Intelligence and Trust: The New Pillars of Data Governance
With enterprises and their customers transacting more online than ever, the security of these transactions, and the trust between businesses and their clientele requires a solid basis.
IDC focuses on this with its insights into the Future of Trust, with particular attention to data governance. Financial Services Institutions (FSIs) and their clientele are attractive targets for hackers, and they must step up to the increased demands for better security for themselves and the people who rely on their services.
Maintaining trust in a volatile environment
IDC Cybersecurity Products Program Vice President Frank Dickson defines the Future of Trust this way: “Trust, in its basic form, is a condition that (1) enables decisions to be made (2) between two or more entities (3) with a level of confidence in quantifiable risk and subjective reputation for an exchange of mutual benefit to occur. Traditionally, trust as is applied to business centered on a conversation around security.” Thus, the future of trust “means that trust is now an up-leveling of the security conversation to include attributes such as risk, compliance, privacy, and even business ethics. These elements transform the conversation from what ‘must’ a company do to prevent negative outcomes to what “should” a company do. Thus, traditional approaches to security, risk, compliance, and privacy are facing challenges both in scope and scale.”
For IDC, trust is “an up-leveling of the security conversation to include attributes such as risk, compliance, privacy, and even business ethics. These elements transform the conversation from what ‘must’ a company do to prevent negative outcomes to what ‘should’ a company do.”
“Trust is more than just about mitigating harm, but also maximizing return, creating a differentiated impact on revenue, expenses, and shareholder value,” Dickson said. He is the lead for IDC’s Future of Trust research.
In an Aug. 25, 2020 report titled Data as an Asset: The New Challenges of Data Governance and How Asia/Pacific Financial Services Should Respond, IDC shared insights that illustrate the requirements, benefits and methods of comprehensive data governance for financial services institutions (FSIs). The challenge for many FSIs is that the format, usage, and complexity of data capture, propagation, and integration have significantly evolved, and the risks associated with poor data quality and governance even more so. Data must be accurate, intelligent, trustworthy, and connected.
IDC Financial Insights for Asia/Pacific associate vice president Michael Araneta said in that report that “data will not maintain its value unless governed properly to keep the characteristics that make it accurate, intelligent, trustworthy, and connected. Metadata, data lineage, data source, and other characteristics for high-quality digital data must be defined and maintained continuously. Ultimately, these characteristics create the foundations for the trusted use of data throughout the enterprise.”
Other characteristics about the data these FSIs have in their systems must also be tracked and interpreted correctly every time it is used, besides ensuring that the data is accurate. Questions including “How and where was the data sourced? How can we validate it is accurate? Has the customer given us consent to use or share the data?” are among the requirements that must be known about the data. The Digital Data Quality Characteristics spectrum defines the characteristics of high-quality digital data and highlights the role data governance plays in creating and maintaining it.
In an April 23, 2020 report, IDC shared the information it gathered from documenting the rise of the digital economy and the digital transformation that organizations must undergo to compete and survive in this economy over a five-year period. It launched nine new research practices in 2020 that bridge its traditional technology market view with a business outcomes view. These practices seek to provide context to what is happening in the digital economy—explaining the desired business outcomes, such as engendering trust or becoming an intelligent organization, and how technology can be used to achieve these outcomes. One of these practices is the Future of Trust.
According to IDC’s 2019 CEO Survey, digital trust programs are the most important agenda item in the next five years. The emphasis on trust will affect enterprise organizations in multiple ways, including:
- By 2023, 50% of the G2000 will name a chief trust officer, who orchestrates trust across functions including security, finance, HR, risk, sales, production, and legal by 2023.
- By 2025, two-thirds of the G2000 boards will ask for a formal trust initiative that executes a road map to increase an enterprise’s security, privacy protections, and ethical execution.
- By 2025, 40% of Fortune 1000 companies will require partners and vendors to meet trust scores as a condition of doing business.
The future of trust means traditional approaches to security, risk, compliance, and privacy face challenges both in scope and scale. These challenges should be met by addressing the five elements of trust, Dickson said, explaining that “we do not approach each pillar individually—the elements of trust have layers of implementation. Much like the hierarchy that Maslow proposed for human needs, trust is implemented in a layered approach.”
Dickson also said each of these five elements builds on each other to create a hierarchy of trust needs. Here are the five elements of trust:
- Risk: The foundational layer of trust. Risk is a function of visibility and the likelihood and impact of some outcome occurring. Any outcome, positive or negative, could impact confidentiality, integrity, availability, productivity or revenue. In the future of trust, organizations need to go beyond the classic definition of risk and think about visibility and transparency. A formula that includes transparency recognizes the importance of assessing every possible factor or action that could reduce or improve internal or external trust.
- Security: Once enterprises have built their trust foundation on a continuous assessment of risk, they can tackle the compulsory or “must-do” items of trust. Protection of IT assets, regardless of whether they be data, application, network, or device, is a fundamental requirement—one that is usually made compulsory by an enterprise’s technology or legal department. Failure to protect these assets can result in disastrous, highly publicized breaches that can cause customers, partners, and stakeholders to lose trust in your organization—and for organizations to lose competitive advantages and profits.
- Compliance: Regulatory and policy compliance are described as other “must-dos.” Protecting IT assets is critically important to trust, and Protection of IT assets, regardless of whether they be data, application, network or device is a fundamental requirement, one that is usually made compulsory by an enterprise’s technology or legal department. Regardless of where the demand comes from, compliance will continue to be a part of the future of trust. What enterprises must understand is that these compulsory requirements will only grow as the threats to Trust expand. Regulations, standards, and oversight requirements are not going to shrink and failure to comply with them is a twofold risk. Compliance often offers some protections against threats and bad actors, and failure to comply incurs costs and penalties (including loss of brand trust if that failure becomes public).
- Ethics and Social Responsibility: With a strong foundation and close attention paid to compulsory elements, organizations can focus on the strategic elements of the future of trust that create true competitive advantage. Focusing on ethics and social responsibility is a shift in perspective; while the earlier elements enable organizations to identify, anticipate, and avoid negative outcomes, ethics and social responsibility offer an opportunity to create positive outcomes.
- Privacy: Like ethics and social responsibility, focusing on customer/stakeholder privacy is an opportunity to leverage trust elements to create positive organizational outcomes. Demonstrating that protecting your audience’s data and rights is a priority engenders goodwill with consumers, who are more likely to stay loyal to brands that demonstrate high trustworthiness.
Data governance in the digital economy
IDC Research Director for Data Integration and Data Intelligence Software Stewart Bond meanwhile, explained in the IDC Blog that “since the future trust environment introduces new elements that go beyond the traditional ideas of security, risk, and compliance, IDC proposes three new outcomes: Trusted Enabled Commerce, Trusted Ecosystem, Trusted Governance. Trust is about maximizing return, creating a differentiated impact on revenue, expenses, and shareholder value.”
“Data governance,” Bond wrote, “is an organizational discipline that requires a vision and strategy, appropriate people resources and organizational structures, processes, data, and technology to operate. Because data is a digital asset and has mostly been managed within the realm of IT, organizations are quick to look at technology, expecting to find data governance software and solutions that will solve all their problems.”
He also noted that “technology is only part of the solution. True data governance software is a myth; instead, organizations need to invest in software that supports the process of data governance. IDC calls this data intelligence software.”
Data intelligence software, according to Bond, is a collection of capabilities that helps organizations answer and manage six fundamental questions about data:
- Who is using the data, who created the data or asset, and who is responsible for it?
- What does the data represent, what is the data being used for?
- When was the data created, when is the data being used, and when will the data expire?
- Where is the data in the organization, and where is it being consumed?
- Why does the data exist, why is the data being persisted, and why is it being used?
- How was the data created or captured, and how is it being used?
- Additionally, data intelligence software adds another dimension: relationship. What relationships are inherent within the data and between the people that are generating and consuming the data?
“The answers to these questions are what informs and guides use cases around data governance, data quality management, and self-service data,” Bond explained. “To collect these answers, organizations must harness the power of metadata that is generated every time data is captured at a source, moves through an organization, is accessed by users, is profiled, cleansed, aggregated, augmented, and used for analytics for operational or strategic decision making. Data intelligence software goes beyond just metadata management, and includes data cataloging, master data definition and control, data profiling and data stewardship.”
“One of the reasons these past attempts at data governance have failed is that intelligence about data was created and maintained manually,” he wrote. “Another is that the variety of intelligence required to answer the fundamental data governance questions has not existed before now. A recent IDC survey uncovered that spreadsheets, custom software, documents, and word of mouth were among the topmost frequently used methods of cataloging data. Manual processes have never been able to keep up with the pace of change, in business or technology; and now in the age of digital transformation, change is even more rapid and constant, within increasingly complex technical and business environments.”
As Bond puts it, data intelligence “is a fresh and almost intriguing term to organizations because it doesn’t imply constraints, but promises opportunity – to learn more about the data itself and how the organization uses data. Furthermore, data intelligence moves beyond answering the fundamental data governance questions and, when combined with the content of the data itself, may yield a whole new level of insight in this age of big data and digital transformation that has not yet been possible.”
Data is the center of digital transformation and it deserves specific attention as a critical building block for the digital platform. Organizations now face “more complex ecosystems and business environments within an expansion of data characteristics, types, constructs, behaviors, domains, social contexts, and hybrid technical environments,” Bond wrote. “Historically, data professionals have focused on the three V’s of big data: volume, velocity, and variety. These big data characteristics still exist and have become ingrained in data operations, but to get value from data in the era of digital transformation, data professionals need to shift their focus toward the three A’s: awareness, augmentation, and automation.”
He added that data intelligence software “provides organizations with an awareness of where their data is, who is using the data, and why and how the data is being used.” This software also “augments data with technical, semantic and business metadata, adding key knowledge elements so that data and data usage is better understood. Data intelligence demands automation of data discovery, definition, duplication, consistency, usage, and protection; manual processes no longer cut it when it comes to data governance or management.”
In a world where businesses and their customers are leveraging digital technology to survive and adapt, trust is a vital component of the relationship between the two.