Data provides delicious business results when managed and analyzed, but it leaves a foul taste when lost, stolen or misinterpreted. Today businesses must plan out a data governance journey and avoid a meandering path to disaster, according to Mark O'Neill, innovation vice president for Axway, an application programming interface (API) server and services provider.
Simply put, more information is flowing across more applications to more end users and more devices than ever before. "With the continued growth of mobile apps, social computing and cloud technologies, coupled with the emergence of the Internet of Things [IoT], organizations face a perfect storm of risk and complexity for mission-critical data flows," O'Neill said.
In this interview with SearchSOA.com, O'Neill gives advice on using big data governance best practices and describes the benefits of managing data well.
What's different about data governance best practices and strategies for information flow in enterprise architectures between five to 10 years ago and today?
Mark O'Neill: Previously, strategies for securing data flows meant securing the perimeter around enterprise architecture. Today, the concept of a perimeter no longer applies. With employees using mobile devices, and the usage of cloud services, it is no longer possible to draw a ring around the data flows. Instead of drawing a perimeter, the data itself in the flows must be secured. This presents a different data strategy, focusing on the data itself. In effect, the perimeter shrinks down to the data itself.
What new business dynamics are impacting how data flows across organizations?
O'Neill: What we're seeing in organizations across all industries is the 'de-perimeterization' of business. Meaning, traditional boundaries no longer exist. Employees are working remotely and bringing new risks into the workplace with mobile devices, social logins and personal cloud technologies, while organizations are using a combination of cloud and on-premises systems. And with the introduction of APIs enabling new levels of interaction with consumers, those perimeters are further removed.
What does a future-facing data flow strategy look like in terms of architecture?
O'Neill: A forward-looking data flow strategy involves steps to encrypt the data itself, not just relying on an encrypted tunnel. This involves a number of architectural components, such as security as a service, which enables you to encrypt, decrypt, sign and validate data, using service, or API, calls, rather than embedding security features into the architectural components themselves.
Organizations face a perfect storm of risk and complexity for mission-critical data flows.
Mark O'Neill, Axway innovation vice president
How can enterprise architects and developers keep up to date with constant changes in data flow management and the demands that new types of data put on the enterprise?
O'Neill: As new technologies introduce new challenges in the enterprise, it will become increasingly important for architects and developers to follow trends in APIs and the [IoT], such as the REST API movement and the growth of IoT protocols like MQTT [Message Queuing Telemetry Transport]. Doing so will allow enterprises to fully capitalize on new technologies as opposed to playing catch-up on managing their associated challenges.
What are the data governance challenges and risks organizations face today?
O'Neill: The biggest challenge facing organizations is effectively maintaining audit trails of data flows. With all the various forms of data flooding the enterprise and the continued decline of siloed environments, it's easy for organizations to expose themselves to undue risks. Coupled with the rise of the omnichannel world, these data flows are more diverse than ever, and compliance and regulatory issues are right around the corner for organizations that do not take the necessary steps to [impose] data governance.
Could you provide a real-world example of a data governance issue an organization could face?
O'Neill: Pharmaceutical companies must be able to track data related to trials in which patient information must be controlled. Or take the healthcare industry in general. Sensitive data with strict compliance demands are collected by the second, and meeting these demands without proper governance will only become more difficult as mobile health adoption becomes more and more pervasive. The government sector faces similar challenges. As data travels between agencies, it is increasingly exposed and could potentially violate strict regulatory requirements.
How can organizations securely address these data integration and governance challenges?
O'Neill: Securely addressing these challenges boils down to a two-step process. Firstly, organizations must gain visibility into their data flows, all the way from the source to the data's final destination within the enterprise. This entails visualizing and quantifying data, and understanding the various types, including file sharing, email, various applications and others. Then, after gaining visibility into data flows, organizations can securely apply the necessary policies that ensure governance from the outset. Approaching governance in this way helps organizations not only effectively manage their data, but also capitalize on it with confidence, knowing [its] quality is uncompromised.
What's possible for organizations once effective data governance best practices are used?
O'Neill: This is two-fold. Firstly, in a reactionary sense, an organization is now protected. For instance, in the event of an audit, with the necessary compliance in place, businesses can ensure they are safe and have taken appropriate measures. Additionally, if a customer or partner in an organization's ecosystem suffers a data breach, the company can feel safe knowing that the necessary controls and policies are in place to withstand such a scenario.
The second aspect is more proactive. As mentioned, data governance really fuels what an organization can do with data. It allows a business to understand the impact of various decisions and gain insight into opportunities to leverage new channels. And it doesn't end with the here and now. Data governance lets an enterprise plan for the future, from infrastructure decisions to new applications. With new levels of quality information, decision makers can plan based on facts. The [return on investment of data governance ultimately feeds directly back into the organization.
Jan Stafford plans and oversees strategy and operations for TechTarget's Application Development Media Group. She has covered the computer industry for the last 20-plus years, writing about everything from personal computers to operating systems to server virtualization to application development.