Post on 13-Apr-2017
Data Governance for End-User Computing
© AskGet.com Inc, 2015. All rights reserved
Presented by Malcolm Chisholm Ph.D.Telephone 732-539-3406 – Fax 407-264-6809
mchisholm@AskGet.com
September 15, 2015
• What is End-User Computing?
• Background to EUC
• The Challenge of EUC Data Governance
• What Has to be Done for EUC Data Governance
• Data Governance Policies
Agenda
© AskGet.com Inc, 2015. All rights reserved
What is End-User Computing?
© AskGet.com Inc., 2015. All rights reserved
Introducing End-User Computing (EUC)
Will Data Governance Ride to the Rescue?
END USER COMPUTINGTHE UNTAMED FRONTIER OF DATA GOVERNANCE
See the Exploits of Real Users That Have Made Them Famous throughout the Enterprise!
Definitions
Data GovernanceThe activities that are needed to ensure Data Management is carried out in an effective and efficient manner to achieve corporate strategy, while minimizing risk and respecting all obligations the enterprise has for its data.
Data ManagementThe activities that are needed for the enterprise to acquire, maintain, use, publish, archive, publish, and purge data, and which should be carried out under the oversight of Data Governance.
End-User Computing (EUC)
Any aspect of Data Management that occurs outside of a production Corporate Application, even if it occurs in a general environment that is supported by IT.
Corporate ApplicationA data processing application that is supported by IT, usually with IT involvement from the requirements stage to production implementation stage, whether built, bought, or rented.
The Challenge of Data Governance
Data Stewardship Data Policies
Data Security Legal, Privacy & Compliance
Information Knowledge Mgmt.
Data Architecture & Modeling
Data Life Cycle
Change Management Data Content Management
Primary Accountable is IT Primary Accountable is Operations
Other Primary Accountable
Primary Accountable is Data Governance
• Data Governance is a set of disciplines, each with its own special set of concerns and techniques• Some of these disciplines are “pure” Data Governance; others involve working with some part of the
business that has primary responsibility for the discipline• The Data Governance disciplines are each different and fairly self-contained• To do Data Governance well we need to master all of the disciplines relevant to our enterprise• Some of these disciplines are emerging, and that makes them difficult
© AskGet.com Inc 2015
What Are “Endpoints”
• Because of its close relationships with IT and Operations, Data Governance tends to focus on corporate systems.
• However, many enterprises have segments of their workforce that are mobile and/or dispersed from central offices. These staff are creating data at their “endpoints” that is not captured in corporate systems.
• Even staff in corporate centers are doing work on their PC’s that is not captured by corporate systems.• Leaving aside discussion of Cloud for now, which has added even more complexity.
IT OperationsData Governance
Corporate SystemsMobile, Dispersed, and /or Self-enabling
Segments of Workforce
?
© AskGet.com Inc 2015
End-User Computing
• Endpoints are where data is at, but what is going on at the endpoints?• Answer: End-User Computing (EUC)• Much – but far from all – the types of data management that we see in corporate systems are going on in
EUC• It is very rare to find any staff who have received training on EUC Data Governance (“EUC Governance”), and
this is not a traditional area of focus of Data Governance.• Hence, the quality of data management is unknown, but can be guessed to be at low maturity – which is
risky.
Data Acquisition
File Transfer
Analysis
Communication
Reporting
Reports
Models
Files
Contracts
Publications…
© AskGet.com Inc 2015
Background to EUC
© AskGet.com Inc., 2015. All rights reserved
Industry Focus
• EuSpRiG is perhaps the only industry-focused group• They have an annual conference (in Europe)
© AskGet.com Inc 2015
www.eusprig.org
EuSpRIG Horror Stories
• EuSpRiG publishes “Spreadsheet Horror Stories”• The above one has become quite famous
© AskGet.com Inc 2015
Vendor Ecosystem
• There are some product vendors in this space• More seem to be getting in• Vendors want to work with Data Governance
© AskGet.com Inc 2015
DataGovernance
DataAvailability
DruvaElastic Cloud
File Classification& Analytics Auditing
eDiscoveryIntegration
Data Backup& Collection
DataRecovery
Data LossPrevention
DataArchival
FileSharing
DataAccess
GlobalDeduplication
Engine
SingleInstanceStorage
Time-Indexed
Metadata
S3/Glacier(Storage)
DynamoDB(Database)
EC2(Compute)
Security & Privacy Fram
ework
DeviceRefresh
Regulators’ Viewpoint: BCBS 239
The Challenge of EUC Data Governance
© AskGet.com Inc., 2015. All rights reserved
Why Is EUC Governance Needed?
• Employees go away – sometimes suddenly.
• What happens to the data they have been working with?
GAMEOVER
Termination
New Job
Other Reasons
Stolen
Destroyed
Lost
• Endpoint devices go away – sometimes suddenly.
• What data has gone missing, what are the consequences, and can the data be recovered?
• There are some obvious reasons why EUC governance is needed• Here are a couple – there are a lot more
© AskGet.com Inc 2015
The Challenge of EUC Governance: 1 – No Close Partner
• We saw before that for some Data Governance disciplines there are natural partners.
• IT is a partner with EUC Governance, but has a relatively narrow focus, and may not understand the Data Governance aspects
• Legal and HR could be other partners• The end users themselves can be resistant to Data Governance, but ultimately need
to be enrolled
• CONCLUSION: Data Governance must lead in this area
GAM EOVE R
Termination
New Job
Other Reasons
Stolen
Destroyed
Lost
Data Stewardship Data Policies
Data Security Legal, Privacy & Compliance
Information Knowledge Mgmt.
Data Architecture & Modeling
Data Life Cycle
Change Management Data Content Management
Primary Accountable is IT Primary Accountable is Operations
Other Primary Accountable
Primary Accountable is Data Governance
© AskGet.com Inc 2015
Data Stewardship Data Policies
Data Security Legal, Privacy & Compliance
Information Knowledge Mgmt.
Data Architecture & Modeling
Data Life Cycle
Change Management Data Content Management
Primary Accountable is IT Primary Accountable is Operations
Other Primary Accountable
Primary Accountable is Data Governance
The Challenge of EUC Governance: 2 – Complexity
• EUC Governance is composed of many (but not all) of the disciplines of Data Governance
• EUC Governance may have some special characteristics that also make it its own discipline
• It is up to Data Governance to figure this out, and come up with conceptual frameworks for EUC Governance
• CONCLUSION: Data Governance must lead in this area
GAM EOVE R
Termination
New Job
Other Reasons
Stolen
Destroyed
Lost
*
* * *
*
*
© AskGet.com Inc 2015
Data Governance Vision and Leadership
© AskGet.com Inc 2015
Tell me what you want me to buildThen I will design itThen I will build itThen I will turn it over to youThen I will walk away
The IT Mindset
I’m here to gather requirements
The Business Analyst Mindset
Requirements Vision
Leadership
The ideal state of EUC in the enterprise
How to get to the Vision
• Data Governance must figure out how to lead
What Has to be Done for EUC Data Governance?
© AskGet.com Inc., 2015. All rights reserved
Problem of Reaching EUC Users
• EUC Users are usually distributed widely across the enterprise, rather than being concentrated in one or two departments.
• However, there are definitely more of them in certain departments, e.g. Finance, Actuary, Analytics.
• In any case, no department will want to engage Data Governance to do EUC Data Governance – in fact, they will want to avoid Data Governance.
• So how do you engage these users? Principles and Policies are two ways.© AskGet.com Inc 2015
What Are Principles?
• Principles are propositions that are to be accepted as true, but not further analyzed.
• We may not be able to further analyze them, or we may choose not to as they appear “self-evident” to us.
• Principles allow use to build a consistent set of governance rules. It is important that these rules do not contradict each other.
• Principles – if they are clear enough – allow us to quickly judge if what we are doing is in accordance (or not) with them. This is very useful.
• They can be used to guide EUC users, and can provide vision for Data Governance.© AskGet.com Inc 2015
Principles in PracticeCan you send me
that big file of Customer data?
Sure - I’ll put it in my personal
DropBox for you to pick up
Can you send me that big file of
Customer data?
We’re going to have to ask about
that. We can’t use external storage for
sensitive data.
Principles do not set rules, but people do use then to guide their decisions
© AskGet.com Inc 2015
Sample EUC Governance Principles1. Production data in an EUC asset makes it a production EUC asset
2. All EUC assets that are used to run or manage the enterprise (i.e. production assets) are identified.
3. Every production EUC asset has data management accountabilities formally distributed and documented.
4. All data sources used in EUC assets are documented, and are sourced in accordance with enterprise directives.
5. All usage relevant to the business of EUC assets is documented.
6. All processing relevant to the business is documented
7. QA is undertaken for production EUC assets, and Data Quality is always addressed
8. Sensitivity of data and processing in EUC assets will be registered and respected.
9. Manual adjustments to data in EUC assets will be documented.
10. Reports or equivalent that are published from EUC assets and which pass out of the enterprise are registered.
11. If data from an EUC asset is input to another EUC asset or corporate application, then a Data Sharing Agreement is required.
12. Pathways to conversion to corporate applications, if available, will be implemented
Data Governance Policies
© AskGet.com Inc., 2015. All rights reserved
What Are Data Policies
© AskGet.com Inc 2015
EUC Policy
• A policy is a high-level rule that constrains business behavior.o E.g. “Every decision about a Critical Data Element must be documented”
• Policies are NOT low level rules like “The Area Code of a Telephone Number must be enclosed in parentheses”.o But many DBA’s and people in IT call these low level rules “policies” because that is what their
technologies call them
• A policy does not tell anyone how to do somethingo Those impacted by policies have to figure out how to operationalize them
• Policies are enforceable and are enforcedo Don’t write policies unless you know how they can be enforced, and make arrangements to
actually enforce them.
Get Authority for Enterprise Data Policies
© AskGet.com Inc 2015
DataGovernance
• Data Governance must get the authority for Data Policies.
• This may have to be taken away from IT (who do not know how to do them anyway).
• Your enterprise may have a central body for all policies, but they will typically outsource specific areas to experts.
• Policies are perhaps the most important tool for addressing EUC Governance,
ExecutiveManagement Assign Authority
for Data Policies
Develop EUC Policies
© AskGet.com Inc 2015
• Policy formulation, promulgation, operationalization, compliance checking are a big topic in themselves, and are not going to be covered here. BUT you need to be successful at all of these.
• Need to decide if you want a single big EUC policy, versus many smaller focused policies. Both have their pros and cons.
• Figure out what policies you need from the principles and the specific areas of Data Governance.
Sample EUC Governance Principles1. Production data in an EUC asset makes it a production EUC asset
2. All EUC assets that are used to run or manage the enterprise (i.e. production assets) are identified.
3. Every production EUC asset has data management accountabilities formally distributed and documented.
4. All data sources used in EUC assets are documented, and are sourced in accordance with enterprise directives.
5. All usage relevant to the business of EUC assets is documented.
6. All processing relevant to the business is documented
7. QA is undertaken for production EUC assets, and Data Quality is always addressed
8. Sensitivity of data and processing in EUC assets will be registered and respected.
9. Manual adjustments to data in EUC assets will be documented.
10. Reports or equivalent that are published from EUC assets and which pass out of the enterprise are registered.
11. If data from an EUC asset is input to another EUC asset or corporate application, then a Data Sharing Agreement is required.
12. Pathways to conversion to corporate applications, if available, will be implemented
Data Stewardship Data Policies
Data Security Legal, Privacy & Compliance
Information Knowledge Mgmt.
Data Architecture & Modeling
Data Life Cycle
Change Management Data Content Management
Primary Accountable is IT Primary Accountable is Operations
Other Primary Accountable
Primary Accountable is Data Governance
PolicyPolicyEUC Policy
Data Governance for End-User Computing
© AskGet.com Inc., 2015. All rights reserved
Questions and Answers
Presented by Malcolm Chisholm Ph.D.Telephone 732-539-3406 – Fax 407-264-6809
mchisholm@AskGet.com
September 15, 2015