According to analysts, data governance programs have not shown a high success rate. According to CIOs, historical data governance programs were invasive and suffered from one of two defects:
- They were either forced on the rank and file — who grew to dislike IT as a result.
- They were run by IT instead of the most logical data governance owners and stewards.
We’ve seen the emergence of new, less invasive approaches, yet the question remains: What do CIOs think is most required to deliver a successful data governance program?
The Risks of Early Data Governance Programs
The biggest risk was a lack of ownership. And while IT should never be the data owner for business data, research from Digital Trailblazer author and former CIO Isaac Sacolick shows that 40 percent of business leaders “just want IT to fix the data and deliver reports.”
Obviously, data governance that’s run by the wrong stakeholders or those lacking the necessary right skills results in failure. Tools and platforms can help automated processes, but you still need the right people.
“Too often, organizations don’t educate their users about data governance, security, and business risk,” claims analyst Jack Gold. “This failure is often the difference between successful implementations and data breaches. It’s not just an IT problem. At the end of the day, the automated tools only implement what you define. If your definitions are bad, so is your governance/risk/security. Organizations shouldn’t rely just on automation or use it as a crutch.”
At the same time, data governance leaders must deliver tangible business value. Former Michigan State University CIO Joanna Young says, “Any dollars spent on data governance programs that aren’t perceived as helping with sustainable growth will become a problem. You can’t do data governance without the process and data owners.”
For this reason, University of Delaware CIO Sharon Pitt stresses
“Data governance is a collaborative effort. Data governance policy should be owned by the top of the organization so data governance is given appropriate attention — including defining what’s a potential risk and what is poor data quality.”
– Sharon Pitt, CIO, University of Delaware
Where this doesn’t occur there is a loss of trust, continued utilization of legacy data systems, data trustees who don’t understand their responsibilities, and a poor data dictionary.”
Get the Business to See the Value of Data Governance
Convincing the business to understand the value of — and invest time and resources in — data governance has not been easy.
Asked how he’s been able to execute data governance, Mevotech CIO Martin Davis says, “The flippant answer is ‘with difficulty’! It’s a lot easier in manufacturing, more difficult elsewhere. It comes down to the question: What is the value of your data? Also, data quality is only one aspect of data.”
For this reason, Young says “do a small, winnable data governance initiative and define and then get visible value (such as better decision or insight support for specific business areas). Let success then speak for itself and drive more investment. You often have to win at data for growth to some extent before getting a big investment for risk and compliance. Where they exist, make compliance your friend to help with making the case for risk/compliance.”
I like to call this approach business value-led data governance. In other words, create a win for business with data and then they will help with the risk and compliance portion of the data governance equation. Hinchcliffe agrees.
“The tension between growth + risk in enterprise data is a similar one between cybersecurity + innovation. Both must support and realize the other. Not an easy balance, however. There is immense business value in being able to move fast with data without breaking things.”
– Dion Hinchcliffe, Analyst, Constellation Research
How Does Data Governance Support Corporate “Data Culture”?
Unexpectedly, I got some pushback on the framing of this topic. Gold and Hinchcliffe said they think of this as being backward. Culture generally comes first, then the governance embodies it.
A corporate data culture should prioritize data governance as a core component. The data culture is critical and data governance supports it. For Pitt, “effective data governance should inherently build and support an effective data culture. Maturity will increase over time through education and adoption.”
“Data governance should be part of a multidisciplinary team going from problems to insights,” Sacolick adds. “This is the baseline for data-driven organizations. To work, data governance must also have an architecture team creating standards and be integrated into the compliance function.”
A successful data culture and data governance require an education component, so every employee can understand the what, why, and how — at least in basic terms. Important tools for this component include data literacy, lineage, and dictionaries. By the time some organizations realize they have a governance problem, they often find there’s a culture issue — then they have to shift culture, too. Here, the culture and program need to move together.
“In many ways proper data governance can enable new uses of data, new revenue opportunities, and moving data to the cloud,” says analyst Dan Kirsch “Data governance needs to wrap around data, no matter wherever it resides. It all ends up with culture and communication.” So, data culture and governance need a strong leader, charter, operating model, and budget (which is many times the hardest part).
How Do Corporate Governance, Information Security, and Data Governance Align?
Sacolick recommends that data leaders “Remember to ‘Keep It Simple, Stupid.’ Focus on market and customer needs and define safe/compliant operating models. Security is only one part of data governance. Add in data privacy, quality, lifecycle, and cataloging, to name a few things that are generally outside of security functions.”
Yet, he goes on to say that, “data governance is not just security + data privacy, quality, mastering, cataloging, and DataOps. However, it has to be led and managed. The people involved need to know a ton about the data and how it’s used — this is not easy and often not in InfoSec’s charter.”
Constellation Analyst Dion Hinchcliffe suggests that functions should be loosely integrated into the following streams:
- Governance, risk, compliance
- Enterprise risk management
- Environment, social, and governance
- Data management
Hinchcliffe notes, “These are almost always better as distinct functions that collaborate closely.” Although newer concepts like digital security architecture try to blend these concepts, it remains incredibly difficult to do so. CIOs say it is important to set expectations, live up to those expectations, and aggressively recognize and reward others who follow your lead.
For Sharon Pitt, setting up the right processes is key to success. “We’re covering integration through multiple institutional processes, including IT governance and data governance,” she shares. “Our project intake processes capture most of the concerns. Risk, however, is a different challenge. While risk may be defined, it might not be well addressed. There needs to be some institutional leadership that has the ability to accept or document risk without addressing risk for a prioritized business need or for budget concerns. IT often defines security risks which may not be accepted. However, risk framework processes would address risk concerns beyond security risk. But again, investment in addressing risk boils down to priorities.”
Ensure the Data Governance Program Delivers
Organizations would be wise to let the data do the talking. In this case, data-driven results should drive the need and outcomes of data governance. This means that in addition to data plans, strategies, and documentation, the results need to be measured and the course needs to be modified as needed. In this process, Davis says, “focus on defining the value of the data and why the business should care, and be careful to manage and publish this value as it is achieved.”
“Data governance has zero value in itself,” Hinchcliffe points out. “Value comes when it helps the organization realize customer experience and revenue/cost mitigation.” To deliver on data governance, Hinchcliffe emphasizes “the importance of communication, storytelling successes, proper tool support, automation, and establishing positive visibility.”
In terms of measurement, he says “metrics are in the eye of the data consumer. Make sure to work with data and process owners on what data governance measures they will understand and value. Make sure as well [that] the sources and formulas behind the metrics are known.”
The Power of Leadership in Driving Data Governance
Naturally, having leadership buy-in can eliminate many obstacles along the path to data governance — but there’s a difference between leadership saying “All right, go for it!” and playing an active role (that is, leading) its execution.
Alation CTO John Wills concedes that data governance is a complex process and its success hinges on strong leadership. He suggests true governance leaders should do the following:
- Set the appropriate scope, aligning business expectations with achievable goals
- Carefully navigate corporate politics
- Enable transparent communication and collaboration
- Continuously measure value delivered — and share it!
“Without this leadership,” Wills says, “data governance suffers from a lack of understanding and support.”
Clearly, organizational politics impact how — and even whether — you can deliver data governance. Gold says, “The difference between data governance and security in many orgs often boils down to a legal influence on the former and an IT influence on the latter. Both sides have value and need to be incorporated.”
To have influence, make sure to align well with the business and its data governance needs. This means focusing on the value and tying together data governance and creating a data culture. In many cases, this is about moving the organization from data-rich to data-driven.
Curious to learn more about data governance solutions? Get this free buyer’s guide: The Forrester Wave: Data Governance Solutions.