Tag: data security

The Data Governance (R)Evolution

Post author By Mariann McDonagh
Post date September 28, 2018
No Comments on The Data Governance (R)Evolution

Data governance continues to evolve – and quickly.

Historically, Data Governance 1.0 was siloed within IT and mainly concerned with cataloging data to support search and discovery. However, it fell short in adding value because it neglected the meaning of data assets and their relationships within the wider data landscape.

Then the push for digital transformation and Big Data created the need for DG to come out of IT’s shadows – Data Governance 2.0 was ushered in with principles designed for modern, data-driven business. This approach acknowledged the demand for collaborative data governance, the tearing down of organizational silos, and spreading responsibilities across more roles.

But this past year we all witnessed a data governance awakening – or as the Wall Street Journal called it, a “global data governance reckoning.” There was tremendous data drama and resulting trauma – from Facebook to Equifax and from Yahoo to Aetna. The list goes on and on. And then, the European Union’s General Data Protection Regulation (GDPR) took effect, with many organizations scrambling to become compliant.

So where are we today?

Simply put, data governance needs to be a ubiquitous part of your company’s culture. Your stakeholders encompass both IT and business users in collaborative relationships, so that makes data governance everyone’s business.

Data governance underpins data privacy, security and compliance. Additionally, most organizations don’t use all the data they’re flooded with to reach deeper conclusions about how to grow revenue, achieve regulatory compliance, or make strategic decisions. They face a data dilemma: not knowing what data they have or where some of it is—plus integrating known data in various formats from numerous systems without a way to automate that process.

To accelerate the transformation of business-critical information into accurate and actionable insights, organizations need an automated, real-time, high-quality data pipeline. Then every stakeholder—data scientist, ETL developer, enterprise architect, business analyst, compliance officer, CDO and CEO—can fuel the desired outcomes based on reliable information.

Connecting Data Governance to Your Organization

Data Mapping & Data Governance

The automated generation of the physical embodiment of data lineage—the creation, movement and transformation of transactional and operational data for harmonization and aggregation—provides the best route for enabling stakeholders to understand their data, trust it as a well-governed asset and use it effectively. Being able to quickly document lineage for a standardized, non-technical environment brings business alignment and agility to the task of building and maintaining analytics platforms.

Data Modeling & Data Governance

Data modeling discovers and harvests data schema, and analyzes, represents and communicates data requirements. It synthesizes and standardizes data sources for clarity and consistency to back up governance requirements to use only controlled data. It benefits from the ability to automatically map integrated and cataloged data to and from models, where they can be stored in a central repository for re-use across the organization.

Business Process Modeling & Data Governance

Business process modeling reveals the workflows, business capabilities and applications that use particular data elements. That requires that these assets be appropriately governed components of an integrated data pipeline that rests on automated data lineage and business glossary creation.

Enterprise Architecture & Data Governance

Data flows and architectural diagrams within enterprise architecture benefit from the ability to automatically assess and document the current data architecture. Automatically providing and continuously maintaining business glossary ontologies and integrated data catalogs inform a key part of the governance process.

The EDGE Revolution

By bringing together enterprise architecture, business process, data mapping and data modeling, erwin’s approach to data governance enables organizations to get a handle on how they handle their data and realize its maximum value. With the broadest set of metadata connectors and automated code generation, data mapping and cataloging tools, the erwin EDGE Platform simplifies the total data management and data governance lifecycle.

This single, integrated solution makes it possible to gather business intelligence, conduct IT audits, ensure regulatory compliance and accomplish any other organizational objective by fueling an automated, high-quality and real-time data pipeline.

The erwin EDGE creates an “enterprise data governance experience” that facilitates collaboration between both IT and the business to discover, understand and unlock the value of data both at rest and in motion.

With the erwin EDGE, data management and data governance are unified and mutually supportive of business stakeholders and IT to:

Discover data: Identify and integrate metadata from various data management silos.
Harvest data: Automate the collection of metadata from various data management silos and consolidate it into a single source.
Structure data: Connect physical metadata to specific business terms and definitions and reusable design standards.
Analyze data: Understand how data relates to the business and what attributes it has.
Map data flows: Identify where to integrate data and track how it moves and transforms.
Govern data: Develop a governance model to manage standards and policies and set best practices.
Socialize data: Enable stakeholders to see data in one place and in the context of their roles.

If you’ve enjoyed this latest blog series, then you’ll want to request a copy of Solving the Enterprise Data Dilemma, our new e-book that highlights how to answer the three most important data management and data governance questions: What data do we have? Where is it? And how do we get value from it?

erwin Expert Blog

Data Governance: Your Engine for Driving Results

Post author By Mark Peco
Post date January 4, 2018
1 Comment on Data Governance: Your Engine for Driving Results

In my previous post, I described how organizational success depends on certain building blocks that work in alignment with common business objectives. These building blocks include business activities, data and analytics.

Governance is also one of the required building blocks because it provides cohesion in the standards to align people, processes, data and technology for successful and sustainable results. Although it has been somewhat of an abstract concept, data governance is foundational to helping organizations use data as a corporate asset.

Assets are acquired and used to help organizations execute their business models. Principles of asset management require that assets be cataloged, inventoried, protected and accessible to authorized people with the skills and experience to optimize them.

Assets typically generate more value if they have high levels of utilization. In the context of data, this means governed data assets will be more valuable if they strengthen existing operations and guide improvements, supported by analytics.

As organizations seek to unlock more value by implementing a wider analytics footprint across more business functions, data governance will guide their journeys.

A New Perspective on Data

Becoming a data-driven enterprise means making decisions based on empirical evidence, not a “gut feeling.” This transformation requires a clear vision, strategy and disciplined execution. The desired business opportunity must be well thought out, understood and communicated to others – from the C suite to the front lines.

Organizations that want to succeed in the digital age understand that their cultures and therefore their decision-making processes must become more proactive and collaborative. Of course, data is at the core of business performance and continuous improvement.

In this modern era of Big Data, non-traditional data sets generated externally are being blended with traditional data generated internally. As such, a key element of data-driven success involves changing the long-held perspective of data as a cost center, with few if any investments made to unlock its value to the organization.

Being data-driven, based on analytics, changes this mindset. Business leaders are indeed starting to realize that making data more accessible and useful throughout the organization contributes to the results they want to achieve – and must report to their boards.

If traditional asset management concepts are applied to data, then objectives for security, quality, cataloging, definition, confidence, authorization and accessibility can be defined and achieved. These areas then become the performance criteria of the new data asset class.

So transforming an organization’s leadership and the rest of its culture to perceive and treat data as an asset changes its classification from “cost” to “investment.” Valuable assets earn a financial return and fuel productivity. They also can be re-invested or re-purposed.

Data governance is key to this new perspective of data as an asset.

Data Governance Definition and Purpose

Data governance is important to the modern economy because it enables the transformation of data into valuable assets to improve top- and bottom-line performance. Well-governed data is accessible, useful and relevant across a range of business improvement use cases.

But in the early stages of implementing data governance, organizations tend to have trouble defining it and organizing it, including determining which tasks are involved.

At its core, data governance is a cross-functional program that develops, implements, monitors and enforces policies that improve the performance of select data assets.

Implementing data governance ensures that “asset-grade” data is available to support decision-making, based on advanced analytics. Using this rationale, potential objectives to meet the strategic intent of the organization can be defined to derive value.

Following is a list of possible objectives for a data governance program:

Improve data security
Increase data quality
Make data more accessible to more stakeholders
Increase data understanding
Raise the confidence of data consumers
Increase data literacy and determine the data-driven maturity level of the organization

Building a Data Governance Foundation

The scope and structure of a data governance program are important to determine and include responsibilities, accountabilities, decision rights and authority levels, in addition to how the program fits into the existing corporate structure in terms of virtual or physical teams.

Structural options include top-down command and control and bottom up collaborative networks. Executive accountability also should be outlined.

It’s common for a data executive, such as the chief data officer, to be identified as accountable for overall data governance results. Data owners are business leaders who manage the processes that generate critical data. They’re responsible for defining the polices that support the program’s objectives.

Data stewards report to the data owners and are responsible for translating data policies into actions assigned to data specialists. The data specialists execute projects and other workflows to ensure that the governed data conforms to the intent of the policies.

Data stewards form the backbone of a data governance initiative. They influence how data is managed by assigning tasks to the specialists. Data stewards are responsible for cataloging, defining and describing the governed data assets.

These roles may be full-time or part-time, depending on the scope of the work.

Key processes carried out by the data governance team include:

Defining and planning the program’s scope
Data quality improvement
Data security improvement
Metadata creation and management
Evaluating the suitability of new data sources
Monitoring and enforcing compliance to data policies
Researching new data sources
Training to improve data literacy of staff at all levels
Facilitating and finding new data-driven opportunities to improve the business
Leading and managing cultural change

Data governance is based on a strategy that defines how data assets should look and perform, including levels of quality, security, integration, accessibility, etc. The design and implementation of a data governance program should start with a limited scope and then gradually ramp up to support the overall business strategy. So think big, but start small.

The next post in the series explores how data governance helps implement sustainable business processes that produce measurable results over time. Click here to continue reading on.

Tags data-driven maturity, define data governance, data governance definition, non-traditional data, digital transformaition, building blocks for success, data maturity, data quality, data security, data governance, big data, data-driven

erwin Expert Blog

Digital Trust: Enterprise Architecture and the Farm Analogy

Post author By Bunny Tharpe
Post date November 9, 2017
1 Comment on Digital Trust: Enterprise Architecture and the Farm Analogy

With the General Data Protection Regulation (GDPR) taking effect soon, organizations can use it as a catalyst in developing digital trust.

Data breaches are increasing in scope and frequency, creating PR nightmares for the organizations affected. The more data breaches, the more news coverage that stays on consumers’ minds.

The Equifax breach and subsequent stock price fall was well documented and should serve as a warning to businesses and how they manage their data. Large or small, organizations have lessons to learn when it comes to building and maintaining digital trust, especially with GDPR looming ever closer.

Previously, we discussed the importance of fostering a relationship of trust between business and consumer. Here, we focus more specifically on data keepers and the public.

Digital Trust and The Farm Analogy

Any approach to mitigating the risks associated with data management needs to consider the ‘three Vs’: variety, velocity and volume.

In describing best practices for handling data, let’s imagine data as an asset on a farm. The typical farm’s wide span makes constant surveillance impossible, similar in principle to data security.

With a farm, you can’t just put a fence around the perimeter and then leave it alone. The same is true of data because you need a security approach that makes dealing with volume and variety easier.

On a farm, that means separating crops and different types of animals. For data, segregation serves to stop those without permissions from accessing sensitive information.

And as with a farm and its seeds, livestock and other assets, data doesn’t just come in to the farm. You also must manage what goes out.

A farm has several gates allowing people, animals and equipment to pass through, pending approval. With data, gates need to make sure only the intended information filters out and that it is secure when doing so. Failure to correctly manage data transfer will leave your business in breach of GDPR and liable for a hefty fine.

Furthermore, when looking at the gates in which data enters and streams out of an organization, we must also consider the third ‘V’ – velocity, the amount of data an organization’s systems can process at any given time.

Of course, the velocity of data an organization can handle is most often tied to how efficiently a business operates. Effectively dealing with high velocities of data requires faster analysis and times to market.

However, it’s arguably a matter of security too. Although not a breach, DDOS attacks are one such vulnerability associated with data velocity.

DDOS attacks are designed to put the aforementioned data gates under pressure, ramping up the amount of data that passes through them at any one time. Organizations with the infrastructure to deal with such an attack, especially one capable of scaling to demand, will suffer less preventable down time.

Enterprise Architecture and Harvesting the Farm

Making sure you can access, understand and use your data for strategic benefit – including fostering digital trust – comes down to effective data management and governance. And enterprise architecture is a great starting point because it provides a holistic view of an organization’s capabilities, applications and systems including how they all connect.

Enterprise architecture at the core of any data-driven business will serve to identify what parts of the farm need extra protections – those fences and gates mentioned earlier.

It also makes GDPR compliance and overall data governance easier, as the first step for both is knowing where all your data is.

For more data management best practices, click here. And you can subscribe to our blog posts here.

Tags volume velocity variety, DDOS, data farm, data breach, equifax breach, digital trust, data security, three vs, data governance, data management, GDPR, data-driven, enterprise architecture

erwin Expert Blog

GDPR guide: The role of the Data Protection Officer

Post author By Bunny Tharpe
Post date March 10, 2017
No Comments on GDPR guide: The role of the Data Protection Officer

Over the past few weeks we’ve been exploring aspects related to the new EU data protection law (GDPR) which will come into effect in 2018.

Tags sensitive data, data security, data governance, DPO, data management, data protection officer, GDPR, enterprise architecture, data modeling, EU data protection law, data breaches, EU data laws

erwin Expert Blog

GDPR guide: Do you know about the change?

Post author By Bunny Tharpe
Post date February 8, 2017
No Comments on GDPR guide: Do you know about the change?

The countdown has begun to one of the biggest changes in data protection, but how much do you know about GDPR? In a series of articles throughout February we will explain the essential information you need to know and what you need to be doing now.

What is GDPR?

It stands for General Data Protection Regulation and it’s an EU legal framework which will apply to UK businesses from 25 May 2018. It’s a new set of legal requirements regarding data protection which adds new levels of accountability for companies, new requirements for documenting decisions and a new range of penalties if you don’t comply.

It’s designed to enable individuals to have better control of their own personal data.

While the law was ratified in 2016, countries have had a two-year implementation period which means businesses must be compliant by 2018.

Key points of GDPR

The changes to data protection will be substantial as will be the penalties for failure to comply. It introduces concepts such as the right to be forgotten and formalises data breach notifications.

GDPR will ensure a regularity across all EU countries which means that individuals can expect to be treated the same in every country across Europe.

How to comply

For processing personal data to be legal under GDPR businesses need to show that there is a legal basis as to why they require personal data and they need to document this reasoning.

GDPR states that personal data is any information that can be used to identify an individual. This means that, for the first time, it includes information such as genetic, mental, cultural, economic or social information.

To ensure valid consent is being given, businesses need to ensure simple language is used when asking for consent to collect personal data. Individuals must also have a clear understanding as to how the data will be used.

Furthermore, it is mandatory under the GDPR for businesses to employ a Data Protection Officer. This applies to public authorities and other companies where their core activities require “regular and systematic monitoring of data subjects on a large scale” or consist of “processing on a large scale of special categories of data”.

Data Protection Officers will also be required to complete Privacy Impact Assessment and give notification of a data breach within 72 hours.

The impact of Brexit

At this stage it is unknown how the UK exiting the European Union will affect GDPR. However, with Article 50 yet to be triggered – the exit from the European Union is still over two years away and as such the UK will still be part of the EU in 2018. This means that businesses must comply with GDPR when it comes into force.

Penalties for non-compliance

Penalties for failing to meet the requirements of GDPR could lead to fines of up to €20 million or 4% of the global annual turnover of the company for the previous year, whichever is higher. This high level of financial penalty could mean could have a serious impact on the future of a business.

Over the coming month, we will continue this series looking at how to get started preparing for GDPR now, why you need a Data Protection Officer and how GDPR will affect your international business.

Tags sensitive data, privacy impact assessment, right to be forgotten, data security, eu data law change, eu data law, data governance, data management, General Data Protection Regulation, data protection officer, Data protection, GDPR