November 11, 2015
Data governance refers to the management techniques you use to monitor the availability, usability, integrity, and security of your organization's data. In this era, that is more challenging than ever. Your company, your customers, your business partners, and even your government are depending on you to get it right. What are the steps you can take from here to solid governance?
|Business speaks one language: money. Put your data governance policy in terms the business understands, which is how it can make and save the company money.|
1. Demonstrate How Governance Can Help Meet Financial Goals
One of the reasons that businesses tend to lose sight of the importance of data governance is that businesses exist for one purpose: to generate revenue. Yet governance seems like this side issue. It looks and sounds like something extra that has nothing to offer the bottom line. So, in order for a data governance policy to be successful, you have to begin by defining how it contributes revenue and protects the business from financial loss, much like investing in an insurance plan. For example, good data governance builds customer trust, which promotes customer loyalty, which in turn generates revenue. Similarly, good data governance can save the company millions of dollars by preventing a damaging data breach.
2. Build Governance into the Front End of the IT Infrastructure
As a valuable business investment, data governance isn't something to tack onto your databases, applications, and network after the fact. Just as you build your IT infrastructure for efficiency and reliability, you also need to build it for security. Every database and software system needs to be designed from the ground up for security. Good security included parameter protection from firewalls and up-to-date antivirus software, as well as good monitoring practices.
3. Set User Access Carefully & Review it Regularly
Not all data is created equally, and not all users need equal access. A data governance policy shouldn't stop with who has access to the data, but should stipulate what data each user has access to, when, where, and how. For instance, Mike is an entry-level production worker, so he probably needs access to all but your most sensitive data during the day. But what would Mike need with mobile access? At midnight? What if Mike appeared to be accessing the database at your Chicago office from a computer in Romania? This might be Mike engaging in a little payback for passing him over for a raise, or it could be a hacker who has stolen Mike's identity and is using it to access your data. Either way, you need a means to track these activities and get it stopped before damage is done.
4. Establish the Penalties for Non-Compliance (and Enforce the Rules)
The success or failure of any data governance policy will rest in your company's ability to monitor and thwart suspicious activity by users, within applications, and on the network.
A sound governance policy should not just dictate appropriate versus inappropriate use, but it also needs to lay out exactly what is to happen if a user fails to obey the rules. As difficult as it is, the policy has to be applied across the organization, from the top down. A mid-level manager caught breaking the rules needs to get the same penalty as a rank-and-file worker or the organization's CFO. A policy with bark and no bite is as easily ignored as the motivational posters on the bathroom walls.
5. Monitor Network Performance
Once your policy is in place, you have to have a means for monitoring network performance and traffic. Establish baselines for normal activity and then use these baselines to identify nefarious behavior. Good monitoring is done at the user level, application level, and the network level. Finish off your data governance policy with a great plan for incidence response so any suspicious activity can be addressed quickly and thoroughly.
Is your organization working through things like BYOD, data governance, and other networking issues? Take advantage of the Optimizing Bandwidth whitepaper. It is your free gift from NETSCOUT.