Data Governance for End-User Computing
Download as PPTX, PDF8 likes4,178 views
The document discusses the challenges and importance of data governance in end-user computing (EUC), highlighting that EUC involves data management activities outside corporate applications. It emphasizes the need for policies and principles to guide data governance in EUC environments, where data quality and management accountability are often met with complexity and resistance from end users. The focus is on establishing a framework for EUC governance to mitigate risks associated with data loss and ensure compliance with enterprise strategies.
Data Governance for End-User Computing
- 1. Data Governance for End-User Computing © AskGet.com Inc, 2015. All rights reserved Presented by Malcolm Chisholm Ph.D. Telephone 732-539-3406 – Fax 407-264-6809 mchisholm@AskGet.com September 15, 2015
- 2. • What is End-User Computing? • Background to EUC • The Challenge of EUC Data Governance • What Has to be Done for EUC Data Governance • Data Governance Policies Agenda © AskGet.com Inc, 2015. All rights reserved
- 3. What is End-User Computing? © AskGet.com Inc., 2015. All rights reserved
- 4. Introducing End-User Computing (EUC) Will Data Governance Ride to the Rescue? END USER COMPUTING THE UNTAMED FRONTIER OF DATA GOVERNANCE See the Exploits of Real Users That Have Made Them Famous throughout the Enterprise!
- 5. Definitions Data Governance The activities that are needed to ensure Data Management is carried out in an effective and efficient manner to achieve corporate strategy, while minimizing risk and respecting all obligations the enterprise has for its data. Data Management The activities that are needed for the enterprise to acquire, maintain, use, publish, archive, publish, and purge data, and which should be carried out under the oversight of Data Governance. End-User Computing (EUC) Any aspect of Data Management that occurs outside of a production Corporate Application, even if it occurs in a general environment that is supported by IT. Corporate Application A data processing application that is supported by IT, usually with IT involvement from the requirements stage to production implementation stage, whether built, bought, or rented.
- 6. The Challenge of Data Governance Data Stewardship Data Policies Data Security Legal, Privacy & Compliance Information Knowledge Mgmt. Data Architecture & Modeling Data Life Cycle Change Management Data Content Management Primary Accountable is IT Primary Accountable is Operations Other Primary Accountable Primary Accountable is Data Governance • Data Governance is a set of disciplines, each with its own special set of concerns and techniques • Some of these disciplines are “pure” Data Governance; others involve working with some part of the business that has primary responsibility for the discipline • The Data Governance disciplines are each different and fairly self-contained • To do Data Governance well we need to master all of the disciplines relevant to our enterprise • Some of these disciplines are emerging, and that makes them difficult © AskGet.com Inc 2015
- 7. What Are “Endpoints” • Because of its close relationships with IT and Operations, Data Governance tends to focus on corporate systems. • However, many enterprises have segments of their workforce that are mobile and/or dispersed from central offices. These staff are creating data at their “endpoints” that is not captured in corporate systems. • Even staff in corporate centers are doing work on their PC’s that is not captured by corporate systems. • Leaving aside discussion of Cloud for now, which has added even more complexity. IT Operations Data Governance Corporate Systems Mobile, Dispersed, and /or Self-enabling Segments of Workforce ? © AskGet.com Inc 2015
- 8. End-User Computing • Endpoints are where data is at, but what is going on at the endpoints? • Answer: End-User Computing (EUC) • Much – but far from all – the types of data management that we see in corporate systems are going on in EUC • It is very rare to find any staff who have received training on EUC Data Governance (“EUC Governance”), and this is not a traditional area of focus of Data Governance. • Hence, the quality of data management is unknown, but can be guessed to be at low maturity – which is risky. Data Acquisition File Transfer Analysis Communication Reporting Reports Models Files Contracts Publications … © AskGet.com Inc 2015
- 9. Background to EUC © AskGet.com Inc., 2015. All rights reserved
- 10. Industry Focus • EuSpRiG is perhaps the only industry-focused group • They have an annual conference (in Europe) © AskGet.com Inc 2015 www.eusprig.org
- 11. EuSpRIG Horror Stories • EuSpRiG publishes “Spreadsheet Horror Stories” • The above one has become quite famous © AskGet.com Inc 2015
- 12. Vendor Ecosystem • There are some product vendors in this space • More seem to be getting in • Vendors want to work with Data Governance © AskGet.com Inc 2015 Data Governance Data Availability Druva Elastic Cloud File Classification & Analytics Auditing eDiscovery Integration Data Backup & Collection Data Recovery Data Loss Prevention Data Archival File Sharing Data Access Global Deduplication Engine Single Instance Storage Time- Indexed Metadata S3/Glacier (Storage) DynamoDB (Database) EC2 (Compute) Security&PrivacyFramework Device Refresh
- 13. Regulators’ Viewpoint: BCBS 239
- 14. The Challenge of EUC Data Governance © AskGet.com Inc., 2015. All rights reserved
- 15. Why Is EUC Governance Needed? • Employees go away – sometimes suddenly. • What happens to the data they have been working with? GAME OVER Termination New Job Other Reasons Stolen Destroyed Lost • Endpoint devices go away – sometimes suddenly. • What data has gone missing, what are the consequences, and can the data be recovered? • There are some obvious reasons why EUC governance is needed • Here are a couple – there are a lot more © AskGet.com Inc 2015
- 16. The Challenge of EUC Governance: 1 – No Close Partner • We saw before that for some Data Governance disciplines there are natural partners. • IT is a partner with EUC Governance, but has a relatively narrow focus, and may not understand the Data Governance aspects • Legal and HR could be other partners • The end users themselves can be resistant to Data Governance, but ultimately need to be enrolled • CONCLUSION: Data Governance must lead in this area GA M E OVER Termination New Job Other Reasons Stolen Destroyed Lost Data Stewardship Data Policies Data Security Legal, Privacy & Compliance Information Knowledge Mgmt. Data Architecture & Modeling Data Life Cycle Change Management Data Content Management Primary Accountable is IT Primary Accountable is Operations Other Primary Accountable Primary Accountable is Data Governance © AskGet.com Inc 2015
- 17. Data Stewardship Data Policies Data Security Legal, Privacy & Compliance Information Knowledge Mgmt. Data Architecture & Modeling Data Life Cycle Change Management Data Content Management Primary Accountable is IT Primary Accountable is Operations Other Primary Accountable Primary Accountable is Data Governance The Challenge of EUC Governance: 2 – Complexity • EUC Governance is composed of many (but not all) of the disciplines of Data Governance • EUC Governance may have some special characteristics that also make it its own discipline • It is up to Data Governance to figure this out, and come up with conceptual frameworks for EUC Governance • CONCLUSION: Data Governance must lead in this area GA M E OVER Termination New Job Other Reasons Stolen Destroyed Lost * * * * * * © AskGet.com Inc 2015
- 18. Data Governance Vision and Leadership © AskGet.com Inc 2015 Tell me what you want me to build Then I will design it Then I will build it Then I will turn it over to you Then I will walk away The IT Mindset I’m here to gather requirements The Business Analyst Mindset Requirements Vision Leadership The ideal state of EUC in the enterprise How to get to the Vision • Data Governance must figure out how to lead
- 19. What Has to be Done for EUC Data Governance? © AskGet.com Inc., 2015. All rights reserved
- 20. Problem of Reaching EUC Users • EUC Users are usually distributed widely across the enterprise, rather than being concentrated in one or two departments. • However, there are definitely more of them in certain departments, e.g. Finance, Actuary, Analytics. • In any case, no department will want to engage Data Governance to do EUC Data Governance – in fact, they will want to avoid Data Governance. • So how do you engage these users? Principles and Policies are two ways. © AskGet.com Inc 2015
- 21. What Are Principles? • Principles are propositions that are to be accepted as true, but not further analyzed. • We may not be able to further analyze them, or we may choose not to as they appear “self-evident” to us. • Principles allow use to build a consistent set of governance rules. It is important that these rules do not contradict each other. • Principles – if they are clear enough – allow us to quickly judge if what we are doing is in accordance (or not) with them. This is very useful. • They can be used to guide EUC users, and can provide vision for Data Governance. © AskGet.com Inc 2015
- 22. Principles in Practice Can you send me that big file of Customer data? Sure - I’ll put it in my personal DropBox for you to pick up Can you send me that big file of Customer data? We’re going to have to ask about that. We can’t use external storage for sensitive data. Principles do not set rules, but people do use then to guide their decisions © AskGet.com Inc 2015
- 23. Sample EUC Governance Principles 1. Production data in an EUC asset makes it a production EUC asset 2. All EUC assets that are used to run or manage the enterprise (i.e. production assets) are identified. 3. Every production EUC asset has data management accountabilities formally distributed and documented. 4. All data sources used in EUC assets are documented, and are sourced in accordance with enterprise directives. 5. All usage relevant to the business of EUC assets is documented. 6. All processing relevant to the business is documented 7. QA is undertaken for production EUC assets, and Data Quality is always addressed 8. Sensitivity of data and processing in EUC assets will be registered and respected. 9. Manual adjustments to data in EUC assets will be documented. 10. Reports or equivalent that are published from EUC assets and which pass out of the enterprise are registered. 11. If data from an EUC asset is input to another EUC asset or corporate application, then a Data Sharing Agreement is required. 12. Pathways to conversion to corporate applications, if available, will be implemented
- 24. Data Governance Policies © AskGet.com Inc., 2015. All rights reserved
- 25. What Are Data Policies © AskGet.com Inc 2015 EUC Policy • A policy is a high-level rule that constrains business behavior. o E.g. “Every decision about a Critical Data Element must be documented” • Policies are NOT low level rules like “The Area Code of a Telephone Number must be enclosed in parentheses”. o But many DBA’s and people in IT call these low level rules “policies” because that is what their technologies call them • A policy does not tell anyone how to do something o Those impacted by policies have to figure out how to operationalize them • Policies are enforceable and are enforced o Don’t write policies unless you know how they can be enforced, and make arrangements to actually enforce them.
- 26. Get Authority for Enterprise Data Policies © AskGet.com Inc 2015 Data Governance • Data Governance must get the authority for Data Policies. • This may have to be taken away from IT (who do not know how to do them anyway). • Your enterprise may have a central body for all policies, but they will typically outsource specific areas to experts. • Policies are perhaps the most important tool for addressing EUC Governance, Executive Management Assign Authority for Data Policies
- 27. Develop EUC Policies © AskGet.com Inc 2015 • Policy formulation, promulgation, operationalization, compliance checking are a big topic in themselves, and are not going to be covered here. BUT you need to be successful at all of these. • Need to decide if you want a single big EUC policy, versus many smaller focused policies. Both have their pros and cons. • Figure out what policies you need from the principles and the specific areas of Data Governance. Sample EUC Governance Principles 1. Production data in an EUC asset makes it a production EUC asset 2. All EUC assets that are used to run or manage the enterprise (i.e. production assets) are identified. 3. Every production EUC asset has data management accountabilities formally distributed and documented. 4. All data sources used in EUC assets are documented, and are sourced in accordance with enterprise directives. 5. All usage relevant to the business of EUC assets is documented. 6. All processing relevant to the business is documented 7. QA is undertaken for production EUC assets, and Data Quality is always addressed 8. Sensitivity of data and processing in EUC assets will be registered and respected. 9. Manual adjustments to data in EUC assets will be documented. 10. Reports or equivalent that are published from EUC assets and which pass out of the enterprise are registered. 11. If data from an EUC asset is input to another EUC asset or corporate application, then a Data Sharing Agreement is required. 12. Pathways to conversion to corporate applications, if available, will be implemented Data Stewardship Data Policies Data Security Legal, Privacy & Compliance Information Knowledge Mgmt. Data Architecture & Modeling Data Life Cycle Change Management Data Content Management Primary Accountable is IT Primary Accountable is Operations Other Primary Accountable Primary Accountable is Data Governance PolicyPolicy EUC Policy
- 28. Data Governance for End-User Computing © AskGet.com Inc., 2015. All rights reserved Questions and Answers Presented by Malcolm Chisholm Ph.D. Telephone 732-539-3406 – Fax 407-264-6809 mchisholm@AskGet.com September 15, 2015