freshidea - Fotolia


Five steps to establishing a big data governance policy

Modern companies generate and store an unprecedented amount of big data, but an information governance policy can help businesses stay compliant and reap the benefits of their digital assets.

As data volumes increase exponentially, the speed at which they are created is also accelerating. The amount of data in the digital universe is astounding, with "geobytes" and "brontobytes" replacing terabytes as common data storage measurements. At the same time, governments are authoring complex new rules against which data must be governed to achieve compliance. The SEC's new Regulation SCI is more than 700 pages. Industrial groups continue to write mandatory new rules or update long-existing ones like PCI-DSS. This combination makes big data governance very difficult for organizations, but here are five strategies to help get started.

Set digital governance goals

First, organizations must define information governance and its objectives differently. Information governance policy means nothing to corporate leadership unless it contributes to creating new wealth. After all, that is why companies exist. To succeed, information governance builds and enforces rules for digital information in order to create wealth. That new wealth is created by targeting two enormous baskets of hidden expenditures: the costs of finding data in everyday business and the costs of validating that data as factually accurate.

All of the rules, whether found in official regulations, industry rulebooks or commercial agreements, exist to achieve one objective: creating data that can be relied upon as the truth. When you connect the dots and show how big data governance policy reduces costs, creates greater net revenues and achieves compliance, executive level support is more easily achieved.

Bake digital governance in from the beginning

Second, information governance must be included in the front end of any design process within the business. Ensuring privacy by design has become a popular best practice, but that only embraces one data classification: personally identifiable information. The same principles should apply to all business processes, whether renovating existing governance strategies or designing something entirely new. In the 21st century, every process generates new data that must be governed. Establishing good big data governance rules in the very beginning creates enormous savings in later cycles because no one has to ask, "What do we do with all of this new data?"

Another, perhaps more meaningful, benefit when moving information into the front end of design is that intense focus is given to how new data will be used toward creating new wealth. Much of the new volumes of data are generated as very granular, observational data that doesn't require governance, including keystroke monitoring, voice call recordings, application transactions and execution log data. But when we ask how that data improves corporate performance, there can be entirely different design outcomes.

Measure big data governance performance

Third, create the metrics that measure digital governance performance. Big data governance requires more than merely having policies and procedures in place and expecting associates and contractors to do the right thing. Enforcement of the rules must be included. That means being able to measure performance and quickly calculate when data is not conforming to the rules.

The metrics must focus on how human assets and machines perform, especially because compliance risk is very likely to occur within the design of devices and the software applications that run on them. A nonreporting node on a complex system is often a first indicator of a much larger compliance problem, but if the metrics are not being measured there is little chance to intervene early and limit potential adverse outcomes.

Enforce your rules

Fourth, invest in the resources that can, indeed, enforce your information governance rules. In the last two years, numerous major public hacks and system compromises have uncovered that metrics were in place to prevent adverse outcomes. The problem was no one was assigned the responsibility to review and respond quickly. Here is where connecting to the wealth creation objective becomes so important. Information security workers recognized long ago that the hardest part of their work is to investigate and discover the root cause of an adverse event. When that effort can be avoided, enormous cost savings are possible. But the solution has to include having someone ready to review, prioritize and investigate the metrics before the adverse event occurs.

Enforcing information governance rules does not require human resources be assigned to endless, tedious reviews of log data. Applications and services can analyze the related log data for information security purposes. The competitive secret is to leverage those applications and services already in place at most companies to serve a larger agenda that includes information governance rules. Indeed, the Venn diagram overlap between governance and information security is becoming more and more substantial. This is because effective data security achieves much of what big data governance policy is required to deliver: authentic and secure data that can be trusted as an accurate, factual record of a company's behavior.

Know your customer

Surprisingly, for nearly every business, the public sector is the consumer of the largest volumes of its electronic data. Virtually every aspect of any business is subject to regulations that require data in order for the rule of law to be administered: employment practices, manufacturing practices, accounting practices, fleet maintenance, inventory quality control and so on. But most corporate executive teams don't recognize that new public regulations are intended to better assure that the corporate information systems create and preserve factual records relevant to investigations and enforcement. In other words, each company is required to be the custodian of the data that proves the integrity of their business records.

This is a fundamental shift that has important economic implications. Historically, agencies reacted after the fact: Business records were requested following adverse events that suggested noncompliance had occurred. Companies are now being asked to allow public sector access, sometimes in real time, to ongoing performance data that serves as evidence of compliance. To make that data reliable, agencies are imposing requirements on the systems in which the data is maintained. Spending on e-discovery and lawyers to find records is disappearing rapidly, replaced by front-end information governance investments to ensure data meets public sector demands. And as in all other areas of business, the customer is always right.

These five strategies are being embraced by companies all over the world to secure competitive advantage. They are not easy to implement, but failing to do so could mean costs and expenses that ultimately reduce business value.

Next Steps

Learn how data governance rules can keep companies regulatory compliant and how mobile security tactics complicate businesses' information management processes. Then, find out if there is revenue to be found from regulating big data.

Dig Deeper on Information technology governance