Enterprise Architecture. In it, they make the case that enterprise architecture (EA) is becoming AE – or “architect everything”.

The transition highlights enterprise architecture’s evolution from being solely an IT function to being more closely aligned with the business. As such, the function has changed from EA to AE.

At erwin, we’re definitely witnessing this EA evolution as more and more as organizations undertake digital transformation initiatives, including rearchitecting their business models and value streams, as well as responding to increasing regulatory pressures.

This is because EA provides the right information to the right people at the right time for smarter decision-making.

Following are some of the top use cases for enterprise architecture that demonstrate how EA is moving beyond IT and into the business.

Enterprise Architecture Use Cases

Top 7 Use Cases for Enterprise Architecture

Compliance. Enterprise architecture is critical for regulatory compliance. It helps model, manage and transform mission-critical value streams across industries, as well as identify sensitive information. When thousands of employees need to know what compliance processes to follow, such as those associated with regulations (e.g., GDPR, HIPAA, SOX, CCPA, etc.) it ensures not only access to proper documentation but also current, updated information.

The Regulatory Rationale for Integrating Data Management & Data Governance

Data security/risk management. EA should be commonplace in data security planning. Any flaw in the way data is stored or monitored is a potential ‘in’ for a breach, and so businesses have to ensure security surrounding sensitive information is thorough and covers the whole business. Security should be proactive, not reactive, which is why EA should be a huge part of security planning.

Data governance. Today’s enterprise embraces data governance to drive data opportunities, including growing revenue, and limit data risks, including regulatory and compliance gaffes.

EA solutions that provide much-needed insight into the relationship between data assets and applications make it possible to appropriately direct data usage and flows, as well as focus greater attention, if warranted, on applications where data use delivers optimal business value.

Digital transformation. For an organization to successfully embrace change, innovation, EA and project delivery need to be intertwined and traceable. Enterprise architects are crucial to delivering innovation. Taking an idea from concept to delivery requires strategic planning and the ability to execute. An enterprise architecture roadmap can help focus such plans and many organizations are now utilizing them to prepare their enterprise architectures for 5G.

Mergers & acquisitions. Enterprise architecture is essential to successful mergers and acquisitions. It helps alignment by providing a business- outcome perspective for IT and guiding transformation. It also helps define strategy and models, improving interdepartmental cohesion and communication.

In an M&A scenario, businesses need to ensure their systems are fully documented and rationalized. This way they can comb through their inventories to make more informed decisions about which systems to cut or phase out to operate more efficiently.

Innovation management. EA is crucial to innovation and project delivery. Using open standards to link to other products within the overall project lifecycle, integrating agile enterprise architecture with agile development and connecting project delivery with effective governance.

It takes a rigorous approach to ensure that current and future states are published for a wider audience for consumption and collaboration – from modeling to generating road maps with meaningful insights provided to both technical and business stakeholders during every step.

Knowledge retention. Unlocking knowledge and then putting systems in place to retain that knowledge is a key benefit of EA. Many organizations lack a structured approach for gathering and investigating employee ideas. Ideas can fall into a black hole where they don’t get feedback and employees become less engaged.

When your enterprise architecture is aligned with your business outcomes, it provides a way to help your business ideate and investigate the viability of ideas on both the technical and business level.

If the benefits of enterprise architecture would help your business, here’s how you can try erwin EA for free.

Enterprise Architecture Business Process Trial

Categories
erwin Expert Blog

Business Process Can Make or Break Data Governance

Data governance isn’t a one-off project with a defined endpoint. It’s an on-going initiative that requires active engagement from executives and business leaders.

Data governance, today, comes back to the ability to understand critical enterprise data within a business context, track its physical existence and lineage, and maximize its value while ensuring quality and security.

Free Data Modeling Best Practice Guide

Historically, little attention has focused on what can literally make or break any data governance initiative — turning it from a launchpad for competitive advantage to a recipe for disaster. Data governance success hinges on business process modeling and enterprise architecture.

To put it even more bluntly, successful data governance* must start with business process modeling and analysis.

*See: Three Steps to Successful & Sustainable Data Governance Implementation

Business Process Data Governance

Passing the Data Governance Ball

For years, data governance was the volleyball passed back and forth over the net between IT and the business, with neither side truly owning it. However, once an organization understands that IT and the business are both responsible for data, it needs to develop a comprehensive, holistic strategy for data governance that is capable of four things:

  1. Reaching every stakeholder in the process
  2. Providing a platform for understanding and governing trusted data assets
  3. Delivering the greatest benefit from data wherever it lives, while minimizing risk
  4. Helping users understand the impact of changes made to a specific data element across the enterprise.

To accomplish this, a modern data governance strategy needs to be interdisciplinary to break down traditional silos. Enterprise architecture is important because it aligns IT and the business, mapping a company’s applications and the associated technologies and data to the business functions and value streams they enable.

Ovum Market Radar: Enterprise Architecture

The business process and analysis component is vital because it defines how the business operates and ensures employees understand and are accountable for carrying out the processes for which they are responsible. Enterprises can clearly define, map and analyze workflows and build models to drive process improvement, as well as identify business practices susceptible to the greatest security, compliance or other risks and where controls are most needed to mitigate exposures.

Slow Down, Ask Questions

In a rush to implement a data governance methodology and system, organizations can forget that a system must serve a process – and be governed/controlled by one.

To choose the correct system and implement it effectively and efficiently, you must know – in every detail – all the processes it will impact. You need to ask these important questions:

  1. How will it impact them?
  2. Who needs to be involved?
  3. When do they need to be involved?

These questions are the same ones we ask in data governance. They involve impact analysis, ownership and accountability, control and traceability – all of which effectively documented and managed business processes enable.

Data sets are not important in and of themselves. Data sets become important in terms of how they are used, who uses them and what their use is – and all this information is described in the processes that generate, manipulate and use them. So unless we know what those processes are, how can any data governance implementation be complete or successful?

Processes need to be open and shared in a concise, consistent way so all parts of the organization can investigate, ask questions, and then add their feedback and information layers. In other words, processes need to be alive and central to the organization because only then will the use of data and data governance be truly effective.

A Failure to Communicate

Consider this scenario: We’ve perfectly captured our data lineage, so we know what our data sets mean, how they’re connected, and who’s responsible for them – not a simple task but a massive win for any organization. Now a breach occurs. Will any of the above information tell us why it happened? Or where? No! It will tell us what else is affected and who can manage the data layer(s), but unless we find and address the process failure that led to the breach, it is guaranteed to happen again.

By knowing where data is used – the processes that use and manage it – we can quickly, even instantly, identify where a failure occurs. Starting with data lineage (meaning our forensic analysis starts from our data governance system), we can identify the source and destination processes and the associated impacts throughout the organization.

We can know which processes need to change and how. We can anticipate the pending disruptions to our operations and, more to the point, the costs involved in mitigating and/or addressing them.

But knowing all the above requires that our processes – our essential and operational business architecture – be accurately captured and modelled. Instituting data governance without processes is like building a castle on sand.

Rethinking Business Process Modeling and Analysis

Modern organizations need a business process modeling and analysis tool with easy access to all the operational layers across the organization – from high-level business architecture all the way down to data.

Such a system should be flexible, adjustable, easy-to-use and capable of supporting multiple layers simultaneously, allowing users to start in their comfort zones and mature as they work toward their organization’s goals.

The erwin EDGE is one of the most comprehensive software platforms for managing an organization’s data governance and business process initiatives, as well as the whole data architecture. It allows natural, organic growth throughout the organization and the assimilation of data governance and business process management under the same platform provides a unique data governance experience because of its integrated, collaborative approach.

Start your free, cloud-based trial of erwin Business Process and see how some of the world’s largest enterprises have benefited from its centralized repository and integrated, role-based views.

We’d also be happy to show you our data governance software, which includes data cataloging and data literacy capabilities.

Enterprise Architecture Business Process Trial

Categories
erwin Expert Blog

Data Governance Stock Check: Using Data Governance to Take Stock of Your Data Assets

For regulatory compliance (e.g., GDPR) and to ensure peak business performance, organizations often bring consultants on board to help take stock of their data assets. This sort of data governance “stock check” is important but can be arduous without the right approach and technology. That’s where data governance comes in …

While most companies hold the lion’s share of operational data within relational databases, it also can live in many other places and various other formats. Therefore, organizations need the ability to manage any data from anywhere, what we call our “any-squared” (Any2) approach to data governance.

Any2 first requires an understanding of the ‘3Vs’ of data – volume, variety and velocity – especially in context of the data lifecycle, as well as knowing how to leverage the key  capabilities of data governance – data cataloging, data literacy, business process, enterprise architecture and data modeling – that enable data to be leveraged at different stages for optimum security, quality and value.

Following are two examples that illustrate the data governance stock check, including the Any2 approach in action, based on real consulting engagements.

Data Governance Stock Check

Data Governance “Stock Check” Case 1: The Data Broker

This client trades in information. Therefore, the organization needed to catalog the data it acquires from suppliers, ensure its quality, classify it, and then sell it to customers. The company wanted to assemble the data in a data warehouse and then provide controlled access to it.

The first step in helping this client involved taking stock of its existing data. We set up a portal so data assets could be registered via a form with basic questions, and then a central team received the registrations, reviewed and prioritized them. Entitlement attributes also were set up to identify and profile high-priority assets.

A number of best practices and technology solutions were used to establish the data required for managing the registration and classification of data feeds:

1. The underlying metadata is harvested followed by an initial quality check. Then the metadata is classified against a semantic model held in a business glossary.

2. After this classification, a second data quality check is performed based on the best-practice rules associated with the semantic model.

3. Profiled assets are loaded into a historical data store within the warehouse, with data governance tools generating its structure and data movement operations for data loading.

4. We developed a change management program to make all staff aware of the information brokerage portal and the importance of using it. It uses a catalog of data assets, all classified against a semantic model with data quality metrics to easily understand where data assets are located within the data warehouse.

5. Adopting this portal, where data is registered and classified against an ontology, enables the client’s customers to shop for data by asset or by meaning (e.g., “what data do you have on X topic?”) and then drill down through the taxonomy or across an ontology. Next, they raise a request to purchase the desired data.

This consulting engagement and technology implementation increased data accessibility and capitalization. Information is registered within a central portal through an approved workflow, and then customers shop for data either from a list of physical assets or by information content, with purchase requests also going through an approval workflow. This, among other safeguards, ensures data quality.

Benefits of Data Governance

Data Governance “Stock Check” Case 2: Tracking Rogue Data

This client has a geographically-dispersed organization that stored many of its key processes in Microsoft Excel TM spreadsheets. They were planning to move to Office 365TM and were concerned about regulatory compliance, including GDPR mandates.

Knowing that electronic documents are heavily used in key business processes and distributed across the organization, this company needed to replace risky manual processes with centralized, automated systems.

A key part of the consulting engagement was to understand what data assets were in circulation and how they were used by the organization. Then process chains could be prioritized to automate and outline specifications for the system to replace them.

This organization also adopted a central portal that allowed employees to register data assets. The associated change management program raised awareness of data governance across the organization and the importance of data registration.

For each asset, information was captured and reviewed as part of a workflow. Prioritized assets were then chosen for profiling, enabling metadata to be reverse-engineered before being classified against the business glossary.

Additionally, assets that were part of a process chain were gathered and modeled with enterprise architecture (EA) and business process (BP) modeling tools for impact analysis.

High-level requirements for new systems then could be defined again in the EA/BP tools and prioritized on a project list. For the others, decisions could be made on whether they could safely be placed in the cloud and whether macros would be required.

In this case, the adoption of purpose-built data governance solutions helped build an understanding of the data assets in play, including information about their usage and content to aid in decision-making.

This client then had a good handle of the “what” and “where” in terms of sensitive data stored in their systems. They also better understood how this sensitive data was being used and by whom, helping reduce regulatory risks like those associated with GDPR.

In both scenarios, we cataloged data assets and mapped them to a business glossary. It acts as a classification scheme to help govern data and located data, making it both more accessible and valuable. This governance framework reduces risk and protects its most valuable or sensitive data assets.

Focused on producing meaningful business outcomes, the erwin EDGE platform was pivotal in achieving these two clients’ data governance goals – including the infrastructure to undertake a data governance stock check. They used it to create an “enterprise data governance experience” not just for cataloging data and other foundational tasks, but also for a competitive “EDGE” in maximizing the value of their data while reducing data-related risks.

To learn more about the erwin EDGE data governance platform and how it aids in undertaking a data governance stock check, register for our free, 30-minute demonstration here.

Categories
erwin Expert Blog

Digital Transformation In Retail: The Retail Apocalypse

Much like the hospitality industry, digital transformation in retail has been a huge driver of change.

One important fact is getting lost among all of the talk of “the retail apocalypse” and myriad stories about increasingly empty shopping malls: there’s a lot of money to be made in retail. In fact, the retail market was expected to grow by more than 3 percent in 2018, unemployment is low, and wages are at least stable.

In short, there’s money to be spent. Now, where are shoppers spending it?

Coming into 2019, consumers are in control when it comes to retail. Choices are abundant. According to Deloitte’s 2018 Retail, Wholesale and Distribution Industry Trends Outlook, “consumers have been conditioned to expect fast, convenient and effortless consumption.”

This is arguably the result of the degree of digital transformation in retail that we’ve seen in recent years.

If you want to survive in retail today, you need to make it easy on your customers. That means meeting their needs across channels, fulfilling orders quickly and accurately, offering competitive prices, and not sacrificing quality in the process.

Even in a world where Amazon has changed the retail game, Walmart just announced that it had its best holiday season in years. According to a recent Fortune article, “Walmart’s e-commerce sales rose 43 percent during the quarter, belying another myth: e-commerce and store sales are in competition with each other.”

Retail has always been a very fickle industry, with the right product mix and the right appeal to the right customers being crucial to success. But digital transformation in retail has seen the map change. You’re no longer competing with the store across the street; you’re competing with the store across the globe.

Digital Transformation In Retail

Retailers are putting every aspect of their businesses under scrutiny to help them remain relevant. Four areas in particular are getting a great deal of attention:

Customer experience: In today’s need-it-fast, need-it-now, need-it-right world, customers expect the ability to make purchases where they are, not where you are. That means via the Web, mobile devices or in a store. And all of the information about those orders needs to be tied together, so that if there is a problem, it can be resolved quickly via any channel.

Competitive differentiation: Appealing to retail customers used to mean appealing to all of your customers as one group or like-minded block. But customers are individuals, and today they can be targeted with personalized messaging and products that are likely to appeal to them, not to everyone.

Supply chain: Having the right products in the right place at the right time is part of the supply chain strategy. But moving them efficiently and cost effectively from any number of suppliers to warehouses and stores can make or break margins.

Partnerships: Among the smaller players in the retail space, partnerships with industry giants like Amazon can help reach a global audience that simply isn’t otherwise available and also reduce complexity. Larger players also recognize that partnerships can be mutually beneficial in the retail space.

Enabling each of these strategies is data – and lots of it. Data is the key to recognizing customers, personalizing experiences, making helpful recommendations, ensuring items are in stock, tracking deliveries and more. At its core, this is what digital transformation in retail seeks to achieve.

Digital Transformation in Retail – What’s the Risk?

But if data is the great enabler in retail, it’s also a huge risk – risk that the data is wrong, that it is old, and that it ends up in the hands of some person or entity that isn’t supposed to have it.

Danny Sandwell, director of product marketing for erwin, Inc., says retailers need to achieve a level of what he calls “data intelligence.” A little like business intelligence, Sandwell uses the term to mean that when someone in retail uses data to make a decision or power an experience or send a recommendation, they have the ability to find out anything they need about that data, including its source, age, who can access it, which applications use it, and more.

Given all of the data that flows into the modern retailer, this level of data intelligence requires a holistic, mature and well-planned data governance strategy. Data governance doesn’t just sit in the data warehouse, it’s woven into business processes and enterprise architecture to provide data visibility for fast, accurate decision-making, help keep data secure, identify problems early, and alert users to things that are working.

How important is clean, accurate, timely data in retail? Apply it to the four areas discussed above:

Customer experience:  If your data shows a lot of abandoned carts from mobile app users, then that’s an area to investigate, and good data will identify it.

Competitive differentiation: Are personalized offers increasing sales and creating customer loyalty? This is an important data point for marketing strategy.

Supply chain: Can a problem with quality be related to items shipping from a certain warehouse? Data will zero in on the location of the problem.

Partnerships: Are your partnerships helping grow other parts of your business and creating new customers? Or are your existing customers using partners in place of visiting your store? Data can tell you.

Try drawing these conclusions without data. You can’t. And even worse, try drawing them with inaccurate data and see what happens when a partnership that was creating customers is ended or mobile app purchases plummet after an ill-advised change to the experience.

If you want to focus on margins in retail, don’t forget this one: there is no margin for error.

Over the next few weeks, we’ll be looking closely at digital transformation examples in other sectors, including hospitality and government. Subscribe to to stay in the loop.

Data Management and Data Governance: Solving the Enterprise Data Dilemma

Categories
erwin Expert Blog

Digital Transformation Examples: How Data Is Transforming the Hospitality Industry

The rate at which organizations have adopted data-driven strategies means there are a wealth of digital transformation examples for organizations to draw from.

By now, you probably recognize this recurring pattern in the discussions about digital transformation:

  • An industry set in its ways slowly moves toward using information technology to create efficiencies, automate processes or help identify new customer or product opportunities.
  • All is going fine until a new kid on the block, born in the age of IT and the internet, quickly starts to create buzz and redefine what customers expect from the industry.
  • To keep pace, the industry stalwarts rush into catch-up mode but make inevitably mistakes. ROI doesn’t meet expectations, the customer experience isn’t quite right, and data gets exposed or mishandled.

There’s one industry we’re all familiar with that welcomes billions of global customers every year; that’s in the midst of a strong economic run; is dealing with high-profile disruptors; and suffered a very public data breach to one of its storied brands in 2018 that raised eyebrows around the world.

Welcome to the hospitality industry.

The hotel and hospitality industry was expected to see 5 to 6 percent growth in 2018, part of an impressive run of performance fueled by steady demand, improved midmarket offerings, and a new supply of travelers from developing regions.

All this despite challenges from upstarts like AirB2B, HomeAway and Couchsurfing plus a data breach at Marriott/Starwood that exposed the data of 500 million customers.

Digital Transformation Examples: Data & the Hospitality Industry

Online start-ups such as Airbnb, HomeAway and Couchsurfing are some of the most clear cut digital transformation examples in the hospitality industry.

Digital Transformation Examples: Hospitality – Data, Data Everywhere

As with other industries, digital transformation examples in the hospitality industry are abundant – and in turn, those businesses are awash in data with sources that include:

  • Data generated by reservations and payments
  • The data hotels collect to drive their loyalty programs
  • Data used to enhance the customer experience
  • Data shared as part of the billions of handoffs between hotel chains and the various booking sites and agencies that travelers use to plan trips

But all of this data, which now permeates the industry, is relatively new.

“IT wasn’t always a massive priority for [the hospitality industry],” says Danny Sandwell, director of product marketing for erwin, Inc. “So now there’s a lot of data, but these organizations often have a weak backend.

The combination of data and analytics carries a great deal of potential for companies in the hospitality industry. Today’s demanding customers want experiences, not just a bed to sleep in; they want to do business with brands that understand their likes and dislikes; and that send offers relevant to their interests and desired destinations.

All of this is possible when a business collects and analyzes data on the scale that many hotel brands do. However, all of this can fail loudly if there is a problem with that data.

Getting a return on their investments in analytics and marketing technology requires hospitality companies to thoroughly understand the source of their data, the quality of the data, and the relevance of the data. This is where data governance comes into play.

When hospitality businesses are confident in their data, they can use it a number of ways, including:

  • Customer Experience: Quality data can be used to power a best-in-class experience for hotels in a number of areas, including the Web experience, mobile experience, and the in-person guest experience. This is similar to the multi-channel strategy of retailers hoping to deliver memorable and helpful experiences based on what they know about customers, including the ability to make predictions and deliver cross-sell and up-sell opportunities. 
  • Mergers and Acquisitions: Hospitality industry disruptors have some industry players thinking about boosting their businesses via mergers and acquisitions. Good data can identify the best targets and help discover the regions or price points where M&A makes the most sense and will deliver the most value. Accurate data can also help pinpoint the true cost of M&A activity.
  • Security: Marriott’s data breach, which actually began as a breach at Starwood before Marriott acquired it, highlights the importance of data security in the hospitality industry. Strong data governance can help prevent breaches, as well as help control breaches so organizations more quickly identify the scope and action behind a breach, an important part of limiting damage.
  • Partnerships: The hospitality industry is increasingly connected, not just because of booking sites working with dozens of hotel brands but also because of tour operators turning a hotel stay into an experience and transportation companies arranging travel for guests. Providing a room is no longer enough.

Data governance is not an application or a tool. It is a strategy. When it is done correctly and it is deployed in a holistic manner, data governance becomes woven into an organization’s business processes and enterprise architecture.

It then improves the organization’s ability to understand where its data is, where it came from, its value, its quality, and how the data is accessed and used by people and applications.

It’s this level of data maturity that provides comfort to employees – from IT staff to the front desk and everyone in between – that the data they are working with is accurate and helping them better perform their jobs and improve the way they serve customers.

Over the next few weeks, we’ll be looking closely at digital transformation examples in other sectors, including retail and government. Subscribe to to stay in the loop.

GDPR White Paper

Categories
erwin Expert Blog

Massive Marriott Data Breach: Data Governance for Data Security

Organizations have been served yet another reminder of the value of data governance for data security.

Hotel and hospitality powerhouse Marriott recently revealed a massive data breach that led to the theft of personal data for an astonishing 500 million customers of its Starwood hotels. This is the second largest data breach in recent history, surpassed only by Yahoo’s breach of 3 billion accounts in 2013 for which it has agreed to pay a $50 million settlement to more than 200 million customers.

Now that Marriott has taken a major hit to its corporate reputation, it has two moves:

  1. Respond: Marriott’s response to its data breach so far has not received glowing reviews. But beyond how it communicates to effected customers, the company must examine how the breach occurred in the first place. This means understanding the context of its data – what assets exist and where, the relationship between them and enterprise systems and processes, and how and by what parties the data is used – to determine the specific vulnerability.
  2. Fix it: Marriott must fix the problem, and quickly, to ensure it doesn’t happen again. This step involves a lot of analysis. A data governance solution would make it a lot less painful by providing visibility into the full data landscape – linkages, processes, people and so on. Then more context-sensitive data security architectures can put in place to for corporate and consumer data privacy.

The GDPR Factor

It’s been six months since the General Data Protection Regulation (GDPR) took effect. While fines for noncompliance have been minimal to date, we anticipate them to dramatically increase in the coming year. Marriott’s bad situation could potentially worsen in this regard, without holistic data governance in place to identify whose and what data was taken.

Data management and data governance, together, play a vital role in compliance, including GDPR. It’s easier to protect sensitive data when you know what it is, where it’s stored and how it needs to be governed.

FREE GUIDE: THE REGULATORY RATIONALE FOR INTEGRATING DATA MANAGEMENT & DATA GOVERNANCE 

Truly understanding an organization’s data, including the data’s value and quality, requires a harmonized approach embedded in business processes and enterprise architecture. Such an integrated enterprise data governance experience helps organizations understand what data they have, where it is, where it came from, its value, its quality and how it’s used and accessed by people and applications.

Data Governance for Data Security

Data Governance for Data Security: Lessons Learned

Other companies should learn (like pronto) that they need to be prepared. At this point it’s not if, but when, a data breach will rear its ugly head. Preparation is your best bet for avoiding the entire fiasco – from the painstaking process of identifying what happened and why to notifying customers their data and trust in your organization have been compromised.

A well-formed security architecture that is driven by and aligned by data intelligence is your best defense. However, if there is nefarious intent, a hacker will find a way. So being prepared means you can minimize your risk exposure and the damage to your reputation.

Multiple components must be considered to effectively support a data governance, security and privacy trinity. They are:

  1. Data models
  2. Enterprise architecture
  3. Business process models

What’s key to remember is that these components act as links in the data governance chain by making it possible to understand what data serves the organization, its connection to the enterprise architecture, and all the business processes it touches.

THE EXPERT GUIDE TO DATA GOVERNANCE, SECURITY AND PRIVACY

Creating policies for data handling and accountability and driving culture change so people understand how to properly work with data are two important components of a data governance initiative, as is the technology for proactively managing data assets.

Without the ability to harvest metadata schemas and business terms; analyze data attributes and relationships; impose structure on definitions; and view all data in one place according to each user’s role within the enterprise, businesses will be hard pressed to stay in step with governance standards and best practices around security and privacy.

As a consequence, the private information held within organizations will continue to be at risk. Organizations suffering data breaches will be deprived of the benefits they had hoped to realize from the money spent on security technologies and the time invested in developing data privacy classifications. They also may face heavy fines and other financial, not to mention PR, penalties.

Less Pain, More Gain

Most organizations don’t have enough time or money for data management using manual processes. And outsourcing is also expensive, with inevitable delays because these vendors are dependent on manual processes too. Furthermore, manual processes require manual analysis and auditing, which is always more expensive and time consuming.

So the more processes an organization can automate, the less risk of human error, which is actually the primary cause of most data breaches. And automated processes are much easier to analyze and audit because everything is captured, versioned and available for review in a log somewhere. You can read more about automation in our 10 Reasons to Automate Data Mapping and Data Preparation.

And to learn more about how data governance underpins data security and privacy, click here.

Automate Data Mapping

Categories
erwin Expert Blog

Financial Services Data Governance: Helping Value ‘the New Currency’

For organizations operating in financial services data governance is becoming increasingly more important. When financial services industry board members and executives gathered for EY’s Financial Services Leadership Summit in early 2018, data was a major topic of conversation.

Attendees referred to data as “the new oil” and “the new currency,” and with good reason. Financial services organizations, including banks, brokerages, insurance companies, asset management firms and more, collect and store massive amounts of data.

But data is only part of the bigger picture in financial services today. Many institutions are investing heavily in IT to help transform their businesses to serve customers and partners who are quickly adopting new technologies. For example, Gartner research expects the global banking industry will spend $519 billion on IT in 2018.

The combination of more data and technology and fewer in-person experiences puts a premium on trust and customer loyalty. Trust has long been at the heart of the financial services industry. It’s why bank buildings in a bygone era were often erected as imposing stone structures that signified strength at a time before deposit insurance, when poor management or even a bank robbery could have devastating effects on a local economy.

Trust is still vital to the health of financial institutions, except today’s worst-case scenario often involves faceless hackers pillaging sensitive data to use or re-sell on the dark web. That’s why governing all of the industry’s data, and managing the risks that comes with collecting and storing such vast amounts of information, is increasingly a board-level issue.

The boards of modern financial services institutions understand three important aspects of data:

  1. Data has a tremendous amount of value to the institution in terms of helping identify the wants and needs of customers.
  2. Data is central to security and compliance, and there are potentially severe consequences for organizations that run afoul of either.
  3. Data is central to the transformation underway at many financial institutions as they work to meet the needs of the modern customer and improve their own efficiencies.

Data Management and Data Governance: Solving the Enterprise Data Dilemma

Data governance helps organizations in financial services understand their data. It’s essential to protecting that data and to helping comply with the many government and industry regulations in the industry. But financial services data governance – all data governance in fact – is about more than security and compliance; it’s about understanding the value and quality of data.

When done right and deployed in a holistic manner that’s woven into the business processes and enterprise architecture, data governance helps financial services organizations better understand where their data is, where it came from, its value, its quality, and how the data is accessed and used by people and applications.

Financial Services Data Governance: It’s Complicated

Financial services data governance is getting increasingly complicated for a number of reasons.

Mergers & Acquisitions

Deloitte’s 2018 Banking and Securities M&A Outlook described 2017 as “stuck in neutral,” but there is reason to believe the market picks up steam in 2018 and beyond, especially when it comes to financial technology (or fintech) firms. Bringing in new sets of data, new applications and new processes through mergers and acquisitions creates a great deal of complexity.

The integrations can be difficult, and there is an increased likelihood of data sprawl and data silos. Data governance not only helps organizations better understand the data, but it also helps make sense of the application portfolios of merging institutions to discover gaps and redundancies.

Regulatory Environment

There is a lengthy list of regulations and governing bodies that oversee the financial services industry, covering everything from cybersecurity to fraud protection to payment processing, all in an effort to minimize risk and protect customers.

The holistic view of data that results from a strong data governance initiative is becoming essential to regulatory compliance. According to a 2017 survey by erwin, Inc. and UBM, 60 percent of organizations said compliance drives their data governance initiatives.

More Partnerships and Networks

According to research by IBM, 45 percent of bankers say partnerships and alliances help improve their agility and competitiveness. Like consumers, today’s financial institutions are more connected than ever before, and it’s no longer couriers and cash that are being transferred in these partnerships; it’s data.

Understanding the value, quality and risk of the data shared in these alliances is essential – not only to be a good partner and derive a business benefit from the relationship, but also to evaluate whether or not an alliance or partnership makes good business sense.

Financial Services Data Governance

More Sources of Data, More Touch Points

Financial services institutions are at the forefront of the multi-channel customer experience and have been for years. People do business with institutions by phone, in person, via the Web, and using mobile devices.

All of these touch points generate data, and it is essential that organizations can tie them all together to understand their customers. This information is not only important to customer service, but also to finding opportunities to grow relationships with customers by identifying where it makes sense to upsell and cross-sell products and services.

Grow the Business, Manage the Risk

In the end, financial services organizations need to understand the ways their data can help grow the business and manage risk. Data governance plays an important role in both.

Financial services data governance can better enable:

  • The personalized, self-service, applications customers want
  • The machine learning solutions that automate decision-making and create more efficient business processes
  • Faster and more accurate identification of cross-sell and upsell opportunities
  • Better decision-making about the application portfolio, M&A targets, M&A success and more

If you’re interested in financial services data governance, or evaluating new data governance technologies for another industry, you can schedule a demo of erwin’s data mapping and data governance solutions.

Data Mapping Demo CTA

And you also might want to download our latest e-book, Solving the Enterprise Data Dilemma.

Michael Pastore is the Director, Content Services at QuinStreet B2B Tech.

Categories
erwin Expert Blog Data Governance Data Intelligence

Demystifying Data Lineage: Tracking Your Data’s DNA

Getting the most out of your data requires getting a handle on data lineage. That’s knowing what data you have, where it is, and where it came from – plus understanding its quality and value to the organization.

But you can’t understand your data in a business context much less track data lineage, its physical existence and maximize its security, quality and value if it’s scattered across different silos in numerous applications.

Data lineage provides a way of tracking data from its origin to destination across its lifespan and all the processes it’s involved in. It also plays a vital role in data governance. Beyond the simple ability to know where the data came from and whether or not it can be trusted, there’s an element of statutory reporting and compliance that often requires a knowledge of how that same data (known or unknown, governed or not) has changed over time.

A platform that provides insights like data lineage, impact analysis, full-history capture, and other data management features serves as a central hub from which everything can be learned and discovered about the data – whether a data lake, a data vault or a traditional data warehouse.

In a traditional data management organization, Excel spreadsheets are used to manage the incoming data design, what’s known as the “pre-ETL” mapping documentation, but this does not provide any sort of visibility or auditability. In fact, each unit of work represented in these ‘mapping documents’ becomes an independent variable in the overall system development lifecycle, and therefore nearly impossible to learn from much less standardize.

The key to accuracy and integrity in any exercise is to eliminate the opportunity for human error – which does not mean eliminating humans from the process but incorporating the right tools to reduce the likelihood of error as the human beings apply their thought processes to the work.

Data Lineage

Data Lineage: A Crucial First Step for Data Governance

Knowing what data you have and where it lives and where it came from is complicated. The lack of visibility and control around “data at rest” combined with “data in motion,” as well as difficulties with legacy architectures, means organizations spend more time finding the data they need rather than using it to produce meaningful business outcomes.

Organizations need to create and sustain an enterprise-wide view of and easy access to underlying metadata, but that’s a tall order with numerous data types and data sources that were never designed to work together and data infrastructures that have been cobbled together over time with disparate technologies, poor documentation and little thought for downstream integration. So the applications and initiatives that depend on a solid data infrastructure may be compromised, resulting in faulty analyses.

These issues can be addressed with a strong data management strategy underpinned by technology that enables the data quality the business requires, which encompasses data cataloging (integration of data sets from various sources), mapping, versioning, business rules and glossaries maintenance and metadata management (associations and lineage).

An automated, metadata-driven framework for cataloging data assets and their flows across the business provides an efficient, agile and dynamic way to generate data lineage from operational source systems (databases, data models, file-based systems, unstructured files and more) across the information management architecture; construct business glossaries; assess what data aligns with specific business rules and policies; and inform how that data is transformed, integrated and federated throughout business processes – complete with full documentation.

Centralized design, immediate lineage and impact analysis, and change-activity logging means you will always have answers readily available, or just a few clicks away. Subsets of data can be identified and generated via predefined templates, generic designs generated from standard mapping documents, and pushed via ETL process for faster processing via automation templates.

With automation, data quality is systemically assured and the data pipeline is seamlessly governed and operationalized to the benefit of all stakeholders. Without such automation, business transformation will be stymied. Companies, especially large ones with thousands of systems, files and processes, will be particularly challenged by a manual approach. And outsourcing these data management efforts to professional services firms only increases costs and schedule delays.

With erwin Mapping Manager, organizations can automate enterprise data mapping and code generation for faster time-to-value and greater accuracy when it comes to data movement projects, as well as synchronize “data in motion” with data management and governance efforts.

Map data elements to their sources within a single repository to determine data lineage, deploy data warehouses and other Big Data solutions, and harmonize data integration across platforms. The web-based solution reduces the need for specialized, technical resources with knowledge of ETL and database procedural code, while making it easy for business analysts, data architects, ETL developers, testers and project managers to collaborate for faster decision-making.

Data Lineage