Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

Data Governance Framework Best Practices, Definitions and Examples

Compliance & Regulation

data governance framework

It’s 2020, do you know where your data is?  If you answered yes to that rhetorical question, you have a decent grasp of data governance. If not, it’s time to start to figure that out. Either way, read on to learn more about data governance and how Varonis can help automate you out of a big hole.

If you need more convincing about why you need data governance, check out the Varonis 2019 Data Risk Report. It’s an eye-opener.

Get the Free Essential Guide to US Data Protection Compliance and Regulations

What is Data Governance?

Data Governance is the process, and procedure organizations use to manage, utilize, and protect their data. In this context, data can mean either all or a subset of a company’s digital and/or hard copy assets. In fact, defining what data means to an organization is one of the data governance best practices. Once you have defined data, you can brainstorm all the ways you could use your data to advance your business.

Think of data governance as the who, what, when, where, and why about your organization’s data.

Another aspect of data governance is protecting the company and customer private data, which should be a high priority task for organizations in this day and age. Data breaches are near-daily occurrences in 2019 and governments are enacting laws – HIPAA, GDPR, CCPA, and more – to protect the private data of citizens. A data governance program builds controls to protect data and help organizations adhere to compliance regulations.

What is a Data Governance Framework?

A data governance framework is the how for your data governance. The data governance framework is the guidelines and definition of how organizations set up and enforce your data governance.

What is the Data Governance Institute (DGI)?

The Data Governance Institute (DGI) provides vendor-neutral data governance best practices and guidance since 2004. They actually wrote the book on data governance.

Why Data Governance is Important for Businesses?

image explaining what data governance framework functions

Imagine that you are working on a multi-national project worth approximately $125 million. Now imagine that just as your project is going to touch down on Mars – the project explodes. Obviously not a great outcome, but that’s exactly what happened to the first Mars rover in 1999. The root cause of this catastrophic failure? One team used the imperial system instead of the metric system. The lack of a data governance plan lead to the failure of that project. NASA implemented a data governance standard, and now Mars is inhabited by robots.

That is a simple example of how data governance can help your organization be successful. Here are a few other advantages:

  • Centralized policies and systems reduce IT costs related to data governance
  • Data standards allow for better cross-functional decision making and communication
  • Compliance audits are easier to manage, and compliance standards are easier to maintain

A data governance plan can also be a competitive advantage as you grow your business. Modern business runs on data, so without proper planning and business intelligence, you will fall behind your competitors.

  • Data fuels business intelligence for short and long term planning, including mergers and acquisitions
  • Data governance keeps data growth under control and organized
  • Stable data makes adapting to new data and privacy legislation easier

Pros

There are so many pros to implementing a data governance plan. Here are just a few of them for you to consider.

  • Data governance helps you protect against damaging and costly cyberattacks and data breaches
  • Good data governance reduces the cost of managing data and increases ROI of your data analytics
  • Data governance reduces the load of data management from the IT team and spreads the burden throughout the organization

Cons

And where there are pros, there are always cons.

  • Data governance requires a company-wide mandate to implement correctly.
  • Good data governance requires focus. You will be taking time from your teams to manage data, so make sure it’s worth it in the end.

Challenges

There are several challenges you will encounter as you establish a data governance plan:

  • Data governance is a part of a larger IT governance policy. The two initiatives need to work in concert with each other for both to be successful.
  • Change of any kind is hard – but getting employees to care about data governance is especially difficult. Users need incentives and motivation to follow your new data governance initiatives.
  • Data governance efforts need to be flexible to team needs and simple for users. If data governance impedes work efforts, it will not promote business goals.
  • Selecting technology and tools to manage a data governance strategy can be complicated. Use resources like Gartner to research technology and request references for systems that fit your strategy.

Considerations

Is your organization governed by privacy regulations? HIPAA, CCPA, GDPR, or PCI, for example? If yes, then you need a data governance program.

Does your organization use analytics and business intelligence to make strategic decisions? You need data governance to ensure the quality of your data inputs.

Are you finding your storage costs increasing, and you don’t know why? You need a data governance framework to get your data growth under control.

The Anatomy of Data Governance Framework

data governance framework roles and jobs

There are several data governance frameworks out there, but they all follow the same basic formulas. Each framework defines different controls that organizations need to implement and roles for humans to take on to make the data governance machine run smoothly.

Roles in the Framework

Chief Data Officer

Chief Data Officers (CDO) are a fast-growing job over the last few years. Companies are beginning to understand the importance of managing data and implementing a data governance framework, and that means hiring a CDO.  The CDO is the company leader of the data governance strategy, and hiring a CDO shows the commitment to data and buy-in from the top to take a data governance program seriously.

Data Owners 

Data Owners are the people that have direct responsibility for data. They are involved in the protection and quality of data as a business asset. A data owner will be on the team that uses the data. For example, a member of the finance team should be a Data Owner for the Finance team’s data.

Varonis automates the process for Data Owners to manage access to their data. Data Owners know who in their organization should have access to their data, and providing them the tools they need to manage and audit access to data is good data governance.

Data Stewards

Data Stewards are the champions of your data governance strategy. They meet with Data Owners and enforce data governance policies and procedures, as well as train new data owners and employees in data governance.

Data Governance Committees

The Data Governance Committee sets policies and procedures for data governance. This committee works with the CDO to establish the who, what, when, where, and why of data governance.

Aspects of the Framework

We have already discussed the data governance framework as the who, what, when, where, and why of data in your organization. Now let’s expand on what that could mean for you.

Who: These are the people – the CDO to Data Stewards and Owners, the Data Governance Committee, and the employees that touch and create data during their jobs. Each person in their organization needs to be aware of their responsibilities to data and their role in maintaining the quality and care of data. Data governance is not just a job of the CDO and Data Owners – the whole organization has to be on board.

You can implement technology to ease the burden of data governance on your end-users. Automation can help maintain privacy and protect your data from breaches, keep data in the proper storage areas, and enforce data retention policies.

What: The data, obviously. But what data? You don’t need to worry about that marketing guys finely curated GIF collection the same way you would govern the company’s financial documents. Define what data is of import to your business, both from a compliance and privacy and operational perspective. This is the data that you are going to focus your data governance policies upon.

When: When is the time portion of our data governance framework. What kind of data retention policies do you have to adhere to? HIPAA, PCI, and other laws can help inform you, as well as your own business goals and requirements to your customers. When can also tell you how often to audit data and data access rights.

Where: Where do you store and secure data? Where does your data live right now? Where do you have control of your data? Where is an important question, because unless you know where all of your important data lives, and your Data Owners are responsible to keep track of data, you will fall into the trap of the ever-exploding data problem. Data governance is about keeping control of your data, and the “where” is a vital aspect of your program.

Why: Why is last in this list, but first in importance. Why tells your organization why you worry about data, and why each employee should care. Why is the overarching principles or the mission of your data governance program. By clearly explaining why you are building the case for your team to embrace data governance. It is difficult to get large teams of people to buy-in to a new procedure.

Why could mean “so we are compliant and don’t get fined,” or “so we understand our customers better” or “optimize our production capability.” Whatever your why, keep the message to your team clear and consistent.

People don’t like to change or feel like they are being told how to do their jobs. Automation and technology can help your business thrive with data governance and limit the impact on your people and productivity.

How Do Data Governance Frameworks Operate?

diagram showing how data governance frameworks work

Gartner defines seven principles for good data governance in 2020.

Value and Outcomes

Align data governance with a business goal or outcome. You will need a data analytics process in place, so you can measure progress and outcomes.

Accountability and Decision Rights

Make sure your team is on board with your data governance strategy, and hold the CDO, data stewards, data owners, and employees accountable. Clearly define who can make which decisions about your data.

Trust

Can you trust all of your data sources? Are you in control of your data throughout its lifetime?

A trust model of data governance builds in mechanics to account for a distributed data ecosystem, and you should strive to understand the history and lineage of your data inputs so you can manage expectations and results.

Transparency and Ethics

Keep data analytics about data governance open and visible, with clear established decision-making processes, so it would stand up to external scrutiny.

Risk and Security

Do you consider risk and data security in your data governance strategy? Risk and security are two major drivers for companies to engage in data governance. They should be considered in addition to any business outcomes.

Education and Training

Do you have a program to train Data Owners and employees on the basic principles of data governance? Do you train new Data Stewards? Establish an ongoing training program to keep data governance in focus.

Collaboration and Culture

Does your team see data governance as a top-down mandate or a collaborative effort to build the business and keep data safe?

These seven areas can help you stay focused on the goals of data governance and inform how you are going to operate data governance.

Data Governance Challenges

There are several challenges you will encounter as you establish a data governance plan:

  • Data governance is a part of a larger IT governance policy. The two initiatives need to work in concert with each other for both to be successful.
  • Change of any kind is hard, but getting employees to care about data governance is especially difficult. Users need incentives and motivation to follow your new data governance initiatives.
  • Data governance efforts need to be flexible to team needs and simple for users. If data governance impedes work efforts, it will not promote business goals.
  • Selecting technology and tools to manage a data governance strategy can be complicated. Use resources like Gartner to research technology and request references for systems that fit your strategy.

Questions To Consider

Data governance is still a relatively new discipline, but according to Gartner, 90% of large companies will have a Chief Data Officer (CDO) by 2019. In 2014 there were only 400 CDOs. In 2017 the number of CDOs grew to over 4000. By following these best practice guidelines and asking the following questions, you can set yourself up for a successful data governance strategy:

  • What is your business strategy?
  • Have you defined and communicated key objectives throughout your organization?
  • Do you have the right data and is it of sufficient quality?

Answers to those questions will drive your data governance day-to-day activities and long-term initiatives. Keeping the metrics in focus and the data governance plan will keep the organization on the right path.

8 Data Governance Best Practices

data governance framework best practices

How should you implement data governance given those challenges? Here are some best practices that will help you with your data governance journey.

  1. Set format standards for your data and use technology to enforce those standards during post-processing and data ingestion into your big data platform. You are going to be pulling data from many disparate sources, so you should normalize your data in your big data system.
  2. Unmanaged data is still data! Data that lives in your files, folders, and shares is some of your most valuable data – and often at more risk than your managed data. Make sure your data governance strategy covers unstructured data.
  3. Map your business goals for data governance early and assign a Chief Data Officer (CDO). Make the CDO responsible for managing and achieving the data governance goals. Think big picture, but create manageable touchpoints along the way.
  4. Keep it simple! Data governance is not the primary job of the majority of the organization. Minimize impact to individual contributors and teams.
  5. Establish different roles for members of your data governance team. Data Owners are key, in that they are closest to the data they create and manage. You can assign Data Managers to work with Data Owners for guidance and to facilitate communication. Your data governance team should be cross-functional and empowered to push your data governance initiatives.
  6. Classify and tag all of your data. Establish standards for metadata that promote your business goals and allow for reuse of data.
  7. Measure your progress in several different ways. The more metrics you can gather the better. A few key metrics for data governance might be how much stale data you are saving, how many folders have assigned data owners, and how much sensitive data you are creating.
  8. Automate as much as possible. Automate workflows, approval processes, data requests, permissions requests, and anything else you can to make your data governance initiatives work.

Data Governance FAQ

See some frequently asked questions about data governance framework below.

Q: How Do Frameworks Vary Between Industries?

The basic framework for data governance is industry agnostic. The greatest differences are going to be in the Why. The goals and outcomes will be unique to each organization after the data security requirements are met.

Q: How Do You Create a Data Governance Framework?

I wouldn’t reinvent the wheel. There are plenty of different organizations that have already done the work to create a framework. If you are going to do it though, make sure you answer the questions who, what, when, where, and why about data first. That will help inform the How – the framework.

Q: How Do You Explain the Importance of Data Governance?

It can be difficult to explain to the C-Suite that you need to hire a CDO and implement a full data governance program. If they aren’t listening to you describe the risk and security concerns, the increasing cost of data storage, or the lack of cross-functional decision-making capabilities, you have a tough battle ahead of you. Have you tried a Varonis Risk Assessment? Sometimes showing them that most of the sensitive data on the network is open to everyone will get the conversation started.

Q: What is the Data Governance Framework Intended to Achieve?

Data governance is more than data security. Data security is important, but a data governance program can also enable cross-functional decision making and business analytics.

Varonis helps companies manage data governance projects: from classifying sensitive data to mapping data access to alerting on suspicious activity.  You can automate permissions clean up, reduce risk, and proactively protect and manage your data. See how to simplify and streamline your data governance initiatives with a free risk assessment – and learn how to build a data governance plan that works for your organization.

Jeff Petters

Jeff Petters

Jeff has been working on computers since his Dad brought home an IBM PC 8086 with dual disk drives. Researching and writing about data security is his dream job.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.