ASK A CYBERSECURITY ADVISER to define data governance, and you would undoubtedly expect to receive a security-minded answer. But that’s where Mark Kirstein, vice president of customer success at Cosant Cyber Security, might throw you a curveball.
“Data governance is actually bigger than just cybersecurity,” he says. “It’s the people, processes, and technologies that make sure data does its job.”
Most often, Kirstein says, MSPs are focused primarily on data availability (keeping servers and computers online and operable) or, secondarily, data protection—whether for intellectual property investments or compliance. But they may be missing opportunities for revenue, savings, and growth with a data governance program.
“The concept of data governance doesn’t often cross over to business objectives,” he observes. “How can various aspects of what you can deliver facilitate better use of data to meet business goals?” He stresses, “Once you start talking about business outcomes, risk, and revenue, you’re at a whole different level.”
Brian Weiss, on the other hand, is more of a traditionalist. The CEO of ITECH Solutions, a managed service provider in San Luis Obispo, Calif., defines data governance very much in terms of protecting sensitive data. “The world is so behind on understanding where their data is stored,” he says. “I’m still very much focused on securing it better.”
Nevertheless, Weiss, too, advocates a deeper involvement with clients around data governance.
“The approach we’re taking is to get clients to be a part of the discussion, to identify all the data and how to classify it,” Weiss explains. From there, ITECH can help SMBs step up their SharePoint game.
“Historically, we haven’t had a great way to classify data,” Weiss says. “SharePoint helps by supporting document tagging.” Security policies can then be added whereby certain document tags enable various levels of classifications.
The process of document tagging is fairly user-friendly. “If you’ve ever used Gmail, it’s as easy as putting a label on a message,” Weiss says. However, retraining end users is challenging. “We can define new processes about how new documents are created and stored, but then you have to train people,” which, he says, “is not an overnight thing.”
The bottom line for both Kirstein and Weiss is that data governance programs demand ongoing interaction and review alongside business-owner clients. “All organizations need to think of data governance as a set of policies and procedures that are alive and breathing,” Kirstein says. “It’s an information strategy architecture.”
While data governance tools like SharePoint and governance, risk, and compliance (GRC) management software stacks are valuable, it’s the business-oriented discussions about company data that truly foster loyal IT relationships.