Data Governance
Image: magele-picture/Adobe Stock

Vendors as varied as Google Cloud and Oracle all hope to sell you data governance, but it turns out data governance isn’t something you can buy. Sure, there are products that aim to help enterprises check for and secure sensitive data stored in databases and elsewhere, but data governance is more a matter of people and processes than technology and tooling.

Many enterprises try to buy their way into data governance success, which is one reason a Gartner survey found that 90% of data governance projects fail. For those organizations that figure out the people-side of data governance, significant benefits await.

Data governance sets clear standards for data processing while improving the quality and consistency of data within your company. This guide will help you understand what makes for good data governance.

Jump to:

What is data governance?

Data governance dictates how an organization manages its data throughout the data’s lifecycle, from acquisition to disposal, as well as the different modes of usage in between. Though data governance involves tooling, it’s much more than that: It also involves the processes people must follow to ensure the security, availability and integrity of data.

SEE: Hiring Kit: Database engineer (TechRepublic Premium)

This people-centric approach is also an indication of what data governance is not. Traditionally, data governance was a highly centralized function that was more focused on controlling data than enabling innovation. No more.

Due to “varying levels of uncertainty in today’s world,” argued Saul Judah, VP Analyst at Gartner, data governance needs to embrace “speed and agility,” which has rendered “traditional approaches to data governance… obsolete.”

As such, modern data governance tends to be driven by principles that link data to a business case and flexibly respond according to business needs.

Why data governance matters

While data governance was traditionally a way to guard and secure a company’s data assets, thereby contributing to compliance objectives, this is arguably the least compelling purpose for data governance today. It’s not that security isn’t important; rather, it’s a question of how to increase the value of data, particularly with companies becoming increasingly dependent on data to drive machine learning and other new initiatives.

SEE: Artificial Intelligence Ethics Policy (TechRepublic Premium)

The higher the confidence in the availability and consistency of an organization’s data, the more that organization can put its data to use in innovation.

Why is data governance important for all businesses?

The benefits of improved data governance aren’t exclusive to Silicon Valley upstarts using data to unseat legacy incumbents. Given the rising importance of data to every business, the benefits of strong data governance extend to all companies that want to remain competitive in their respective industries.

While not every company will have stringent data privacy needs, nearly all organizations benefit from improved data quality, lower data management costs and more predictable access to data throughout an organization.

Who is responsible for data governance?

For organizations that make effective use of data governance, there’s no one person responsible for data governance policies and processes. Rather, the responsibility falls primarily on a few key roles:

Steering committees or data governance program teams

This committee often includes senior management who set the overall goals and guidance for an organization’s data governance strategy.

Data owners

As the name implies, these individuals take responsibility for data in a given domain to ensure responsible use across lines of business. This function will often sit within IT and take care of the necessary infrastructure to safeguard data under their ownership.

Data stewards

Data stewards are subject matter experts who take responsibility for the routine management of data. These stewards are on the front line for preserving data quality. They report to data owners on the ongoing use of data, especially on big projects and company initiatives.

Every employee

There are different permutations for each of these roles, but it’s important to point out that data governance tends to fail when it’s perceived as “someone else’s job.” The most successful organizations make data governance an integral part of all employees’ roles.

Data governance models

Traditionally, enterprises have favored top-down data governance models. Unfortunately, these models have largely failed. Gartner has found that, through 2025, 80% of organizations will fail to scale digital business because they persist in outmoded data governance approaches.

In addition to a top-down approach, there is also a bottom-up approach for data governance that businesses are increasingly adopting. The Data Governance Institute explains the bottom-up approach to data governance as “center-out,” driven by experts within the organization, and “silo-in,” where different business units or groups join together in a data stewardship council to determine how to collaborate on data governance.

Selecting data governance models for your business

As tempting as it might be to pick a model and impose it on an organization, the reality is that most organizations need an adaptive, hybrid approach that fits their culture and existing people and processes. Selecting a data governance model involves balancing four key steps, according to Gartner’s Laurence Goasduff:

  1. Define a clear set of adaptive data governance principles: This involves deciding which principles can and should align with an organization’s existing culture.
  2. Establish accountability decision rights across organizational areas: It’s important to create clear responsibilities for each team and role and how they factor into the organization’s larger data governance objectives.
  3. Apply the right adaptive governance style to your business scenario: Adapting a governance model to your business ensures the right tools, procedures and supervisory expectations are in place for business goals.
  4. Sustain adaptive governance by basing your governance operating model on it: At an operative level, data governance focuses on applying change management principles and tactics to all data-driven work so operations align with data governance expectations.

By making data governance fit an organization rather than trying to force the organization to fit data governance, businesses will maximize their chances of success and minimize the chance of individuals or business units opting out of the burdens imposed by an overly authoritarian approach.

Disclosure: I work for MongoDB but the views expressed herein are mine.

Top 3 GRC Solutions

1 RSA

Visit website

RSA Archer removes silos from the risk management process so that all efforts are streamlined and the information is accurate, consolidated, and comprehensive. The platform’s configurability enables users to quickly make changes with no coding or database development required. Archer was named a Leader in Gartner’s 2020 Magic Quadrant for IT risk management and IT vendor risk management tools. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave.

Learn more about RSA

2 StandardFusion

Visit website

StandardFusion is a cloud-based GRC platform designed for information security teams at any sized organization, large or small, to easily manage risk, compliance, audits, & vendors with an intuitive user experience and top-ranked customer service. Our mission is to make GRC simple and approachable for any sized company.

Learn more about StandardFusion

3 ThreatInsight

Visit website

ThreatInsight: This security monitoring assessment tool collects logs and gives you insight into your organization’s threats. MSPs use it as a sales tool to demonstrate the value of SIEM & SOC and help them decide which security monitoring solution is right for them. With ThreatInsight MSPs can onboard all their clients and their devices unto Vijilan’s SIEM for $99/month. Spots available while seats last.

Learn more about ThreatInsight