Article

Enterprise data governance: Fundamentals to best practices

Cloud GovernanceData Access Governance
Time to read: 12 minutes

What is enterprise data governance?

Enterprise data governance ensures that data is accessible, accurate, and usable. It is based on a set of policies and procedures developed and enforced by a team within an organization. In some cases, the enterprise data governance team is dedicated to this function. In others, it is a cross-functional, working team comprised of representatives from across the organization.

Organizations use enterprise data governance to ensure that data is handled correctly through its entire lifecycle—creation, storage, usage, and archiving or destruction. Responsibilities include:

  1. Designing and developing the infrastructure, including selecting the supporting technology
  2. Creating and maintaining the related processes and policies
  3. Defining which individuals or roles have what rights related to data, such as creating, accessing, auditing, and safeguarding it

Enterprise data governance effectively manages and scales governance efforts with policies that help answer important questions, such as:

  1. What data does the organization have?
  2. Who owns the data?
  3. Where does this data reside?
  4. What is the data used for?
  5. How is data accessed?
  6. What data is shared?
  7. What reports or metrics need to be generated using this data?
  8. Where and how does the data flow through the organization?
  9. Who determines how data is defined, modified, and used?

Essential components of enterprise data governance include the following.

  1. Enterprise data governance framework—provides direction for managing the program, including who can access and use it and in what ways.
  2. Data governance roadmap—defines enterprise data governance roles and responsibilities along with the objectives for the program.
  3. Data governance team—includes individuals responsible for executing and overseeing initiatives. Common enterprise data governance teams include:
  4. Enterprise data governance tools—purpose-built software for various functions including data analytics, data cataloging, lineage tracking, data quality management, and data security management.
  5. Data analytics—involves collecting, processing, analyzing, and visualizing data using various methods and tools to extract actionable insights from raw data.
  6. Data catalog—stores all data in a repository to make assets accessible from a centralized view. A data catalog uses metadata to provide details about the information in the data catalog. This includes definitions, descriptions, linkages, owners, quality indicators, sources, and usage history.
  7. Data lineage—tracks how data was used, who accessed it, and the associated timeline.
  8. Data quality management—specifies processes and procedures that ensure data remains correct, comprehensive, consistent, current, and reliable. This includes creating and enforcing guidelines and metrics for assessing, tracking, and remediating errors.
  9. Data security management—protects data confidentiality, integrity, and availability (i.e., CIA (Confidentiality, Integrity, and Availability) triad). Enterprise data governance provides direction for identifying and classifying data according to its sensitivity and risk level, implementing data access controls, applying encryption, and monitoring and auditing data activities and incidents.
  10. A team leader
  11. Data stewards
  12. Data owners
  13. Data custodians
  14. Line of business representatives

Enterprise data governance challenges

Compliance requirements

Compliance regulations driven by governments and industries continue to evolve at a rapid pace. Enterprise data governance processes and procedures must contend with data proliferation and ever-changing rules for how data is managed, including enforcing data privacy and security requirements.

Data access bureaucracy

The protections and processes that come with enterprise data management programs can impact productivity. This not only undercuts the value of data as it is not accessible in a timely manner, but can also lead to workarounds that undermine the program.

Data control

The controls needed for enterprise data governance are often conflated with those used by IT and security teams with ruinous results. IT and security teams are primarily focused on data access controls and threat protection to mitigate risk and threats. Business teams look to data as a tool for driving value and strive for ways to access and use it. This often puts the two groups at odds with data caught in the middle.

Data ownership

Enterprise data governance efforts are challenged by the concept of data ownership. In reality, all data is owned by the organization. However, content creators and users believe that they own the data and may resist efforts to control “their” data.

In some cases, data ownership is perceived to be the domain of IT, since IT manages the systems used to create, share, and store it.

Enterprise data governance programs must contend with the challenges associated with perceived and actual data ownership and the oversight and management of that data.

Demonstrating business value

Despite the importance of enterprise data governance, organizations often fail to implement processes to document and measure the results of the program. Enterprise data governance is a resource-intensive function that often comes under scrutiny, with teams finding themselves scrambling to demonstrate defensible business value based on quantifiable metrics, such as data quality and actionable insights derived from the data.

Disparate data sources

Enterprise data management encompasses all data regardless of where it is created or resides. With the data diaspora caused by cloud computing and the pervasive use of SaaS tools, enterprise data management has been challenged to gain control of these disparate data sources and provide centralized access.

Lack of functional leadership

While organizations generally have an executive sponsor for enterprise data governance, there is often a lack of a functional leader who oversees the day-to-day operational aspects of it. Another challenge with leadership is that individuals in charge often do not understand the nuances of the function.

Enterprise data governance efforts are often hampered by a lack of resources—from budget to staffing. In some cases, IT teams are overwhelmed and cannot take on the additional responsibilities; in other cases, limited IT resources are misallocated to enterprise data governance functions that should be handled by other groups.

When enterprise data governance programs are initiated, it is common to add responsibilities, such as data owner or data steward, to existing roles rather than having a dedicated position. While this is effective in the short term, it is not scalable and usually results in lackluster performance.

Poor data context and quality

Data context and data quality determine the value of data and thus are of paramount importance to enterprise data governance programs. However, within enterprise organizations, priority is often placed on gathering data and less or none on how it is organized, which impacts data context and quality.

Poor data context creates a lack of clarity as to how data is meant to be used and inhibits effective enterprise data governance efforts.

Poor data quality is a challenge because it leads to a lack of trust and poor outcomes related to analytics. Enterprise data governance must take into account the myriad reasons for poor data quality, such as inaccuracies, age, and improper usage.

Rapid proliferation of data

The volume and velocity of data proliferation of data have quickly overwhelmed many a well-intentioned enterprise data governance program. The challenge is that enterprise data encompasses far more than that generated by business units.

The influx of big data creates a volume multiplier that is often overlooked. This unstructured data strains existing systems and databases as well as introduces different storage environments (e.g., data lakes) that require different governance policies and procedures than structured or even semi-structured data.

Siloed data

Data silos undermine the efficacy of enterprise data governance, because information is either hidden or inaccessible. Challenges related to data silos are created by:

  1. An accelerated pace of data collection
  2. Communication barriers
  3. Corporate cultures
  4. Growth and turnover of new technologies and enterprise infrastructure
  5. Legacy data locked in old systems
  6. New data sources
  7. Teams using multiple disconnected applications and systems (e.g., marketing, sales, finance, and engineering)

Support for self-service analytics

A shift to self-service business intelligence and analytics has created enterprise data governance challenges as more users demand increased access to data. Enterprise data governance programs struggle to balance their objective of ensuring data confidentiality, integrity, and availability with making it quickly and easily accessible to a broad range of users.

Unintentionally hidden data sources

With data being generated from so many sources, it is often inadvertently hidden within groups. As teams generate data, it is often stored locally and drawn on by other team members, but remains hidden from the organization at large.

Enterprise data governance benefits

As organizations depend on data for nearly every aspect of their business, the benefits of enterprise data governance take on particular importance. Benefits of enterprise data governance include:

  1. Addresses foundational data challenges, including:
  2. Assures that data reflects reality to effectively support decision-making
  3. Automates data-related tasks, including:
  4. Enables data democratization by giving users access to the data they need when they need it
  5. Ensures the confidentiality, integrity, and accuracy of data
  6. Facilitates enhanced collaboration between teams
  7. Fosters a culture of data sharing and quality
  8. Gives accurate status of ongoing activity, inventory, and resource availability
  9. Helps maintain a single version of the truth for data assets
  10. Logs data lineage to simplify root-cause analysis and impact analysis
  11. Minimizes friction between diverse data practitioners across an organization
  12. Protects data to adhere to security and privacy mandates
  13. Provides a management framework and structure for the creation, quality, handling, and security
  14. Reduces time lost on decisions made based on erroneous or outdated information
  15. Streamlines operations, reducing costs and increasing productivity
  16. Supports compliance with regulatory, legal, and industry requirements
  17. Tracks and manages all data in an organization
  18. Unifies enterprise data governance and management
  19. Ensuring consistent data interpretation
  20. Identifying opportunities to streamline data management efforts
  21. Making data assets reusable
  22. Recording relationships between various assets
  23. Reducing the number of errors in records
  24. Data cataloging
  25. Data discovery
  26. Data glossary creation
  27. Data lineage
  28. Data profiling
  29. Data quality checks

Enterprise data governance frameworks

An enterprise data governance framework is the foundational model for strategy and compliance. It serves as a blueprint for how the program is executed.

An enterprise data governance framework should address the unique requirements of the organization, including the types of data systems used, organizational tasks and responsibilities, and industry and government regulatory requirements.

Elements of and considerations for an enterprise data governance framework include:

  1. Data scope, including analytical, master, operational, transactional, and big data
  2. Data standards and policies
  3. Description of the data flows (e.g., inputs, outputs, and storage requirements)
  4. Metrics for measuring strategy execution and success
  5. Mission statement for the program
  6. Organizational structure, including roles and responsibilities, such as:
  7. Rules, procedures, and processes for how data flows are managed and controlled
  8. Technology and tools used to execute the program
  9. Accountable owner
  10. Business team
  11. Data council members
  12. Executive sponsor
  13. Head of data
  14. IT liaison

Recommended steps for creating an enterprise data governance framework include:

  1. Define data sources
  2. Identify data consumers and owners
  3. Establish processes and procedures for validating data and ensuring data integrity
  4. Determine risk and data security requirements for data types
  5. Implement processes for monitoring and enhancing the framework

Enterprise data governance processes

To be successful, enterprise data governance must be included in every aspect of an organization’s data creation, management, and protection. Recommended enterprise data governance process guidelines include the following elements.

  1. Assignment of clear roles and responsibilities for managing and using data
  2. Audits and quality control processes and metrics
  3. Documentation and communication of enterprise data governance processes and procedures
  4. Establishment of a chain of command and escalation paths for resolving data issues or conflicts
  5. Guidelines to ensure the effective and efficient use of data
  6. Parameters for data integrity
  7. Processes and tools to monitor and improve data quality
  8. Visibility and access to relevant information about the organization’s data assets

Enterprise data governance best practices

Best practices used by organizations that have successfully implemented enterprise data governance programs include the following.

  1. Automate wherever possible
  2. Build a business case that includes specific objectives
  3. Communicate details about the program, detailing what, why, and how
  4. Determine success metrics and establish baselines using qualitative and quantitative criteria
  5. Develop a robust data governance framework
  6. Establish a cross-functional advisory group and assign roles and responsibilities to each team member based on their expertise and authority
  7. Identify and document every data domain
  8. Implement enterprise data governance programs with the big picture in mind
  9. Measure results against baselines, report results to all constituents using visualization, and adapt the enterprise data governance program to ensure continuous improvement across all areas (e.g., data quality scores, data access rates, and data compliance)
  10. Monitor progress
  11. Provide training to all constituents
  12. Research and invest in the right technology to support the program
  13. Secure an executive champion and sponsor
  14. Start small and use and validate the approach through this “pilot” test

Committing to enterprise data governance

Enterprise data governance is not a one-time effort; it must be inculcated into the organization’s culture with support from all levels of leadership. In addition to embedding enterprise data governance into operations, it must be continually monitored and updated to ensure that it meets the business and regulatory requirements of the organization.

How mature is your identity security strategy?

Discover the 5 horizons of identity security.

Mark and Sumit

S1 : E2

Identity Matters with Sumit Dhawan, Proofpoint CEO

Join Mark McClain and Sumit Dhawan to understand the future of cybersecurity and how security teams can support CISO customers in the midst of uncertainty.

Play podcast
Mark and Ron

S1 : E1

Identity Matters with Ron Green, cybersecurity fellow at Mastercard

Join Mark McClain and Ron Green to understand the future of cybersecurity and the critical role identity security plays in safeguarding our digital world.

Play podcast
Dynamic Access Roles

Dynamic Access Roles

Build the next generation role and access model with dramatically fewer role and flexibility

View the solution brief