Conversations about data are evolving almost as fast as data itself.
Go back some years, to when the concept of big data was first introduced to a wider audience. Discussions often centered on the vast volumes being generated, and how traditional data centers would cope.
Once organizations got a handle on their cloud setup, the talk shifted. The focus became more about, “How can we extract the insight within this data?”
Now, maturing and evolving governance-related regulations mean organizations are in a new race for competitive advantage. The goal – to become truly data-driven, while staying compliant. The deadline – 2025.
“By 2025, smart workflows and seamless interactions among humans and machines will likely be as standard as the corporate balance sheet, and most employees will use data to optimize nearly every aspect of their work.”
McKinsey
There’s still some way to go for many organizations, according to Accenture. The analysts found:
“Only 32 percent of companies reported being able to realize tangible and measurable value from data, while only 27 percent said data and analytics projects produce insights and recommendations that are highly actionable.”
Accenture
One big reason for the delay is about how the data is governed. Finding ways to extract the insights – without compromising Personally Identifiable Information (PII). Securing the data – while setting up least privilege principles. All while complying with new and updated directives, regulations and laws.
This “data value gap” can be bridged with a technology-driven approach to governance. It starts by understanding what it really means to be data-driven. And then examining how it can be achieved while also maintaining data privacy.
Data-driven & data privacy: A question of balance
Naturally, the pressure is on for organizations to be data-driven. However, the counter force is the requirement to ensure data privacy. These opposing forces affect multiple industries.
For example – in telecoms and innovations such as IoT and 5G. Data may be flowing in from these new channels, but there still needs to be data ingestion, cleansing, enrichment. That’s before security and governance is factored in, to help manage the enlarged attack surfaces and ensure compliance with relevant legislation.
Similar challenges exist in healthcare. The pandemic underscored the importance of being able to track viral movements and conduct data modeling.
At the same time, protecting growing volumes of sensitive data and PII means finding the right balance between privacy and public safety. After all, healthcare is one of the areas where data is growing fastest, posing new challenges around complying with acts such as HIPAA.
Regulations are of course nothing new within another industry also required to balance data insight with privacy – financial services. However, maintaining successful governance is particularly demanding, with legacy systems still a feature of many banking operations. Then there’s the reputational risk to consider:
“The effects of a cyberattack can ripple for years, resulting in a wide range of “hidden” costs—many of which are intangible impacts tied to reputation damage, operational disruption or loss of proprietary information or other strategic assets.”
Deloitte
Of course, these challenges aren’t going away for organizations. At the same time, this isn’t an “immovable force meets irresistible object” scenario.
Being privacy-driven and data-driven isn’t mutually exclusive. Instead, it’s about finding harmony between the two. In the same way business and IT can be harmonized. And that starts with defining what it actually means to be data-driven.
Data-driven: A definition and a destination
At the simplest level, data-driven means decisions are driven by data. As opposed to reliance on gut instinct, or Highest Paid Person’s Opinion (HiPPO).
Of course, gut instinct is founded on experience that adds gravitas to the HiPPO. However, it’s still limited to just one or a few people’s subjective experiences.
With a data-driven analytical approach, those limitations are removed. Instead, data access is democratized across the business. Employees have real-time dynamic dashboards at their fingertips, instead of routing requests to IT departments and waiting to receive static data dumps.
Data-driven decisions can be objective, scaled, and continuously improved. Data becomes embedded in collaboration and discussion, with behavioral buy-in from the board room.
Of course, this definition relies on insights being extracted. In a way that’s compliant, organized, and leads to a centralized source of truth. That’s why being data-driven isn’t just about any data.
“Data-driven organizations are three times more likely to report significant improvements in their decisions around innovation, growth and competitive advantage.”
PriceWaterhouseCoopers
It may be years, even decades since the phrase “Without data you’re just another person with an opinion” first came to prominence. Since then, it’s fair to say most organizations are not without data. However, many still face obstacles.
That’s down to the fact that much of the gathered data remains raw, in silos, and requiring governance. However, once an organization knows the type of data they require, they can start solving this challenge. It involves business and strategy, powered by advanced, automated and AI-based technologies
The business case for being data-driven
Imagine you’re a C-level decision-maker at a bank. You want to put together a growth plan for the next few years. You see your revenue is growing year-on-year, yet your customer churn is also growing. The business is trying to keep the overall customer base growing, and that’s bumping up your customer acquisition costs.
You know you need to better understand which customers are driving your revenue.
“Business leaders are starting to recognize how costly keeping a poor-fit customer can be for business, such as overcustomization, custom-made solutions and outsize time spent on servicing”
Gartner
This scenario calls for data-driven analysis of your customers. Going beyond analysis of revenue generation. Toward understanding of revenue sustainability, and the metric of revenue retention.
The recurring-model nature means revenue retention has long been a crucial indicator of growth in SaaS. Helping identify the most profitable customer segments and whether new add-ons and services are encouraging upgrades from existing users.
This is now into the areas of sensitive data and Personally Identifiable Information (PII). However, accessing this sort of insight is essential for modern business, where customer experience is often a key differentiator.
Gaining this level of data-driven – yet compliant – insight can also lead to answering one of the most difficult – yet revealing – growth-based questions businesses face: “How profitable would we be if we didn’t gain a single customer over the next 12 months?”
Here’s a related question, this time with an answer: “How profitable would we be if we were data-driven?”
According to McKinsey, supporting people with data, analytics and technology would lead to:
“Above-market growth and an earnings before interest, taxes, depreciation, and amortization (EBITDA) increase of 15 to 25 percent”
Intellectual property: Location & legislation
Of course, there’s no profitability in being data-driven unless there’s also security. And that also needs a review of its definition.
New privacy regulations and legislation are reshaping security requirements, in the same way cloud migrations are reshaping security perimeters, business locations and intellectual property repositories.
For example, organizations operating in the US are required to stay up-to-date with the many proposed and enacted bills at state-level. Further complexity comes from industries, with a patchwork of acts including HIPAA (medical), FCRA (credit scores), FERPA (education), GLBA (finance), and ECPA (telecoms).
Data access: Time to prepare for what’s coming
Data’s continued growth will see legislation continue to be introduced at pace. The rising complexity will generate increasingly nebulous attack surfaces. In response, provisioning multiple products and services is required.
Of course, traditional governance methods can’t be lifted and shifted to the decentralized and potentially multi-jurisdictional cloud environments. Lack of interoperability reduces the ability to implement hybrid cloud and on-premises solutions. Even when a migration is agreed, it can be a year or more before the first policies can be configured.
Things are similarly unmanageable at the product architecture level. Where there are different vendors for data discovery, data masking, tokenization, DAM. An alternative is needed to integrate data types, bridge storage silos, and connect ecosystems. A two-stage approach to data access, spanning governance and control.
Data Access Governance (DAG)
This is about gaining strategic visibility on data. Wherever it resides. So that you can answer business-critical “who has access, and to what” governance questions.
DAG is crucial for managing the rise in unstructured data, in areas including:
- Organization
Data discovery and classification - Ownership
Identifying who owns the data and mitigating orphaned content risks - Activity
Monitoring access and auditing sharing privileges - Storage
Governing cloud-based repositories, collaboration platforms, network attached storage (NAS), and directories
Data Access Control: Giving the right access to the right people at the right time
Data Access Control (DAC) is the execution of DAG strategy. That means authorizing and controlling usage to mitigate data leaks and breaches.
These span three main areas:
- Privacy
Ensuring data is processed according to data subjects’ rights and expectations, aligned to relevant laws and policies - Security
Ensuring systems are configured for least privilege access and safeguarding of confidential and sensitive data - Compliance
Ensuring visibility of data throughout the ecosystem, with historical tracking and enforcement of access requests and approvals
Traditionally, DAG and DAC were typified by passive processes where requests came in to be manually evaluated, permissioned or denied. Delays meant data often became out-of-date and obsolete. Alongside the obvious impacts on decision-making, these gaps can be measured in financial terms:
“Enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach. Globally, organizations took a median of 27 days to find an adversary and eradicate an attack and a median of 10 days to recover from a breach, totaling 37 days to find and recover from a breach. It also cost organizations a global mean of $2.4 million in total per breach”
Forrester
From complexity to convergence: A new platform for governance & access
To evolve beyond passive processes, businesses are turning toward the Data Security Platform (DSP).
By 2024, Gartner estimates 30% of enterprises will have adopted DSPs. The convergence-led DSP offers organizations a proactive route to solving the DAG and DAC challenges highlighted above. The model is also driven by growing demand for organizations wanting to be data-driven, while ensuring data privacy.
Features for the future organization
DSPs configuration and deployment can be complex, often via SQL commands. While this mirrors the complexity of cloud-based governance, it does mean a wide disparity between feature offerings. These include:
Data catalogs
The vast volumes of data means aggregation of data catalogs is required, covering the cloud to on-premises. Along with a standardized taxonomy and terminology. And aligned with rules governing how access is granted.
Policy maintenance
Policy writing has to provide a single source of truth for who, what, where, when, and how access is granted. This calls for constant maintenance and adaptation. Allowing rules and requirements to grow in complexity, aligned to how organizations and regulations are evolving.
Privacy controls
Multiple filtering, masking and anonymization techniques are required to ensure data privacy. However, these also need to factor in business requests for information sharing and data-driven decision-making.
Metadata enrichment
Metadata should be drawn from across organizational repositories, enriching data-driven insights and enhancing discoverability. Sensitive content should be tagged and restricted accordingly, freeing employees to focus on realizing data-driven insights.
Data anonymization
Getting this element right is about maximizing data’s value, while minimizing the risk. Where data can be classified and have the necessary restrictions applied.
Self-service workflows
End users should be able to submit access requests, view statuses, and have workflows applied. Related activity should be tracked at a granular and audit-ready level.
RBAC & ABAC
Whether role-based or access-based, control has to support data democratization. That means reducing bottlenecks traditionally caused by over-permissioning and over-restricting.
Moving towards the intelligent future of data governance
Let’s now look at how organizations can successfully move to this more converged state.
The talent shortage in IT is well-documented. However, managing the scale of modern data governance isn’t something that can be solved by increasing headcount.
There’s also the growing trend for what Gartner calls “small and wide data”. By 2025 the analyst predicts 70% of organizations will be focusing on these techniques, where it’s about extracting more insight from wider sources, rather than relying on larger data sets that don’t provide the necessary levels of 360-degree insights.
These trends are why the future of data governance means harnessing AI and ML.
Designed to handle omnichannel data sets, learn from historical behaviors, and make insights available to those authorized to view, crunch and act. Enforcing policies and automatic monitoring. Providing a platform for collaborating, understanding, and governing.
Naturally, this level of advanced technology doesn’t work with outdated policies, frameworks and obsolete tools. It requires dynamic, real-time processing. Plus the capability to automatically grant access for data-driven decisions, backed by compliant secure workflows.
5 reasons why AI-based automation is key to successful data governance
You’ll find this is all available with Velotix.
Dynamic, automated, and symbolic AI-based. The only AI-based data security platform that automatically grants the right access, to the right data, for the right people, at the right time. Here are five reasons why Velotix is your partner for reaching the new standard of data access governance.
Data discoverability
You can’t protect what you can’t see. That’s why Velotix helps you keep track of your existing data – and where it’s located. Making it automatically searchable, accessible, and ready to give you data-driven insights, predictions, and value.
Metadata queries go down to row and column level, across all your data catalogs. Integrating and automating from a single, standardized repository. Where you can access user information, or grant and revoke permissions. The Velotix AI engine learns from your previous requests, to make future recommendations for data sets that can unlock value and ensure end-to-end visibility of the data lifecycle.
Access & compliance delivery
Manually processing requests leads to bottlenecks and uses up valuable IT resources. That’s why Velotix automatically routes data access requests to relevant stakeholders. Approvals and rejections can be granted in seconds.
Automated recommendations from the AI engine support governance with analyzing users, data they’ve requested, business justification and location. Policy is added to the repository on a case-by-case basis, increasing granularity and flexibility with records.
Automated policy enforcement
The speed and complexity of modern policies puts unprecedented burdens on governance teams. Velotix gives you automatic data privacy control and constant enforcement. Taking away the manual processes involved when deciding what can and can’t be shared.
PII can be automatically restricted, giving peace of mind that risk procedures have been covered. Ready for audits, adapting to new regulations, and keeping your business compliant.
Automatic monitoring
Silos and disparate systems reduce visibility end-to-end. Velotix maps out relationships between datasets, so you can monitor who has access across the entire data access lifecycle. It’s all available from a single source of truth, for establishing data lineage and understanding variations in data.
Collaboration
Sharing data is also about democratizing knowledge. Data projects can be shared through Velotix, with security restrictions automatically applied. This can include BI tool integration, through the likes of Tableau, PowerBI, QLik, Jupyter and Looker.
There’s no need to replicate or duplicate data and potentially increase governance risks. Instead your employees can use refined data securely and with certainty. Freeing your business and its people to learn, innovate and evolve.
3 business use cases for AI-based automation
HR for staff retention
The Great Resignation has seen a record number of people leave their jobs since the pandemic. The costs of finding a replacement can soon add up – both in terms of staff morale and financially. For example, Walmart was able to use data analytics to quantify a net loss of an associate within 90 days, and measure ‘millions of dollars’ in savings from every 1% in reduced staff turnover.
That’s why organizations are looking to automated technologies to understand employee sentiment, identify potential resignations, and take preventative action.
However, automation also means freeing up employees to focus on more strategic, value-added and rewarding areas of work. This can mean they’re less likely to join the Great Resignation:
“This not only creates more productivity with a smaller workforce; it’s creating better jobs and career paths for people to encourage them to stay or to rejoin the workforce.”
McKinsey
Sales operations
Intent data is a powerful dataset for revealing when target audiences are in “buying mode”. Gathering this intelligence requires data to be collected at scale, with triggers and workflows to alert sales executives to make contact at the right time.
Of course, this does involve careful management of PII. However, when made compliant, organizations can harness automated innovations such as conversation automation technologies.
“Conversation automation technologies help B2B marketing and sales leaders holistically approach the design, deployment, and optimization of conversational interactions to deliver relevance and value in the moment while informing the timing and treatment of the next action”
Forrester
Customer retention & marketing
Organizations have long known that it’s cheaper to retain than acquire customers. However, it’s now possible to know when churn is more likely – and take preventative action. This can be through sentiment analysis, or by monitoring behavioral changes in how customers use a product or service.
The rise in omnichannel and connected devices means these insights can be gathered in real-time, securely, and at scale. But only after applying the necessary governance processes. Organizations that get it right can deliver holistic, personalized experiences – also at scale.
“Intelligent automation can smooth customer experiences and spark loyalty through error reduction. It can release your R&D talent to invent and innovate products. It can rapidly execute decisions to help you rise above your competition”
Deloitte
Ready to discover AI-powered data access governance?
Contact Velotix today and start your journey to an intelligent, automated, and streamlined future. Where your organization becomes truly data-driven, while also maintaining data privacy. And where your employees have real-time access to the data they need, from a single source of truth. Supported by policies, permissions and processes that are up-to-date, dynamic, and tracked throughout the data lifecycle.
Table of Contents
