At the recent InfoGovWorld conference, I had the opportunity to participate in a panel discussion about the future of Data Governance.
Common themes were the growing importance of governance metadata, especially in the areas of business value, success measurement and reduction in operational and data risk. The future lies in metadata management.
Governance metadata management was the primary reason for starting MetaGovernance 15 years ago. We observed so many client teams trying to execute governance by spreadsheet and PowerPoint. We saw too many metadata tools that were under-utilized. Technology teams and governance teams were not aware that effective Data Governance could be accomplished by defining the business, technical and risk problem in the context of metadata relationships.
Our last TDAN column was on eliminating waste in the data factory. We compared data with inventory and drew parallels on the advancements in optimizing manufacturing inventory to sorting out the data mess across corporations. In manufacturing, the process is Lean Production. In data, we call it Lean Governance. Both are based on Goldratt’s Theory of Constraints.
In this column, we are going to carry this analogy one step further to governance metadata management. Classification and tagging are critical to managing inventory. Classification is also key to Data Governance and risk management. Using the example of a tanker truck spill, all eyes are on toxic chemical marking and protection. It is critical to quickly determine if the tanker contained a flammable substance or soft drink. The same is true with data. Does the database that just got stolen on the laptop contain Confidential or PII data, or low-risk internal data? Classification and awareness of the location of the “inventory” is the same in both cases.
The task of tracking of all these classification and location details can be daunting. The solution lies in metadata. Specifically, governance metadata management. Looking at Data Governance, or Information Governance, through the lens of metadata provides a practical path forward. A path where less is more. Less people, less technology, less cost, and if done correctly much less risk.
We have spoken often about the metadata chain that links corporate business drivers and objectives directly through processes, controls, systems, people, databases and finally data. This is done by viewing this complex puzzle as a series of related metadata relationships. Each relationship is very simple, yet when combined together form a powerful systems view of the company. The only complexity involved here is two-fold. One is failure to define the problem as these discrete relationships. The second is leveraging a technical metadata tool to collect non-technical governance metadata.
Let’s walk through an example. As stated earlier, the first step to inventory management is classification and tagging. “Parts” need to be grouped into similar inventory. On the factory floor, there are component to sub-component groupings. In the data factory, we use subject areas, or domains of data. In both cases, every part is tagged or labelled. The relationships of parts are also captured.
One of the benefits of governance metadata management is that you can define characteristics of data at the subject area level. These characteristics are then associated with individual business attributes. In most cases, the relationship is direct association. For example, if we have a Subject Area of Customer Credit Data, most business attributes would have a security classification of internal use. Therefore, we would set the metadata tag for Customer Credit Data to INTERNAL. However, within the 250 business attributes of Customer Credit Data, we found Social Security Number and FICO score. In most companies, these attributes are considered CONFIDENTIAL. So, they must be tagged with the more restrictive classification. Again, tagged as metadata.
Why do we care? The answer lies in solving the right problem and being realistic about risk management. Companies are starting to encrypt and restrict access to CONFIDENTIAL data, at the physical data level. We saw this in action at a recent client. They literally followed their internal guidelines. Data that is CONFIDENTIAL must be encrypted and restricted. The problem is that they classified, in this example, the entire 250 attributes of Customer Credit Data as CONFIDENTIAL. They encrypted the related tables and went through organizational hoops to restrict access. Data, control, and processing costs skyrocketed, while operational efficiency plummeted. We found that of the 250 business attributes, only 5 were truly CONFIDENTIAL. The client was able to narrow the security controls to these 5 attributes which reduced complexity, costs, controls, etc., with no loss in data protection and huge gains in business productivity. We documented our findings as governance metadata.
Governance metadata management requires the correct set of tools. Spreadsheets are not sustainable. Nor are technologies that focus solely on technical metadata. Technology focused metadata tools lack the ability to associate the metadata relationships back to the business. To bring the Data Governance and Information Governance under a common business and risk umbrella, we need to capture the metadata glue that binds structured to unstructured data.
Governance metadata management is an ever-changing puzzle due to corporate and system transitions. Organizational realignment changes the data stewardship model. System replacements change the system of record and legacy. Accounting rules change complex calculations. All of which need to be defined as metadata. By improving their governance metadata management, an organization can isolate only the specific relationships that change. This saves so much effort in procedures, controls, and reports.
Governance metadata management is an art form, not a science. It is important not to let the bureaucracy of typical Data Governance filter down to the metadata layer. Think lean and focus on business value. Governance metadata management needs to be risk and business-driven and not a sole focus on IT data architecture. It is important to identify the relationship links that are critical to solving the data governance problems and make certain you are using metadata tools that support the entire spectrum of Data Governance and Information Governance architectures.
Lean Thinking solved the factory inventory management problem for many companies. Applying these same concepts, along with the power of technology-driven governance metadata management, can also sort out the enterprise data factory. Solving this very interesting metadata puzzle makes great inroads to overall customer satisfaction and corporate risk management. Enjoy the journey.