Anand Ramamoorthy
Head of Data Governance and Data Privacy, Informatica Asia Pacific & Japan
Data is currency, how does one maximise its uses? Creating organisational value with insights from data-driven strategies? Or rendering one’s organisation privy to cyberattacks with hazardous data governance policies? Employees are no longer logging in to companies’ server from a centralised location network (ie. the company’s Wi-Fi network). Hybrid work models, work-from-anywhere arrangements, and co-working spaces means employees are accessing company data and communications via various Wi-Fi and cellular data networks. This leaves a wide data trail, making it easier for those with malicious intent to conduct cyberattacks.
CIO World Asia spoke with Anand Ramamoorthy, Head of Data Governance and Data Privacy at Informatica Asia Pacific & Japan on building a data governance framework to safety share and access data. Informatica offers data integration software catering to various businesses and industries such as financial organisations, healthcare and telecommunications.
Asia Pacific’s Outlook On Cyberattacks And Ransomwares
As Asia Pacific progresses on its digitalisation journey, increased opportunity and risk go hand in hand as everyone – cybercriminals included – up their technical game. The recent slew of phishing scandals hitting major banks in Singapore is case in point. Consider today’s evolving environments; how IT knowledge workers, largely due to the pandemic, have become remote workers—almost overnight. This increases risk exposure as distributed teams are now at higher risk, outside of traditional, secure, office environments, making them a target for increased exploitation as cybercriminals exploit back doors and less secure channels into business data.
So, it comes as no surprise that consumers are growing increasingly wary about how their data (as well as what kind of data) is being collected, used, stored, and protected. This is all the more pertinent as data becomes more fragmented and complex across an increasing volume of sources, partner entities, and supply chains. The recently launched Informatica global Chief Data Officer (CDO) study found that 82% of organisations in Asia Pacific and Japan are managing over 100 data sources; while a further 32% are managing more than 1,000. Promisingly, 75% of these APJ organisations have already embarked on digital transformation, with data security and privacy as one of their top priorities.
Business Value Of Data Governance And Privacy
Managing data is complicated at the best of times and a single unified view across the enterprise is key to allow for data relationships and lineage, classification, and collaboration to follow suit. Ultimately, the goal of a data governance framework is to enable the safe sharing and usage of data to unlock its true value by increasing trust assurance. Trust builds confidence in the data, and as a result, confidence in results that drive data value. When employees across functions and levels have the confidence and trust in relying on available data sets, they are empowered to responsibly make data-driven decisions that can improve productivity, deliver innovation, and achieve better business outcomes.
Data is the new currency in this digital era and data governance is a critical foundation to becoming a data-driven organisation. Only when data is democratised and shared safely and widely to address key business initiatives, can its true value be unleashed. As a matter of fact, data intelligence that fuels business insights is the logical evolution of data sharing governed by a proper framework and set of principles that enable organisations to unleash the data’s business value. It’s ultimately the businesses who can ensure transparency and manage exposure that will be well-equipped to improve analytics programs, enhance customer experiences, accelerate cloud workload migration, and optimise decision-making with actionable insights.
When employees across functions and levels have the confidence and trust in relying on available data sets, they are empowered to responsibly make data-driven decisions that can improve productivity, deliver innovation, and achieve better business outcomes.
Anand Ramamoorthy, Head of Data Governance and Data Privacy at Informatica Asia Pacific & Japan
Importance Of Modern Data Governance In Mitigating Risks Of Personal And Sensitive Data
Modern data governance plays a key role in mitigating risks by enabling compliance actions such as:
- Discovering, monitoring and defining regulated data such as personal information (PII)
- Determining how, why, and where a company moves and uses regulated data for transparency
- Managing consent and rights for personal data use that align to consumer policy expectations
- Ongoing evaluation of risk exposure to protect and purge data accordingly, and
- Enforcing policies and other remediation to reduce risks and audit risk status
Most importantly, modern data governance allows organisations to discover, access, understand, and trust their data with greater confidence, and in turn, make use of the data assets in ways that comply with regulatory mandates such as the GDPR, PDPA, etc. but reduce the risks of mishandling sensitive data, keeping it open to business opportunities when it can be used responsibly.
Assessing Data While Maintaining Privacy And Compliance
For impact assessments to be accurate and reliable, in order to support privacy and compliance efforts, organisations should maintain an ongoing review of 4 critical data management activities:
- Data collection practices
- Retention and archiving policies
- Data use requirements and subsequent risk exposure levels, and
- Creating and updating disclosure policies and practices as privacy compliance mandates evolve
Essentially companies that have good data management that applies proper governance practices at the beginning set forth the foundation of safeguarding sensitive data efforts, enabling data to be shared more widely and safely across the organisation and beyond, while maintaining their efforts in privacy and compliance as required.
The key aspect to consider is that impact assessments are not a destination, but a journey. A reliable data governance framework can create the core foundation but must have the flexibility to incorporate new insights. Risks can evolve from new data uses and the value creation opportunities from data that business stakeholders demand. Therefore, constant iteration on policies and sensitive data controls can help find a balance between data protection and data utility, as more data-hungry applications are deployed, on premises, in the cloud, and beyond.
Steps For CIOs To Protect And Maintain Their Organisations’ Data Privacy
In a world where we need data to help us make better decisions, we need to be able to share data safely to fuel data analytics and insights functions. To allow successful data sharing while mitigating risk exposure, organisations should embrace these key cornerstones:
Find: The user should only find data that he or she is authorised to find
Understand: User should understand where the data came from, if he or she permitted to use it, and if it is sensitive data
Trust: User should trust the data that has gone through sensitive data discovery and governance policies and have the confidence to use it based on the user’s role
Access: He or she should only be authorised to use the data if it has successfully been through data discovery and data governance policies
It is also important for organisations to understand fundamentally what data they already have before they look for data they do not have. This would eliminate the need to establish unnecessary data sharing agreements externally and thus reduce lesser data risks.
As such, most data privacy governance journeys start with a risk assessment to identify the sensitive data types and its protection status for prioritising the most business-critical data to manage first as a starting point. This requires tools for data discovery and tracking data lineage—understanding and classifying data such as personal information, intellectual property, and similar data sets where risk exposure is greatest if misappropriated. Tracking data lineage provides transparency into not only what data is at risk at its source, but how that data flows across the organisation and may be transformed along the way, increasing its risk status.
By building this data intelligence to make more informed decisions—what data you have and how it flows—you can then understand what requires protection, what uses of that data conform to enterprise policies and user rights, and then take the necessary steps to govern that data responsibly for trusted data sharing opportunities and the value creation outcomes that organisations wish to achieve.
Tracking data lineage provides transparency into not only what data is at risk at its source, but how that data flows across the organisation and may be transformed along the way, increasing its risk status.
Anand Ramamoorthy, Head of Data Governance and Data Privacy at Informatica Asia Pacific & Japan
There is a need for organisation leaders to reiterate to co-workers the organisation’s standpoint on data integrity, from sharing only with authorised personnel to accessing via secured severs. Aside from employees mentally discerning the appropriate procedure on daily interactions with data, organisations also ought to implement software capable of tracking origins of data sets and risk level associated with downloading, utilising and archiving it. Transparency on what data sets the company currently has, what are the parameters of utilising and sharing it and relevant updates of these data sets, are also factors IT leaders can incorporate into their data governance plan. A robust governing plan which employees are aware of and follow through diligently will aid in lessening day-to-day data management hiccups and more time can go towards leveraging data into constructive, value-adding business insights.