No matter where you reside, it seems as if significant data breaches happen almost weekly. A recent flurry of data breaches resulting in the disclosure of private data covering tens of millions of Australians has renewed the visibility of regulations that compel organisations to better protect consumer data. But data leaders must work quickly, and use the right tools, to understand, manage, and protect data while complying with related regulations and standards.
Alation joined with Ortecha, a data management consultancy, to publish a white paper providing insights and guidance to stakeholders and decision-makers charged with implementing or modernising data risk management functions.
Download the complete white paper now. Or, read on for a brief summary.
The Increasing Focus On Data Risk Management
Data risk management has changed dramatically over the past few decades as bad actors have become more adept, better funded, and incredibly creative in their attempts to steal valuable data. That, combined with the ever-accelerating pace of technological advancements across mobile devices, easy-to-deploy SaaS cloud applications, and ubiquitous internet connectivity, has created an incredibly broad attack surface for organisations to defend.
The result is that risk management, particularly data risk management, has become a key role within every industry, but especially in highly regulated environments. This extends up to c-level and board-level committees charged with identifying risks, defining controls, and providing evidence that the controls are in place and effective down through the chain of the organisation.
On the regulatory side, way back in the early days of the internet in 1998, Australia established an independent statutory authority to supervise banking, insurance, and superannuation and promote financial system stability. The Australian Prudential Regulation Authority (APRA) released nonbinding standards covering data risk management. Another agency later also published a legally binding standard to strengthen risk management for financial institutions with specific language related to data architecture and IT infrastructure.
How do organisations respond to these growing demands? The Enterprise Data Management Council, a global association dedicated to data management, has developed the Data Management Capability Assessment Model (DCAM). This industry standard framework helps institutions “establish, enable and sustain a mature data management discipline.”
From DCAM To Data Catalog
DCAM is a comprehensive data management framework to measure capabilities, and then identify and prioritise gaps, with a focus on auditability. Assessment scores help institutions align people, processes, technology, and data to better map and manage data risks. Alation and Ortecha are both Authorised Partners of the EDM Council for DCAM and the new Cloud Data Management Capabilities framework.
A core DCAM concept is that the business process that creates the data must also own that data. In other words, the business process must define data as an input and output of each process step. That defining data is called metadata, which is data that describes data. The capture, organisation, and sharing of metadata calls for a data catalog.
Whether a financial institution or not, in Australia or anywhere, data risk management is an extension of data management. Without data organization and classification, data definitions, or a connection to the data owner, it is difficult to evaluate the risk level of data. Metadata can help, and risk identification can even be a part of the metadata to expand awareness and transparency to all users.
So how can organisations begin to apply data risk management processes, frameworks, and controls systematically? A data catalog is a foundational component of any risk management program. It becomes the system of reference for all data, maintains the metadata, and provides a repository for the terms, governance policies, subject matter experts, and more. It also has reporting and analytics to provide insights into usage to highlight potential data risk management gaps.
Alation Data Catalog for Data Risk Management
Alation Data Catalog provides automation and capabilities data and data risk management teams can use to better manage massive data volumes in a rapidly changing enterprise data landscape. Alation finds enterprise data, classifies it, facilitates the assignment of data owners and stewards, and helps manage related policies, risk assessments, and changes. For audits and continued management, Alation also provides analysis and reporting to convey progress, identify gaps, and continuously improve data risk management efforts.
Download the white paper to learn more about Australia’s increasing focus on data risk management and how your organisation, no matter where it’s located, can use Alation Data Catalog to enhance those efforts.