Understanding Data Governance
Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping for the best. On the flipside, opening the hood and checking if policies or regulations are being respected means you have to do something about it: define new policies and enforce them everywhere you have data, a months long process that involves people’s time, money, developing new skills, external experts and a lot of pain for IT.
Content Governance is about understanding the unknowns when it comes to your content and answering questions: what do we know about our content? Is it encrypted and stored at the right location? Are the right people is accessing it? Is this file subject to regulations or is it confidential and protected accordingly? What will be the business impact if it is accidentally deleted? It’s a holistic look at the sum of what is produced by your business.
The reality is that all businesses content needs to be governed. In my interactions with customers, Chief Information Officers (CIOs), Chief Data Officers (CDOs) and other peers there are several recurring themes or myths that come up, here’s a look at them and some suggestions for tackling the issues:
1. A content governance solution is long and costly to install. We need experts.
Historically this has been the case with on-premises solutions that require a lot of servers. The more data to analyze the more servers you needed. In addition, running perpetual license software meant organizations needed costly professional services experts to deploy it. By the time an organization was ready to update its content governance policies IT would usually find siloed, inconsistent and outdated systems – a patchwork solution that had been ignored.
This problem is solved with a software-as-a-service (SaaS) content governance solution. No additional hardware, no experts needed. It’s like a whole team of data scientists working for you in the cloud.
2. There is no one size fits-all solution; I need many content governance solutions to cover all my content repositories
This one is actually not a myth. To date, most solutions are very specific, working only for email or only for Microsoft SharePoint and others. These solutions do not play nice across repositories and leave IT in a bind where there are specialty solutions for each type of repository and no single source of the truth.
The fix here is to look to a solution that is open and supports a broad variety of repositories and when it does not support the one you need natively, ensure the solution has a software developer tool kit (SDK) so you or your content repository vendor can integrate with it. This type of solution removes the silo effect and creates a single source of the truth in an agnostic way allowing customization of policies and the ability to apply them across the board all at once.
3. For my cloud content the only option is to rely on the vendors native content governance solution
It’s true that the majority of data governance solutions are mainly focused on on-premises content. Also the cloud is quite new and there is no “cloud standard” for content. As a result, a lot of cloud content applications have their own governance tool. The problem is these solutions are limited (you can’t be an expert at everything) and it means for every app you need to use a different tool, limiting your visibility and control and making your content governance quality dependent on each provider.
The fix here is to abstract the content layer (where the data lives) from the governance logic (how the data is managed) so the policies can applied to any content and the implementation of these policies are translated for each repository. Such an overlay solution will have to be hybrid and unify views across repositories with a consistent level of control.
4. Most content governance solutions are biased and encourage an upsell of their own back-up, archiving or disaster recovery solutions
Historically, content governance has been an adjacent market for data storage vendors with archiving, disaster recovery or back-up solutions leaving customers wondering if the classification telling them which data was mission-critical (typically a huge amount) and had to be duplicated was not a self-fulfilling prophecy to cross-sell solutions. How can you trust a content governance recommendation when interests are not aligned?
Going back to our key of being open, the solution to busting this myth is to look for a vendor that is content repository and data storage agnostic, independent and open. This will allow you to separate the vendor from the solution, the action of the recommendation versus the recommendation. No matter what the recommendation for managing your content, the goal should be to separate the solution from the vendor and ensure the vendor you select can work agnostically across repositories.
5. If my organization deploys a content governance solution, the usability and productivity of users will be impacted
Introducing content governance means monitoring all activities around your content and making the best decision on how to protect it. Solutions designed with IT in mind often ignore usability for non-IT employees. If it takes a knowledge worker more time to look for content on a repository or to even access it there will be dissatisfaction and business productivity loss – users will be driven towards so-called ‘shadow IT’.
The key to avoiding this is to select a vendor that has collaboration expertise and understands content workflow – how information moves throughout the enterprise. The goal should be to control the content not the apps or the users.
At its core a content governance solution allows businesses to understand more about their data, create and enforce policies to govern it and use this information for business insight and decision-making. The goal is to be open, collaborative and supportive of multiple repositories while still supporting contractual and regulatory requirements. To be more productive, users will select their preferred apps regardless of attempts by IT to control them. Instead IT should focus on the content and how it is being access by these users (not the apps).
The Win-Win: users can interact across repositories in an agnostic way and IT can sleep at night.
By Isabelle Guis