We're hearing about data breaches at a much higher frequency than we would like to. And despite well-publicised root cause analyses, organisations fail to put measures in place and perceive data governance as an optional responsibility. Organisations that have cracked their approach to data governance, understand that their data governance (DG) policies are their aces in the game. This blog reveals why organisations should place a premium on data governance and secure the data stables.
Data that is loved tends to survive.
Kurt Bollacker, computer scientist and researcher
Despite the importance given to data governance and security in most organizations, one is not really surprised to hear about “yet another data breach” involving hundreds of millions of users’ data. In many cases, it is a question of raising the alarm or admitting to the intrusion after the fact, organizations locking the stables long after the horse has bolted.
Securing the Data Stables
Despite the importance given to data governance and security in most organizations, one is not really surprised to hear about “yet another data breach” involving hundreds of millions of users’ data. In many cases, it is a question of raising the alarm or admitting to the intrusion after the fact, organizations locking the stables long after the horse has bolted.
That these incidents continue to occur even when there are white papers and well-publicised root cause analyses is a sad commentary on how data governance continues to be perceived as an optional responsibility. With machine learning and mobile technology adding trillions of data points every second, the advantages on the field will shift to whoever has better data. Better… in terms of quantity, quality and exclusivity. To borrow from Bollacker’s quote, organizations that love their data obsessively, possessively, are the ones most likely to survive to fight another day.
Where’s the dislike button, Mark?
Look at what Facebook has been in the news for recently. Apparently, employees were allowed to store passwords in a readable format and they did so. As a result, as many as 600 million users could have been affected, with profiles, connections, personal details and other information potentially up for grabs. Aren’t we inured to such concerns these days, thanks to years and years of experts warning us about it and companies denying that anything could happen to them? “Oh, no,” they kept telling us, “We have controls in place.”
Imagine if this had been a bank instead. Or a payment gateway such as the Heartland payment systems — where the company had to pay a huge price because of the lack of data security measures and data governance controls.
Heartland payment systems breach case
Between March 2008 and January 2009, over 120 million credit cards were compromised by a security breach at Heartland Payment Systems. The company’s protocols hadn’t considered the eventuality of an SQL injection attack on their data systems. Heartland ended up paying for this oversight with hundreds of millions of dollars as compensation and lost a few hundred million dollars more when the regulators banned them from handling transactions for six months.
There are plenty of horror stories when it comes to data breaches, and they seem to be getting bigger and bigger with each passing month.
Which stands to reason, though, if you think about it. We are now far more dependent on the internet and information technology than we have been at any point before in our history. Almost every asset we have, from knowledge to real estate, has a digital presence. We store our identities online. We transact online for all major purchases. Many of us can’t even remember our family members’ phone numbers because we depend on our smartphones to remember for us.
As a result, organizations ask for and get access to a lot more information about us than we would have been comfortable sharing a decade ago. But with big data comes big responsibility, and that’s where organizations struggle to understand the value of a robust data governance practice. Data governance is more than simply deciding who has access to data and who doesn’t.
But unlike companies who’ve suffered for their myopic approach to data governance, it’s difficult to showcase companies who’ve nailed it instead. That’s because the latter organizations get to avoid these problems in the first place or, just as likely, are able to respond so quickly and efficiently that there is no large-scale impact. Such organizations understand that their data governance (DG) policies are their aces in the game, a key differentiator from their competitors.
There is no such thing as perfect security, only varying levels of insecurity.
Salman Rushdie , Novelist
Even if he might have meant it in an entirely different context, Rushdie’s words should ring true for every organization that puts a premium on its data and therefore, on data governance as well. A robust data governance policy is not one that can prevent every mishap, but rather one that can keep adapting to evolving threats all the time.
To know more about setting up an effective data governance policy for your organisation, reach out to us for a consultation.