TDWI | Training & Research | Business Intelligence, Analytics, Big Data, Data Warehousing

Data Governance Doesn't Need to Be Gatekeeping

To support self-service practices, we need to reframe the way we think about data governance.

• By Steve Swoyer
• March 29, 2017

If you want to bring any discussion of business intelligence (BI) and analytics screeching to a halt, try invoking the "G" word: governance. For most of its history, governance has been the data management equivalent of Voldemort: that which must not be named.

Thanks to the self-service revolution in BI and analytics, this history is fast becoming ... well, history. Believe it or not, governance is now enjoying a moment, one long overdue.

"In the age of self-service, the traditional models of governance, which have always been about restricting access, really no longer work. The job of governance moves from being gatekeepers of data to something like shopkeepers," argues Donald Farmer, a principal with information management consultancy TreeHive Strategy.

Farmer will teach a provocative new course, "Governance in the Age of Self-Service," at TDWI's upcoming Chicago conference. His course outlines a pragmatic program for governance that he argues is ideal for supporting self-service BI and analytics.

The Relationship Between IT and the Business

"Governance in the Age of Self-Service" explores the radically changed relationship between IT and the business. It's been a long time since IT had the power to dictate terms to the lines of business; in fact, savvy IT organizations are increasingly making it a priority to accommodate the reasonable needs of their business customers. Concomitant with this, they're reevaluating the core assumptions, concepts, and methods of traditional governance.

"The challenge of self-service governance is to meet consumers where they are. This means making it a priority to get people the data they need when they need it -- instead of listing all of the reasons why what they're asking for is irresponsible or impossible," he says.

"For example, if you want people to be able to analyze customer data, you don't give them access to your [master] customer database, you actually prepare special data sets for them which are cleansed and quality controlled the way you want them to be."

The approach to governance Farmer describes sounds like it would be difficult to reconcile with conventional data warehouse architecture. He isn't envisioning a post-data-warehouse world, however. On the contrary, he has something else in mind: call it a data-warehouse-and-more perspective.

In traditional governance, the data warehouse enjoyed a kind of conceptual primacy: it was the cleansed, consistent, and, above all, tightly controlled repository for business-critical data. A data-warehouse-and-more perspective shifts the warehouse off to the side. "Rather than creating a huge, all-purpose data warehouse to which you carefully control access, you create smaller, more atomic, subject-specific feeds from the warehouse and other sources," Farmer explains.

In the new era of self-service governance, he stresses, the warehouse is still a source of business-critical data -- but it's just one among several sources of business-critical data.

Promoting, Not Restricting, Access

Another, subtler shift has taken place, too. In the legacy model, the IT gatekeeper transformed the data warehouse into a command center for governance: it became a means of enforcing increasingly stringent control over the access, use, and disposition of data.

On the one hand, access was centralized: people could go to the warehouse to get the data they needed. On the other hand, data movement was one-way: data flowed into the warehouse but rarely back out again. People had to go to the warehouse to get the data they needed. By preventing users from creating data extracts or feeds, the IT gatekeeper could, in theory, control how information was used or disseminated.

Ultimately, restriction, not access, was the IT gatekeeper's default posture.

The opposite is true of the shopkeeper's approach to governance. "When I talk about moving from 'gatekeepers' to 'shopkeepers,' I use that image because it resonates very well with people. For example, the shopkeeper doesn't just sell groceries: she also sells things such as cigarettes and beer. I use that metaphor because those are strictly governed products. Being a shopkeeper isn't a free-for-all; there are very strictly governed categories for shopkeepers as well," Farmer explains.

Governance in the age of self-service is to some extent laissez-faire without being wholly hands-off. "It's not giving up on core or essential restrictions, but it is very much about meeting people where they are and offering them what they need," he comments.

"It's a change where people become participants in systems rather than just 'users.' The idea that you're a 'user' of a system is bizarre language. You're not a user in the sense that you're using the system like you'd use a screwdriver or a hammer. You're actually a participant in something much more complex. You're interacting with other participants."

Framing Matters

Like a good computer scientist, Farmer thinks we need to be very clear about the terminology we're using. His course teaches students to distinguish between governance, compliance, privacy, and security. All four concepts are related, but they don't all describe the same things.

"My definition of governance is about having a strategy and having a plan for compliance, privacy, and security," he says, stressing that all of these terms include hidden assumptions, biases, and histories. They're going to have to be reevaluated, perhaps even reinterpreted, if they're to be effectively reconciled with the consumer-centric priorities of the self-service age.

"The language we use to describe data access is metaphorical. We say we're going to give someone 'access to' data. What does that metaphor tell you? It tells you I'm in here with a system that I'm keeping you out of. The whole concept is that of someone on the inside protecting something -- information -- from someone on the outside," he concludes.

"The shopkeeper metaphor is different. It frames the issue of [data] access as pulling information out [of a system], as 'displaying' it for people. Metaphors can subtly determine how things like this are understood -- as well as how they evolve over time."