ISG Software Research Analyst Perspectives

The Weak Link in Data Governance? Analytics

Written by David Menninger | Sep 30, 2021 10:00:00 AM

Data governance is a hot topic these days. In fact, we are conducting benchmark research on the subject here. With increasing regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), organizations face more external oversight of their data governance practices. The risk of significant fines associated with these and other regulations, coupled with organizations’ internal compliance requirements, has brought more attention to data governance practices. We anticipate through 2023, three-quarters of Chief Data Officers’ primary concerns will be governing the privacy and security of their organization’s data.

While interest has increased, an organization may be missing the forest for the trees in its data governance strategy. A data governance strategy is only as good as its weakest link. An organization may believe it has everything buttoned down, but a single overlooked area can undermine all its data governance efforts. All too often that weak link is an organization’s governance policies and practices over its analytics processes.

I recently completed my 2021 Analytics and Data Value Index assessment of 18 different vendors. Nearly every product evaluated provided capabilities to export data either to PDF, spreadsheet or both. A few of the products offered ways to disable this functionality, either for the entire organization or for specific individuals. But even if an organization goes to great pains to lock down access to its data with the appropriate restrictions and privileges, those efforts can be circumvented relatively easily with an export of sensitive data. Complicating matters further, organizations continue to rely on spreadsheets for many aspects of their data and analytics processes. Spreadsheets are used to transfer data from one system to another, to perform data quality and data transformations, to bring together data from multiple systems, and to create tables or charts of information for presentations. All of these actions are potential weak links, and as such organizations should seek to eliminate these types of activities to bolster their data governance efforts.

But analytics governance goes beyond better securing the data. How that data is tracked is key. Analytics governance can take a page from data governance when it comes to catalogs. Just as data catalogs provide an inventory of data assets in an organization, an analytics catalog helps an organization understand the analyses that are available and where they may be found. Within the catalog, analyses can be designated as trusted or approved. Analytics is a process that is rarely conducted by a single individual. Analyses lead to decisions. At a minimum, those decisions must be communicated within an organization, but more frequently, multiple people are involved in the decision-making process. Capturing and tracking this process can help an organization with its compliance requirements. Actions such as changing prices or promotions should be assigned to individuals and tracked to completion. If a task is not completed by a certain date, it should be escalated for resolution or reassignment.

Analytics governance should be considered an integral part of any organization’s data governance. As your organization examines its data governance strategy, I suggest thinking more broadly. Consider how analytics governance relates to your data governance. Try to find ways to connect the two areas, for instance, with catalogs that include both data and analytics. Think also about the activities associated with analytics and ways in which you can support and govern those activities. If you can bridge the gap between data and analytics governance, your organization will have better access to its information assets, and you will be eliminating a potential weak link in your data governance policies.

Regards,

David Menninger