Why Data Governance Policies Are Critical to Solution Success

<< back Page 3 of 3

employee leaves a company, his work devices will be collected as part of the off boarding process. But what about the personal or even company owned storage devices that contain the same sensitive and proprietary information? Companies need to set policies around whether they allow these devices and if they don’t, must also decide how they will compensate for that.

Another hot policy area is whether or not organizations will support the Apple operating system. The popularity of Apple computers leads many employees to ask for Apple operating system devices for use in the workplace even if they are not approved by corporate. In many cases however, the programs employees want to use on Apple computers make them incredibly productive and help them to do their specific jobs better. Companies must set clear policies when it comes to whether or not individual employees will be allowed to use Apple products for work and under what circumstances it would be acceptable. From there they need to address related issues such as managing security, compatible approved applications, etc.

Defining Policies Around Auditing Users’ Systems

One final and extremely complex relevant area is defining policies around auditing users’ systems. Many employees, usually without malicious intent, are running pirated and unlicensed software on their computers. Companies must decide whether they will turn a blind eye to this fact or whether they will actively prevent this from happening. Should a company programmer use unlicensed software during product development for example, and the company profits from that, there are major legal implications involved and ignoring the issue could be very problematic. On the flipside, companies who decide to proactively audit users’ systems need to be prepared for pushback from employees wanting to maintain privacy on their devices.

There are many types of corporate environments. Some companies take a fairly open approach while others decide to implement strict data controls. Regardless of the company’s style, there are very complex data governance policy questions that need to be answered before a company makes decisions on the technology side. Before evaluating tools and then committing to them, organizations need to take the time, no matter how painful, to set governance policies and work to secure buy in for them. It is also important to recognize that there are no right and wrong answers to these difficult policy questions; they will be tailored to each company’s specific industry and environment and there will be pros and cons no matter what is decided. What is important is to answer these questions, set the policies and adopt technology to enforce them. Data governance technology can be transformative but will not solve data governance challenges without effective policies in place. The mindset that technology will drive policy instead of vice versa guarantees a lackluster program or worse, complete failure.  

About the author:

Chris Grossman is senior vice president, Enterprise Applications, Rand Secure Data.

<< back Page 3 of 3

Related Articles

Big data can be a Siren, whose beautiful call lures unsuspecting sailors to a rocky destruction. The potential value of big data analysis to increase income (or lower expenses) for the company tends to drown out the calls for risk oversight. Understanding the legal and regulatory consequences will help keep your company safe from those dangerous rocks.

Posted December 17, 2013

Much of the information contained in databases is sensitive and can be sold for cash or, such as in cases of theft by a disgruntled employee or by a hacker with political motivations, to cause the organization loss of business or reputation, especially if the organization is found to be in breach of regulations or industry standards that demand high levels of data security. However, there are 5 key steps that can be taken to ensure database security.

Posted March 11, 2014