Governance: Survey Reveals Best Practices Lagging in Most Enterprises
Results from TDWI’s latest Best Practices Report show governance practices still fall short of best practices.
- By David Stodder
- September 15, 2015
As more users engage in self-service business intelligence, visual analytics, and data discovery, organizations need to establish data governance to oversee what data is being accessed, how it is being accessed, whether data quality is appropriate for users’ analytic processes, and other data protection tasks. Perhaps most important, governance must cover adherence to data security, privacy, and other regulatory rules. With enterprises moving toward less IT oversight, the risk that users might view and share data they should not rises, hurting the organization’s reputation and leaving it exposed to penalties.
Fortunately, recognition of the importance of data governance is resonating in the industry. Technology providers today talk up the need for "managed" or "governed" self-service data discovery and analytics; many have beefed up their data management tools to enable centralized oversight of self-service BI and analytics.
Rather than use these new capabilities to attempt to lock down all data, organizations need to seek a balance. If data governance is unnecessarily tight and full of red tape, users will not realize the potential business value of data. Most likely, organizations will simply relive the problems they had with centralized, IT-controlled BI. Users will go outside of IT’s dominion and set up their own "shadow IT" systems to support self-service BI and analytics.
Governance can mean different things to different organizations. In the recently published Best Practices Report I wrote, Visual Analytics for Making Smarter Decisions Faster (TDWI Research, Third Quarter 2015), we explored which modes of data governance research participants are currently employing to manage users’ self-directed implementation of BI and visual analytics tools.
We asked them to indicate how accurately each of a series of statements described their organization’s approach to data governance. With 339 business and IT research participants replying (representing a cross-section of organizations of different sizes and in different industries), the results give us a good sense of where organizations are today with governing self-service BI and analytics. Here’s a look at the results:
"Users have role-specific access to data inside our organization." By far the most research participants (82 percent) indicated agreement with this statement (42 percent saying it was very accurate). Role-based access is an effective method for ensuring that users can only access and interact with data they are supposed to access according their role and responsibilities.
"IT is responsible for data governance for all users." About three in five participants (61 percent) called this statement accurate; 18 percent said it was somewhat inaccurate and 17 percent said it was not at all accurate. Clearly, when it comes to data governance, in the majority of organizations, IT is expected to take charge.
"Our data governance covers not just data but what users do with it." Nearly three in five participants (59 percent) said this statement was accurate, including 25 percent who indicated it was very accurate. These organizations have a broader strategy toward governance than just securing the data within their systems. One step is to track data lineage so users understand the path to their analytic conclusions, including the quality of the data they are using.
"Data management and data ownership policies are documented." Only 11 percent of research participants said this statement was very accurate, with 44 percent indicating it was somewhat accurate. Documenting data management and ownership policies is not always easy, but it can avoid confusion and help organizations assign responsibility for governance.
"Governance is overseen by our center of excellence (CoE) or competency center." Just under half (48 percent) said this statement was at least somewhat accurate, with 16 percent calling it very accurate. A CoE or competency center can be critical to supporting "managed" or "guided" self-service visual analytics and data discovery because it can ensure that business and IT leadership provide joint, visible, and sustained leadership. A CoE can also spearhead the documentation of governance policies.
"Data governance efforts limit flexibility for business users." About two in five (42 percent) research participants acknowledged the accuracy of this statement of the potential downside of too tight a data governance policy; 46 percent, however, said it did not describe their organizations (12 percent said they didn’t know). This indicates that finding the right balance is still an issue in many organizations.
"Our governance focuses only on data security." Almost two in five (39 percent) said this statement accurately describes their organization. Data security is an essential part of governance, but most experts believe the scope of governance should be broader to include other people, policy, and project strategy concerns.
What, No Governance?
We had to ask whether research participants agreed with this statement: "We do not have any data governance." It would seem foolish to engage in BI and analytics without data governance, yet about one-third (34 percent) of research participants said this statement was an accurate description of their organization; 60 percent said it was not accurate and 6 percent didn’t know.
Even in smaller organizations, data governance is essential; "winging it" could lead to mistakes and problems that can sidetrack firms from their business objectives. Firms that do not currently address data governance in a dedicated manner should make it a priority, especially as self-service tools for data access and analysis spread beyond IT’s direct oversight.