We occasionally (but too often) hear about massive leaks, or data breaches, or ransomware attacks, and similar dreadful tales, and, of course, we should all be doing what we can to prevent those things from happening. But--for too many people, their data and information security experience has mainly consisted of being told their password isn't complicated enough, or that they can't have access to certain data because they haven't filled out a particular form in a particular way, or that their default position as data stewards should be to deny access to most data.
Whenever we hear these incidents used to justify aggressive lockdowns on data, we're reminded of our former colleague's constant worried refrain. It turns out that telling people they have to perform certain tedious tasks, often in a prescribed and unpleasant fashion, or some vague disaster will occur, doesn't work all that well. People have jobs to do, and they will find ways around security and procedural roadblocks if they feel those prevent them from doing their job.
With this in mind, our approach, over the years, has not generally focused on selling data governance as a way to protect, secure, or otherwise keep data "safe." We will occasionally refer to the need to comply with data protection regulations, or the desire to avoid getting sued or robbed, but in general our approach to data governance has been to emphasize how data governance, done properly and consistently, helps ensure that data is made available appropriately but widely across organizations and business units.
This challenge is often described as "finding a balance" between data access and data security, and, to be honest, we're not sure how useful that description is. If data security practices prevent users from accessing data that would be useful, then, whatever that is, it is not data security.
We want to prevent data from being misused. But it's just as important, if not more important, to ensure that data is used to our advantage. But why not do both? When it comes to protecting data, there are plenty of practical, proactive, enabling steps that you can take, and in most cases taking them will turn out to be uncontroversial.
Crying wolf has long been understood to have diminishing returns, at best. But sometimes the sky is actually falling! We met a potential customer last week whose organization really did have a ransomware attack this year. Many, many large companies admit, with surprising regularity, that some elements of their customer data have been taken without their knowledge or permission. Laws and regulations are, on occasion, enforced. So securing and protecting data is indeed part of an organization's data management and governance remit.
And it's true that some systems are not sufficiently hardened against hackers, outside attacks, or other malfeasance. But far too many data horror stories come from people not following guidelines or protocols, in many cases because people don't know they exist, they don't understand what they mean or which data they cover, or because it's too onerous to abide by the regulations.
When those regulations are built by cataloging and documenting data assets, by classifying and stewarding data artefacts, and when people throughout an organization have a full understanding of the scope, span, utility, and availability of data, then the experience is not one of somebody outside our office imposing data barriers that prevent us from getting our job done. The experience instead should be one of having access to the tools, applications, data sets, and data stewards that enable all of us and all of our colleagues to make the best use of our data resources.
Our tool, the Data Cookbook, provides easy access and entry to users to build those catalogs and store that documentation, and to explain in plain English (or whatever language your organization speaks) where to find data, how to understand it, and what the impact of use or abuse will be. It helps enable data security and protection holistically, through understanding, transparency, and collaboration.
Hope you found this blog post useful. IData has a solution, the Data Cookbook, that can aid the employees and the organization in its data governance, data intelligence, data stewardship and data quality initiatives. IData also has experts that can assist with data governance, reporting, integration and other technology services on an as needed basis. Feel free to contact us and let us know how we can assist.
(image credit: StockSnap_VG49081NDD_securitycameras_stewardeddata_BP #1263)