How Does Big Data
Change Your Way of
Managing
Information?
A Best-Practices Guide for Data
Managers
By Erian Laperi, Director Enterprise Data Management and Business Enablement at AT&T
How Does Big Data Change Your Way of
Managing Information?
Table of Contents
First Step: Get Started! ... 2
Second Step: Foster a Commitment to Privacy ... 6
Third Step: Protect Your Data ... 7
The Final Step: Is Your Program Creating Value? ... 9
The age of Big Data is upon us. Storage costs are going down, and data analytics is becoming more capable and more user-friendly. Even your auto mechanic will be storing a petabyte of data soon.
Big Data will give businesses new insights and help improve operations. With these new tools come questions about how to use them. But your mechanic knows more about fixing a transmission than developing a Hadoop cluster, and similar concerns hold true for larger enterprises. Businesses everywhere are looking for guidance.
What should organizations do with all this data? What guidelines should they follow in order to:
Best manage their data and preserve its value
Foster a commitment to privacy
Protect the security of their data
The right answers never come without asking the right questions. In this article, we offer some thoughts on our continual-improvement program, called AT&T Data Excellence. We don’t have all the answers and we aren’t perfect. But based on years of experience managing vast amounts of data, we hope we have some helpful guidance to offer your business.
We recognize that there is no one-size-fits-all solution to data use, management, and protection. It will depend on your organization, your data, and your data uses. This paper presents thoughts on the types of practices and procedures to consider.
First Step: Get Started!
Data is valuable, and we should treat it that way. Take a holistic approach to managing it. This should include protection of data, attention to its quality,
compliance with applicable regulations and privacy guidelines, and rules for access and usage.
Appoint a Chief Data Officer, or someone who can serve in that capacity. We
love our Information Technology (IT) team, but IT is not the only organization that represents a complete, comprehensive picture of data. Data is also about privacy, policy and compliance, business strategy, marketing, customer service … pretty much every corner of the business. Consider dividing up data and IT organizations with clear lines of responsibility. IT is responsible for the
information systems, while the Chief Data Office is responsible for managing
data as a corporate asset through its lifecycle, including making business
decisions regarding what types of data is collected, the purpose of use, data retention, disclosure, onward transfer, and finally data disposal.
Understand your data assets. Data is no longer a storage problem, but is now
also a means to create insight to improve your operations and services. Treat data as a valuable asset – measure its cost and value, even if in a pro forma balance sheet. You can’t manage what you don’t measure.
Establish a data quality program. If you think this is a lot of work or it costs
too much, think again! You can’t afford the price tag of rework. Create data management processes that care for all aspects of data management, guided
by Six Sigma Quality by Design if possible, while at the same time encouraging innovation and enabling new business capabilities.
Define data stewardship responsibilities. In the life of data, three phases
matter: (1) creation, (2) storage and use, and (3) destruction or onward
transfer. It is the IT department’s responsibility to connect the three. But it is the business unit’s and user’s responsibility to determine why, how and when this happens.
Identify which data is strategic. Create a data inventory grid. This is a
company-wide reference guide for who is responsible for the data, where it resides, how it moves, how it’s related to business needs and other data, and who has access to it. To create a sustainable model, eventually you would want to create or move towards automating the elements of the data inventory grid.
Investigate how the data is stored. Security is an important aspect and it
begins with a thorough assessment. How secure is your data? Is it encrypted? Is it de-identified? How many backups are there? Are you following standard industry practices?
Integrate data and records management functions. If your company already
Make an assessment of what tools and frameworks they use. Are there any repositories of “metadata” or data definitions? Those may be very valuable, and in need of corporate support.
Identify data champions in each of your business units. Data champions will
help you promote concepts of data governance, with passion. Data champions can also help you create a network of responsible data stewards in support of each business function that creates or uses data. Stewardship is the
operational aspect of data management, where the day-to-day work gets done.
Find the experts you already have. You may already have data management
expertise in your enterprise architecture group, enterprise application integration team, or your data warehousing group. Your business process analysts or your senior business-oriented database administrators may also have good data management experience (while some of your most technical database admins may not have a good understanding of corporate data concerns).
Start small, on the most important data. Perfect your process and then expand your program across the enterprise. Data Management is not a project – it is a
Second Step: Foster a Commitment to Privacy
The advent of Big Data raises additional issues with respect to preservation of customer trust. As businesses rush to derive value from their data, they risk compromising the trust that people put in their brand, their products and their services. Establishing the necessary safeguards to promote customer trust in your privacy commitment isn’t just for complying with privacy policies and legal and regulatory guidelines. It’s also common business sense. If you take customers’ interests to heart by embracing data privacy principles, such as transparency and data accuracy, that will go a long way in gaining and keeping customer trust.
You should incorporate data privacy and security into the front end of any new product, service or internal procedure – not merely as an afterthought or the final item in an approval process.
Promote and encourage a culture of transparency about your data and its usage. As with all emerging disciplines and all learning by doing, it is important to
disclose and take reasonable remedial measures when mistakes or new empirical evidence is discovered.
Third Step: Protect Your Data
Cyber threats are real, sophisticated, and constantly evolving. So how can companies navigate in such an environment? Although the safest computing medium is “one that is turned off,” business models can be built with safeguards to help minimize security risks.
Most organizations have principles and practices for protecting their tangible assets, along with some version of business and conduct guidelines. This should extend to data assets. It is important to clearly communicate, and constantly reinforce, the organization’s commitment to data assets. Explain why each employee has the duty to protect and preserve them.
Here are some practices and data protection principles to consider.
Understanding and embracing these can help you protect your business models and lead with competitive advantage.
Assess your organization’s state of readiness, threats and vulnerabilities, and
raise internal awareness. Security is an important aspect and it begins with a thorough assessment. How secure is your data? Is it encrypted? Is it de-identified? How many backups are there? Techniques and risks will vary depending on the data you have and your business model.
Protect your data from unauthorized disclosure. Think “least privilege” and
set up programs to oversee risks. Be aware of organized crime
recruiting people in call centers, maintenance, finance and IT. Trust, verify and look for wolves in sheep’s clothing. Forrester Research, Inc.’s Q2 2013
Forrsights Security Survey looked at 512 North American and European enterprise and SMB IT security decision-makers whose organizations had a data breach in the preceding 12 months. Two of the most common ways in which the breaches occurred were inadvertent misuse by insider (36%) and abuse by malicious insider (25%)1.
Manage 3rd parties with access to your data. Think about the 3rd parties with whom you share data, and think through how to assess their privacy practices as well. Be sure to understand and control what data is shared with them. Include controls in your contracts.
Implement attribute-based access controls. Think of what unique,
controllable attributes can be assigned to each element of your strategic data. Consider the possibility of transitioning your critical systems and applications from Role-Based Access Controls (RBAC) to Attribute-Based Access Controls (ABAC). Your business model will drive what attributes you
select for your data. In ABAC, access to granular data elements is only granted to particular individuals – for a specific business need, time period and access method.
Develop a breach management process. Realize that it’s probably not a
matter of if, but when, a breach will happen. It is unlikely that you can prevent every one, just like it is almost impossible to prevent hardware failure. But you can plan for contingency and redundancy. The key is how you respond. Develop a plan and run it through tabletop exercise drills.
Don’t focus exclusively on short-term costs. In the long term, data protection, privacy and security are enablers of future business strategies and opportunities.
The Final Step: Is Your Program Creating Value?
Rear Admiral Grace Murray Hopper said: “Someday, on the corporate balance sheet, there will be an entry which reads, ‘Information’; for in most cases, the information is more valuable than the hardware which processes it.”
If you love data and you are involved in information management as part of your official job duties, then you certainly understand that data is an “asset” and that it
has a tremendous value. But what about everyone else? How do they fit in the overall data governance picture, and why is this important to them?
Tell them this: Whether we realize it or not, today we are all potentially data consumers, managers and custodians. Consider the functions you perform on your smartphone on a daily basis. You are not a developer, but you are creating data, consuming it, and updating and customizing software (your apps). You are making decisions based on data that you and the overall ecosystem of users and devices created, such as what route to take to the airport and how long it will take to get there.
Thus anyone can see that data often has real value to you and to your company as well. When launching and reviewing data governance programs, ask the simple question: “What value is it creating for my organization and customers in terms of efficiencies, of hard dollars (economic value and customer trust), or of the
avoidance of liability, risk and cost?”
The right answers never come without asking the right questions, and great things do not always come easy. Remember that data governance is a continuing
you in your quest for a framework to launch and build your data governance program.2
2 Data practices are governed by a wide variety of laws and regulations, which vary across state and national
jurisdictions and data sets. This paper is intended to provide AT&T’s experiences for readers to consider as they undertake development of their own data practices. It is not intended to provide legal or regulatory guidance as to compliance measures that a reader may be required to consider or implement. Legal counsel is an important step