CIO Advisor
We engage with a lot of small- to mid-sized organizations that are in different phases of planning or implementing data governance, compliance, or AI initiatives. I have noticed that there is a common circumstance that can slow down or frustrate these projects: The people tasked with getting a data governance program off the ground (often the technology team) lack a meaningful understanding of how and why the critical business processes that use confidential data actually work.
Larger organizations often have business analysts or they can bring in external help to map and document the data and processes, but small businesses almost never do. At most, there is some tribal knowledge about them, but never enough information to be able to help guide the organization through a true data governance effort that identifies sensitive data, its locations, and the processes that rely on it. As a result, the organization struggles to implement governance policies to address compliance and risks, including AI tools that can expose over-permissioned information.
Much of the time there is a cultural gap here too—whose job is it to know about these processes across the organization? This responsibility has typically not been formalized (or everyone assumes someone else is doing it).
Historically, the focus of IT teams has been on keeping systems secure, available, and performant. I am now seeing that cloud SaaS, data, and AI tools are starting to develop their own gravity and have started to pull that same IT team into needing more data and process expertise as well. The Technology group is uniquely positioned to add significant value here. They already have a global understanding of what platforms, applications, and storage locations are in use, along with responsibility for security. Working with the business units to document what sensitive data they use can be an almost natural extension of those responsibilities.
Here are some tactics that I have used in past organizations to start understanding where confidential data is used and why.
This can be a lot of work, especially as you get this initiative started. My advice is to dedicate some regular effort to this, even if it is only a few hours a week. (This activity can also help people on the IT team grow and provide some career development opportunities.) As you discover more, you will also likely find some common challenges that can be addressed using the same solution across business groups. Small, positive steps can make a big difference over time and increase the IT group’s value to the organization overall.
Completing discovery and documentation of processes for the base cases discussed above, you can rinse and repeat the methodology as you review all areas that handle sensitive information to form the overall governance policies and controls.
If you’re interested in learning more, Download our Microsoft Purview eGuide discussing the Four Feature Realms that Purview has to offer. If you have any questions or you’re looking for assistance with Data Governance, please reach out to info@eGroup-us.com or complete the form below.
Contact our team today to schedule a call with one of our experts.