Data governance is complex and challenging, both inherently and because it doesn’t drive revenue. This makes it difficult to get the buy-in necessary to create and enforce effective policies within an organisation. Data governance in a multi-cloud environment sees both challenges and complexities.
Addressing this issue is essential to an organisation’s long-term health and having no appropriate policy can lead to disastrous outcomes.
IT leaders in fields other than those with strict industry-wide data governance laws and regulations (healthcare, finance, law, pharmaceuticals, etcetera) who are operating in multi-cloud environments can take the following measures to make their organisation’s governance in this area more manageable and consistent.
Cloud, infrastructure modernisation and data governance defining IT success in 2019
Get executive buy-in
C-suite leaders in non-regulated industries may not immediately understand the stakes around having and enforcing an appropriate policy. Without their buy-in, IT leaders will be hard pressed to secure the resources necessary to create, implement and enforce meaningful data governance.
To communicate the high stakes to leaders outside IT, IT leaders should frame the matter in terms of potential revenue loss and, ultimately, corporate viability.
One example to share is that of Exactis, a Florida-based data compilation and aggregation company that sold their data to marketers. In 2018, a security professional came across an unsecured Exactis database on the public internet that contained more than 300 million consumer and business records, meaning anyone who knew where to look could access that private data.
The data’s exposure was reported by dozens of news outlets and characterised as a ‘data breach,’ even though there was no evidence that any malicious actor had actually accessed and used the data. The fact that someone could have was sufficient to draw indignation from the media.
The outrage was so substantial that Exactis were forced to close their doors.
In other words, without causing any direct financial losses, a lack of appropriate governance can completely shut down a company.
Of course, exposing terabytes of data isn’t a concern for most organisations. But even on a smaller scale, insufficient data governance can cause major business problems.
Take the issue of data decay, for example: data becomes less reliable over time. Without data governance policies dictating how data is technically stored and operationally managed, employees may be using inaccurate data to do the analyses that power important business decisions, which can lead to an organisation moving very confidently in the wrong direction.
Data governance vendors running hard but skipping first mile
Promote a data governance culture
Even with executive buy-in, though, consistent practices won’t magically happen without promoting a culture that values data such practices throughout your organisation. Creating this culture starts with educating employees on the importance of data governance and training them on how to properly handle data.
The goal is to create an environment where awareness leads to actions that are in everyone’s best interest. For example, an employee who’s aware of their company’s policies in this area may be more likely to pause and think before signing up for a free Dropbox account and uploading proprietary data to it.
Implement data governance policies and practices for your multi-cloud environment
Once non-IT leaders understand the crucial importance of governance policies in this area, it will be easier to secure the resources necessary to create and enforce them. For those operating in a multi-cloud environment, that process should include the following steps:
• Create data governance policies. This may sound like an obvious step, but it’s one that’s often skipped in businesses not subject to industry-wide regulations. Managing these policies in a multi-cloud environment is impossible without first establishing what should happen to various types of data under what conditions. Most likely, IT leaders will have to work with members of an organisation’s legal or regulatory teams to create data governance guidelines and policies.
• Evaluate your cloud providers’ data governance capabilities. This, too, sounds straightforward but often isn’t in practice; many cloud providers do not explicitly state their data governance capabilities. If your IT department doesn’t include someone familiar with managing cloud providers, a knowledgeable cloud consultant can help you with this step. Keep in mind that cloud providers run the gamut of capabilities here; your evaluations will range from ‘this provider doesn’t have the capabilities to meet our requirements’ to ‘this provider would actually make data governance easier for us’.
• Adjust your multi-cloud strategy as needed: The reality of operating in multiple public clouds is that your data governance capabilities will be limited to the lowest common denominator of your providers’ capabilities. If your current setup is insufficient to meet your newly defined policies, consider alternative structures, such as a single-cloud architecture, a hybrid cloud, or a multi-cloud setup that relies on the largest cloud providers (Amazon, Microsoft, IBM and Google). They tend to have the most robust capabilities.
No silver bullet
I realise that the recommendations in this piece aren’t exciting. They don’t outline a thrilling new technology that can solve your multi-cloud data governance headaches with a simple installation or monthly subscription. But that’s the reality: it is a necessary and unsexy component of successful business in today’s multi-cloud environments.
What’s more important, though, is that while the work of data governance falls to the IT team, it is not a purely IT problem any more than maintaining the safety of a city’s trains is purely an engineers’ problem. A deteriorating transit system can wreak havoc on a city’s ability to function. Similarly, the quality and security of your organisation’s data affect every employee and customer as well as the ability of the business as a whole to remain profitable.
While having the right policies and procedures in place is an essential part of making data governance more manageable and consistent in a multi-cloud environment, IT leaders won’t be able to do that without sign-off from executives who set budgets and allocate resources.
In other words, there is no silver bullet for improving data governance, in a multi-cloud environment or anywhere else. But by addressing its potential to affect business outcomes, IT professionals can make it work better for everyone.
George Nelson is vice president of cloud services at ServerCentral Turing Group (SCTG). SCTG offers cloud-native software development, AWS consulting, cloud infrastructure, and global data center services.