Understanding and Managing Private and Sensitive Data Vulnerabilities

The importance of understanding where critical data is stored in an organization so that it can be protected appropriately was stressed by Donald Soulsby, vice president, architecture strategies, Sandhill Associates, in a session titled, “Managing Data Vulnerabilities,” at Data Summit 2017.

Citing a definition created by Rajesh Jugulum that critical data elements (CDEs) are “the data that is critical to success” in a specific business area (line of business, shared service, or group function), or “the data required to get the job done,” Soulsby discussed various ways to ensure that CDEs are identified and their location so that they can be secured and if a breach occurs, understand whether they were affected.  

There are various ways to identify CDEs, and one way is to look at data included in regulatory filings since if the government is interested in it, it can be assumed that it is important to the business too.

Following best practices for defining and implementing a collaborative approach for detecting, assessing, and cleansing data defects can help to ensure fitness for intended uses in business operations, decision making, and planning, according to Soulsby.

In addition, specific roles are involved in the organization to ensure that data is handled properly within databases.

The governance steward  is the person who is responsible for data metadata and for the decision about what data the enterprise will collect, and maintain the data represented by the column; the Data Qualification Steward deals with compliance metadata and  is the person  responsible for qualifying entries per the constraints on the data; and the Row Stewardship Process Stewardship deals with  process metadata and is responsible for the decision about how the enterprise will collect and maintain the data represented by the row.

The integration of business and technical metadata has become the long-sought holy grail of data governance, Soulsby added. Sandhill advocates the adoption of the Data Management Maturity Model, which was developed using the principles and structure of CMMI Institute’s Capability Maturity Model Integration (CMMI). The Data Management Maturity Model outlines data process improvement across business lines, allowing executives to make better and faster decisions using a strategic view of their data.

Many conference presentations have been made available by speakers at