Security is a bad word in some companies because the IT guys don’t get rewarded for making data accessible. They do, however, get punished for data breaches. Those who have worked for a company that has experienced a data breach have an appreciation for how much non-value-added activity can result if management overreacts.
There is a balancing act between security and convenience. You must live with a bit of inconvenience to achieve good security. Devise policies that don’t discourage people who need to access information by making it onerous to get to the data.
Security
In most companies, the email system provides the base layer of your existing security model. Most SaaS software is designed to work in concert with and in addition to existing security. Cloud platform providers and software vendors have robust security solutions. If you have a vendor that doesn’t provide protection that works for your environment, remove that vendor from consideration. The market is full of viable solutions, so there isn’t a reason to accept less than that.
A few years ago, a common refrain from the legal staff was, “We can’t do the cloud.” Thankfully, in most cases, this is no longer true. The major cloud providers provide excellent security models. Contract terms and conditions should provide the protections you require. The cloud would only be viable with good security and appropriate legal terms.
The CIA buys cloud services from Amazon. You should be able to negotiate a contract acceptable to your legal counsel.
In addition to whatever cloud platform you choose, the products that make up your data workflows should support standard web security protocols but may provide additional capabilities that further protect your data. Typically, these extra layers of security enable more nuanced control over your most detailed data for:
- Individual users
- Groups or teams
- Temporary projects
- Management hierarchy
Having a security administrator(s) to set up and maintain access rights throughout the system is best. Two-factor authentication is becoming a baseline for solid security. Thankfully, two-factor authentication is becoming easier to implement and causes less end-user friction than before.
Suppose you need more expertise on your team in this area. In that case, an experienced consulting partner will have deep knowledge of popular security protocols and best practices for implementing security in your selected platform and software.
Governance
Security is preventing unauthorized access. Governance is about making the correct data more accessible to your employees. Although I’ve discussed why data governance is essential in previous sections, I want to provide more detail on creating a practical governance framework.
One of the best ways to organize governance is to start by identifying the owners of each data workflow. These people and their teams should be the most knowledgeable about the data, how the process builds in quality assurance (or not) and who might benefit from accessing the resulting data streams. I say, should be. If leadership pays lip service to data quality, they may need to learn. Incentives may need to be refined.
Your core BI team should expend significant effort documenting data workflows, providing data dictionaries on the data fields and developing training materials about the data architecture. Aim to provide ready reference material about your data sources in understandable ways to information consumers. The good governance models address this in several ways:
- Written documentation
- Formalized training
- Help desk support
- Data quality incentives for data workflow owners
Publishing these resources in a web portal is common today. Providing full-time help desk support for analysts who need to create new reporting and analysis is rare. The more effort you put into documentation, training and support of your user base, the more value you will get out of your business intelligence system.
Data quality is a critical element for establishing the foundation for data-driven decisions. Develop objective metrics to measure data quality, then build key performance indicators (KPIs) for data quality into your management incentive plans. Rewarding data quality improvement demonstrates that senior management values data quality.
Establishing data provenance for each data source means that you identify the owner of the processes and workflows feeding your data pipeline, establish objective ways to measure data quality and reward the workflow owners for producing consistently better data quality.
Creating incentive plans prioritizing data quality establishes a feedback loop for continuous improvement. When data quality improves, the workflows and processes feeding the data pipeline get more efficient. Companies that invest time, effort and money to prioritize data governance and data quality reap better payback on their BI system investments. Data governance and provenance yield a win-win. Data quality improves, and process workflows get more accurate and efficient.
In the final post of Part III, we’ll cover the best practices for maintaining the health of your data environment.