As the saying goes, Rome wasn’t built in a day. The same is true for data governance. There are a lot of things that need to be in place to make data governance effective. Simply listing a bunch of files and giving you ways to score their risk of access won’t do the job right. On April 23, the United States Postal Service (USPS) became the latest to confirm something we all already knew: data governance isn’t something that springs out of the ground fully formed – it must be strategically built, from the ground up.
USPS started with the correct first step: they conducted a massive audit. Among other vulnerabilities, the audit revealed the need for better data governance. Consider the volume of data the post office has, the sensitive nature of much of it, and you’ll see that’s no small task. Add to that, the USPS is a 24/7, international, brick-and-mortar plus high-tech hybrid. You can begin to imagine the heavy burden they must shoulder. They have made significant efforts to get to the problem, but the report is very clear as to why those efforts didn’t take:
“Although the Postal Service defined a structure for a data governance program in 2003, full roles and responsibilities were not uniformly adopted across the enterprise. Also, limitations in the Postal Service’s data governance program placed the Postal Service at risk to potential vulnerabilities that could affect data quality, availability, and integrity and result in inefficient operations, disruptions of service, and fraud.” U.S Postal Service Data Governance Audit Report
No matter the size of an organization, we see the vast majority struggling with age-old Identity and Access Management (IAM) issues. The perils USPS ran into form a common issue among all businesses, even if they are nowhere near the same size. This may prompt you to say, “But all of those new-fangled attribute-based and rule-based approaches are supposed to protect me from that!” And you would be right, but getting the rules set up for those doesn’t happen by magic. Even when you have it all set up, making it an effective basis for ongoing data governance can be a quest.
Of course, there are many best practices to be implemented when building a data governance solution. Dell was late to this market, but that meant we gained wisdom from providers and customers before us. By design, the data governance solutions we have incorporate the roles and rules, and attribute relationships, among other things. Data governance is a tricky thing, so we’ve worked to offer an end-to-end security solution to help you build the best data governance plan for your company.