Getting Data Governance Right

Every organisation has sensitive information which it needs to protect. Perimeter security is no longer effective and resources need to be focused on the critical information that is the lifeblood of the organisation, this is why your overarching data governance policy is key.

Business information is critical for any business to survive and data governance is key to protecting it.  Our general understanding of business information can be a little blurry, so for illustrative purposes let’s say it might include:

  • Customer Information eg: Names, addresses, contact details, etc
  • Research and Development eg: Formulations, new testing methods, processes, etc
  • Prototypes eg: New product information.
  • HR Information eg: Past and present employee information
  • Legal Information eg: Case details, reviews, etc.
  • Financial Information eg: Annual reports prior to release, customer information, etc.

Without the ability to collect, store, handle and transfer this information from place to place, a business might simply fold.  To fully understand the Guardian Technologies proposition for your information security, we need to dive a little deeper into why information is so important.

Why is Information Important?

Let’s start with the Data, Information, Knowledge, Wisdom (DIKW) pyramid.  The pyramid has been used many times, but it is not often used or applied to the information security space. We find that it aligns well with the information lifecycle that’s an integral part of designing and implementing a fully structured data governance project for an organisation.  So, let’s take a look at the differentiation of these levels and how they can be applied to data governance.

Data – we use this term to cover all materials that exists.  For the DIKW model, data is the output of logging systems, monitoring systems and process, etc. There is usually lots of it and much of it is static and difficult to process due to its relevance by environment and context.

Information – Information is distilled from data into a form that has relevance.  It maybe generated by humans or reviewed by humans and at this point, irrelevant data is discarded and the information is retained.  Once this type of pressing takes place the information has inherent value. 

Knowledge – Information is collated across organisational groups to gain understanding so that informed decision making can take place.  Note that the “informed” reference to mean “based” on relevant information.  

Wisdom – Knowledge that has been used over time and different situations then provides Wisdom. This wisdom helps to give a complete understanding of broader or global contexts and issues.  At this point, an organisation has a strategic capability that may allow it to collaborate with and across multiple institutions successfully.

This DIKW model allows us to look at an organisation and its maturity levels, providing a good indication of where their information security needs might lie.

Why is data governance important?

Data governance is all about having an overarching visibility, understanding and control of what is happening and when to your business information, at all times, giving you the ability to step in and take action to prevent any misuse of your information as required.  At Guardian Technologies we help clients to understand:

  • What information they have and its value.
  • Where the information lives.
  • The information lifecycle of when is it created, used, shared and stored.
  • How is it gets created, used, shared, stored.
  • Why was it created in the first place.
  • How can it be reduced because we haven’t asked whether we need to create, store and manage all this information or whether the amount can be reduced?

Guardian Technologies provides a suite of assessment services to give you governance of your business data, products and activities focusing on identifying, assessing, managing and protecting your information.  The products we use fit into the three major risks that we see for information:

  • Identity and Access Management: Having the right people with the correct privileges to the information they need at the appropriate time.
  • Information Usage and Protection: Understanding the inherent risk of the information lifecycle and managing those risks.
  • Sharing information: Rights management for information to protect critical information when sent outside of the business be that via the internet or any other method.

Why use Guardian Technologies?

There are many security risks across the information lifecycle that any company faces in today’s digital world.  To ensure information is protected, you have governance and control at all times, understanding the risks and implementing a range of protections against every threat is essential, a tailored, holistic service not provided by many tools and technologies.

At Guardian Technologies, we can offer an all inclusive software solution to help manage your data governance.  There are plenty of solution providers in the realm of information security.  We like to do business with like-minded organisations who see the need to enhance their information security provisions, but may not have the experience to do so in-house or are growing at such a rate that the in-house IT team need some additional support.

If you are an organisation with 100 users or more and have concerns about your information security, then we have the experience to help you to make sure that information security management and protection keeps you and your client’s information safe, in this new landscape we all find ourselves.

What to do next?

If you are concerned about your business information security contact us to arrange your FREE 60-minute consultation