One thing I love about living in Midwest is the change of season. It wasn’t long ago that I admired the sumptuous green on my neighbors’ yards (yeah…it always looks better elsewhere, right?). And now, the vibrant autumn leaves steal the show. It makes the world seem so colorful! Every season is unique in its appeal and its upkeep needs – just like your organization’s data.
Similar to the seasons that cycle through spring-summer-fall-winter, data has its very own cycle: from inception to its primetime usage, and retirement to removal. This blog will be a 4-part series:
Part 1: ‘Spring’ Inception
Part 2: ‘Summer’ Primetime
Part 3: ‘Fall’ Retirement
Part 4: ‘Winter’ Removal
Every two weeks we will focus on a data stage/season, and what you should consider in order to manage and protect it.
Let’s start with Part 1: ‘Spring’ of data – The Inception.
If you are challenged with managing the volume, velocity (quickly changing), and variety (structured, unstructured) of data generated each day from the traditional and/or digital sources, you are not alone. While it can be overwhelming, it’s possible to get on top of it. Start the journey with these three very important activities:
#1 Identify the source of the data stream, and its owner. Data owners typically are the ones who consume the data, understand the objective of data collection, know what business question it is trying to answer, and are responsible for how the business data is going to be managed in order to maintain its accuracy and integrity. It is worth noting, however, that identification of data owners can be quite delicate, so be sure to allocate enough time, effort, and ample management support.
#2 Collaborate with the data owner, internal audits/compliance, and IT, to classify the data appropriately based on its level of sensitivity and importance. Examples of classification categories are: restricted, confidential, public. Data classification is the foundation of data security related controls, yet it is often overlooked or considered a waste of time. Don’t fall into this temptation – classify your data, it will help you sleep better at night. Data classification also correlates to data handling policy.
#3 Work with your IT security and internal audit/compliance team to determine the appropriate level of security measures against the data, which should also meet regulatory requirements. This reminds me of my son, who was in the first grade at the time. The TV news was broadcasting the White House that evening, and my son casually asked why the White House is fully fenced and has so many security guards, while our house is fenceless and of course, no guards. Well, it depends on who lives in the house, doesn’t it? Imagine if we safeguard every house in America to the same extend as the White House – it wouldn’t make sense and would be financially devastating. The reverse is even worse, as we would put our country leaders in an exposed environment, facing enormous security risks. Likewise with data – by taking the time and effort to classify the data, we can strategically place more robust security controls around the most sensitive data, and less security controls on the less sensitive.
There you have it. There is still much more to do, but by tackling data ownership, classifying the data, and placing security controls appropriately, you are off to a good start.
What’s next?
Stop by in two weeks for Part 2: ‘Summer’ Primetime – the liveliest period within data management. During this stage data usage is most active and threats are imminent – keeping everyone within the organization, especially IT Security, Risk and Compliance folks, on their toes. See you then!
Stay tuned for the rest of ‘The Four Seasons of Data Management’ Series:
Part 1: ‘Spring’ Inception
Part 2: ‘Summer’ Primetime
Part 3: ‘Fall’ Retirement
Part 4: ‘Winter’ Removal