The data governance process: Protect and power your business

by Dave Parker, Group Head of Data Governance, Arrow Global On September 25, 2020

Blog Category: Privacy & Compliance

x-icon

Employees need to access data to do their jobs. But as data governance professionals, it’s our job to protect it. Therefore, we must perform a fine balancing act to weigh robust data protection against the productivity of workers who need the data to maintain business-as-usual working processes.

Data grows exponentially, and most organisations will admit that they simply don’t know what data they have, where it is, and the controls that exist around it. This creates 2 challenges:

  • Burgeoning amounts of unstructured data makes the business increasingly vulnerable from external attackers or internal data breaches.
  • Because data is the key to understanding a customer’s wants and needs, if the business can’t identify its data and unlock its value, it’s at a competitive disadvantage.

As a European investor and alternative asset manager, here at Arrow Global we take care of £50bn of assets and own a data estate exceeding 160TB. How we manage our data to protect and power our organisation is key to our success. We understand the difficulties involved in opening up environments to allow people to work productively, while at the same time locking them down to protect our organisation.

When it comes to analytics, I believe that Arrow is highly proficient because we employ a talented team of data scientists. But even for us, the sheer volume of raw and processed data, that resides in both our structured systems and unstructured data repositories, has the potential to put our business at risk.

We know there’s always more that can be done to strengthen our security posture and ensure regulatory and contractual compliance, while at the same time using our data to drive the business forward.

Data protection isn’t just about compliance

For many organisations, data protection has centred on demonstrating compliance with the GDPR. At Arrow, our efforts have gone one step further to include our contractual exposure.

Being a more mature data organisation, we had previously tried to develop an application in-house to manage our data estate and our data governance challenges. However, with 160TB across the company in production data alone, we simply couldn’t achieve the scale we needed to handle the sheer volume of data. Of course, the volume is just the start – once you know what data you have, you then need to be able to categorise the data and put it into a structure, so the business can analyse it for a specific use case.

We knew we needed to go to market to find an industrial-strength data discovery product to replace our in-house application. By aligning our choice of product to our overall IT and change strategy, meant that ultimately, we ended up with a far better outcome than we’d anticipated.

 

Position data as both a risk and an asset

Data touches every part of an organisation, so when it came to building a business case for buying-in a data discovery software platform, we approached it in a way that would speak to different people at the same time. We did this by posing the question:

What do we want to do with data in a way that is GDPR-compliant, contractually-compliant and enables us to better service our clients?”

These are the black and white tests of information governance – to recognise the importance of data to protect and power the organisation. They’re applied in a way that enables us to commoditise data and use it to drive the business forward, by forcing us to consider how we would use the data – for example, creating value-based pricing for our clients.

In aligning the business case to initiatives that were already priorities within the boardroom, we knew that we’d gain the attention of the senior leadership team and it would be easier to get the buy-in and budget we needed. And in the end, everyone wins – we get what we need to protect the data, and the business gets to distil the data’s value to better meet our customers’ expectations.

Get visibility of data at scale

For us, things got really exciting once we were able to see all of our data at scale. We chose Exonar because it allowed us to discover our data in ways that other products couldn’t. And the interface between the user and Exonar meant that everyone – both technical and non-technical users – could understand the technology and the findings it revealed.

When we saw exactly what data was in the estate, where it was and who had access to it, data security became much easier and the risk of data being compromised was dramatically reduced. We can see exactly where the vulnerabilities are and restructure how our data is stored to strengthen security. Then over time, we can use search, workflow and analysis to optimise the infrastructure and continually identify new areas to improve.

Commercialise the data

From a wider-business perspective, once people can see the data, they can start asking “What if…” to query it and distil its value. But it’s more than just the data itself. It’s not uncommon for data relating to the same thing to exist in unconnected systems across the business. For example, customer interactions and incidents or events.

Exonar is capable of joining the dots in disparate data sets. By stitching these data sets together, we can get a better overall view of our customers and use the outcomes to think of new, different or better ways of serving them through enhancing or adapting our offerings.

Why other financial services businesses should also take a smarter approach to data

  1. By changing your approach, you can use data to protect and power your business and the people you serve.
  2. By positioning data as both a risk and an asset, you elevate its position to give it priority in the boardroom. Ultimately, it’s data that helps the business make informed strategic decisions about how to strengthen its competitive advantage.
  3. By gaining visibility of data at scale, you can see exactly what data you have and where it is. This gives the business confidence about the actions needed to ensure it is secured in both a regulatory and contractually compliant way, and that people are doing the right thing with data at all times.
  4. And joining different data sets provides you with a single view of ‘X’ within your data, no matter where it is. Helping to support your wider-business strategy and priorities, it gives you the information you need to secure a business advantage and generate value.