Industry Partner and Strategist
Hewlett Packard Enterprise
Global Field CTO
Global Director Data Foundation
Global Data Leader
Inter IKEA Group
An increase in sophisticated cyber threats is leading Chief Data and Analytics Officers (CDAOs) to think critically about how they can incorporate data privacy and security into their data management strategies. Protecting sensitive and proprietary information requires a robust data governance framework, which is inadvertently one of their longtime challenges. How can data leaders improve data resiliency as the enterprise becomes more data-driven?
CDAOs in Evanta communities have named data governance as their top priority year over year, and we’ve seen cybersecurity top the list for Evanta’s CIO communities during the same time periods. As the C-suite makes a concerted effort to work together on their enterprise goals, the DACH CDAO Community recently came together for a town hall to discuss their part in managing inherent risks and how they can achieve data privacy, governance and security at scale.
During the program, Stefan Brock, Industry Partner and Strategist at Hewlett Packard Enterprise hosted a panel discussion with Aaron Murphy, Global Field CTO at Veeam; Ricardo Crepaldi, Global Director Data Foundation at BASF; and Naveen Gupta, Global Data Leader at Inter IKEA Group. They addressed how to identify sensitive information, governance maturity, strategies for optimising privacy and security and paths for scaling data governance frameworks.
Key Takeaways from the Discussion
Create ownership and accountability for data across the organisation.
Data is no longer just an IT topic but a business issue, and accountability should be shared across the organisation. As one panellist said, “We call it ‘business transformation’, because digitalisation supports the business, and that's the baseline of our strategy.”
Culture and change management are vital elements to ensuring success, and they shared a few examples of how they are driving ownership and accountability at their organisations, including creating divisional data officers to manage quality controls and offering tools and platforms that aid in decision making and sharing. Interestingly, one panellist noted how data products are following this trend, as many are now built for consumers in an effort to support data quality, management and governance, instead of being built for use by the data team.
- Cyber resiliency is a “team sport” between data, IT and the business.
The panellists discussed how data leaders should come together with their partners across the business to address the threat landscape – from both a cybersecurity and geopolitical perspective – and reevaluate their data security systems and processes accordingly. The hyperconnected world increases security complexities, and they posed the question, “Data protection has never been so important, and it is also one of the biggest headaches we have now. How do we keep ourselves protected but still able to communicate the way we need to run our businesses?” They then shared a few pieces of advice:
- First, identify your sensitive data. This is not just personal, customer, or government data, but it also includes proprietary business data, i.e., pricing, suppliers, profit margins, etc.
- Develop a data catalogue to classify all of the data before it can be shared.
- Manage the data through its entire lifecycle to prevent exposure.
- Utilise restricted accounts and audit them to ensure there is no incorrect usage.
- Implement more software controls.
One forward-looking approach included giving the business more visibility into the security process by creating a dashboard where they can see all of the data they are responsible for, its classification and the last time it was scanned for protection to get them involved before it's too late.
Data strategy shouldn’t be thought of as “cloud-first,” but “data-first.”
Most organisations are working with numerous data architectures, and data leaders should be thinking about how they can best leverage the data. Although they agree the cloud provides many advantages, one panellist shared, “It’s not necessary for all data to be in the cloud just for the sake of it being in the cloud. For new companies that don’t have technical debt, that's a good place to start, but for existing companies, maybe not. In some instances, it’s important to keep the data close to where it is produced.”
Data resiliency is about traceability, and the cloud is an important part of a recovery plan to ensure sensitive and essential data is copied and protected. However, data leaders also need to consider what should not be in the cloud and if latency and production speed can be afforded.
Evanta’s CDAO communities meet regularly to address the most critical priorities impacting their role today, such as data governance and security. Apply to join your local CDAO community to connect with like-minded data and analytics leaders from the world's leading organisations, and take a look at the calendar to see when your CDAO community is gathering next.
by CDAOs, for CDAOs
Join the conversation with peers in your local CDAO community.