Tag Archives: Governance

Majority prefers ‘big data’ on premises rather than in the cloud

According to recent AIIM’s survey, the ‘big data’ adoption is going to double to 17% during next 12 months. This penetration is going to increase further to about 60% within next 3 years. The survey confirms the old truth – the need for holistic view of the data – over 61% of respondents would like to see integrated information, coming from both – structured and unstructured sources. Classification of unstructured data seems to be ongoing problem, with over 70% of organizations finding that it is easier to find information on the web, rather than on their own internal networks. Although search techniques and tools improved over the years, it seems that the adoption of new technologies is pretty slow. Another big factor playing large role in this is the poor data governance.  With regards to analysis of the data, the requirements don’t seem to be very sophisticated, indicating that organizations still struggle with strategy how to effectively use the ‘big data’. Most respondents would be satisfied simply with basic pattern analysis, keyword correlation, incident prediction and fraud prevention. This fact seems to be confirmed by lack of answer to an important question. When asked about a ‘killer application’ for their business area, over 88% of respondents said that it would make a big difference in their business, but when asked what it would be, majority declined to answer.

Another interesting fact from the report is that most of respondents seem to confuse search with data analytics. Although there are some overlaps between the two, the former is about returning results matching selection criteria, while the latter about processing of the data to return answers about specific business question.

Lastly, not so good news for cloud vendors, over 88% of respondents would prefer on-premise big data storage and analysis, rather than SaaS solutions. This seems to be related to perception of poor data protection on externally hosted applications (although only 64% of respondents explicitly stated this). Majority considers the business insights as organization’s intellectual property. Cloud providers will have to work harder to convince the market, as data security question will continue to be the primary barrier to cloud adoption.

SharePoint and Information Security

Interesting survey was recently published by Cryptozone on SharePoint security. The results are evidence of need and importance of information management governance and proper, upfront design of the information systems. It appears that in most of organizations, the responsibility for assigning of the access rights to SharePoint documents still belongs to IT Administrators, as it was indicated by 69% of respondents. At least this segment of users knew who was in charge; in contrast to 22% who did not even know who managed it. The problem with ceding of the responsibility for content protection entirely to IT is that IT primary focus is on maintenance and configuration of the technical infrastructure, but with limited knowledge and understanding of the content and its specific protection needs. IT cannot and should not make decisions on how particular type of information should be protected, and who should have access to it.

So who should be responsible for making such decisions? The answer seems to be intuitive – the business – but 43% of respondents said that they do not trust document authors to control who should read their documents. This would indicate that most of the users have low levels of awareness and understanding of the security needs. This seems to be confirmed by another set of responses that indicated that over 45% of users did copy sensitive and confidential information to unprotected USB memory sticks and emails. 55% of these respondents claimed that reason for this was the need for sending necessary information to users without access to SharePoint, with further 43% needing it for working at home. Over 30% of users were more concerned about getting the work done rather than security, and another 47% did not even think about security or did not care.

One of the contributing factors leading to taking documents out of SharePoint’s control, was the need to share it with third parties – over 56% of respondents said that their organizations did not have external portals to help with collaboration outside of the organization.

The bottom line is that this exposes the organizations to risks including legal risks and intellectual property theft. Therefore proper solution would be to give some thought before SharePoint is rolled out, answering questions on how the information is going to flow across the organization, how it is going to be accessed, how users will be segmented by their needs and how it is going to be protected. This should lead to development of information management governance, that would clearly describe roles and responsibilities across the organization, and ways how the information should be distributed and protected. Lastly, the most important step is to make the users aware of the security needs, training them on the policies and periodically reinforcing this knowledge.

Business Process Management key to successful implementation of information management

Business processes are integral part of information management. In organizational context they could be compared to cardio-vascular systems in living organisms, with blood being represented by information, and the processes by structure of veins and valves. Like with the organism, inefficient circulation will lead the organization to poor performance, inability to compete, which as end result could be fatal. Business processes could be defined as a set of related, structured activities and discrete tasks, moving and enhancing business information to achieve specific goals and objectives. They could be divided into three groups:

  • Management processes – governing operations of the organization often called ‘corporate governance’
  • Operational processes – set of core business activities to generate value and revenues, like manufacturing, purchasing, sales, or marketing
  • Supporting processes – set of auxiliary activities supporting the core, operational processes, for example HR, accounting, information technology, and support

The processes exhibit certain common characteristics:

  • Definition – they have clearly defined scope,  inputs and outputs
  • Sequencing – the activities could be sequenced and prioritized for execution
  • Benefactor – there must be specified recipient of the process outcome
  • Value – adding value during the process of transforming or carrying the data
  • Inclusion – they exist in the context of the organization
  • Cross-functionality – the process often spans multiple functions within organization

There are two concepts related to process management: Business Process Management (BPM) and Business Process Reengineering (BPR). Although both deal with the process control and flow of information, and sharing many common characteristics, there is however a significant difference between the two. Business Process Management is an ongoing initiative with set of operational activities to capture, define, monitor, and to gradual improve the organizational benefits. BPM is often implemented using bottom-up approach, and it introduces more gentle change to the organization. Business Process Reengineering on the other hand, is more project oriented, with clearly defined end-state and timeline, redesigning the processes and transforming the organization. It is often implemented as top-down approach and requires much stronger organizational change management activities on many fronts within the organization. BPR initiatives could create lot of apprehension among the workers, due to introduced change in work habits, and often their key success measurement relates to reduction of the workforce.

Formalization, standardization and automation of business processes can introduce several benefits to the organizations:

  • Better utilization of organization’s workforce
  • Improved process speed
  • Reduction in number of errors
  • Costs reduction
  • Risks reduction
  • Improved customer service
  • Duplicate work reduction
  • Improved visibility of the processes and their efficiencies

Formal business processes implementation might need to resolve several issues:

–   Staff resistance to change – new processes will impact the ways how the work is done right now, and could introduce fears related to exposing potential inefficiencies, resulting in workforce reduction, or transferring to other departments

  • Implementation time is often lengthy due to need of discovery and documentation of hidden, informal processes, and their adjustments
  •  ‘Butterfly effect’ – any small inaccuracies in identification of the sub-processes, could translate into larger problems down the value chain
  • Difficulty in finding skilled resources to deliver
  • Insufficient funding – most of organizations face budgetary constraints today, while the business process changes often require substantial time and money commitments
  • Lack of management support – formalization and automation of business processes might not be on the top of management’s priority list.

The process automation could be categorized by complexity of the implementation, and organizations could select one or more depending on their needs:

1. Routing

Routing is the simplest implementation of the business processes, addressing ad-hoc needs of the end users. Usually they linearly move information from person to person, without integrating with information generating or consuming applications. They are often employed for user notification about waiting task and monitoring of the completion status. The users need to open and process the tasks manually. That type of solution gives limited ability, if any, to implement rules associated with the process.

2. Workflow

Workflow is more sophisticated implementation of the business process automation. Among others, it allows running processes not only serially but also in parallel, saving time and improving productivity. The processes can also have defined complex set of rules, exceptions and conditions. Often there is a graphical user interface that allows for easy customization of the workflow. Useful feature of workflows is the ‘role’ concept allowing assigning tasks to roles rather than to specific people. In cases where user is unavailable, a rule could assign the task to another person, belonging to the same role. Completion of the task could trigger next step in the process chain.

3. Business Process Management

The Business Process Management is extending this concept further, to the whole enterprise, allowing crossing platforms, applications and repositories. It addresses complexities of the cross-departmental processes, and allows for their standardization. Implementation of automation requires identification of core practices and detailed analysis of business rules and triggers. Flowcharting and process modeling are two of the techniques used for this purpose. Flowcharts are graphical representation of sequence of steps and decision branches. They are excellent tools to provide blueprint for implementation, as well as could serve as communication and change management instruments. Process models on the other hand, are more elaborate tools adding intelligence, dependencies and levels to the process tasks. The simulation functionality allows identifying and resolving potential bottlenecks, inefficiencies and loops. Integration and operational monitoring of the processes could help with continuous improvement. Since the implementation of BPM is much more complex than with other two categories, it requires careful planning, change management and funding.

Master Data Management and Governance

DataMicrosoft SharePoint 2007 and then 2010 triggered rapid rates of adoption of collaboration and document management systems. Soon many organizations painfully realized the importance of Information Governance. Without it, the implementations quickly became digital landfill, just replacing but not improving shared drives problems. Often departments started building their own sites, with their own branding, cumbersome and unmanageable security structures, own metadata, poor or entirely missing taxonomies, leading to state of mess where users couldn’t find anything. Even worse, duplication of documents led to confusion, the business decisions based on outdated data, the storage size and backup costs exponential increase, and deterioration of systems performance. Worst of worst, since information was not purged or when it was, it happened randomly, this exposed the organizations to e-Discovery related legal risks and litigation costs.

To address these problems, organizations needed to develop set of aligned governance constructs within an overall Information Governance Framework. Among those constructs are Information Security Governance, Information Architecture, Data Quality, Records and Retention, Master and Reference Data just to mention few. I think that the latter plays very significant role and should be done early to get information under control.

So how Master Data Management could be defined? It is a set of processes, tools and organizational structures, where business and IT work together to address issues likes uniformity, accuracy, stewardship, and consistency and accountability of the organization’s data. This leads the data to become authoritative, secure, reliable and sustainable.  But not all data should get the same level of attention.  Master data is a ‘key’ data gathered and used by multiple departments during operations of the business like for example – customer data, information about products, employees, materials and so on. Master Data must contain most accurate and authoritative data available, and serve as single source of truth across the organization. Lot of organizations however find it difficult to secure the necessary funding and support from senior management, due to difficulty with measurement of return on investment.

Earlier this year, Gartner published some predictions related to Master Data Management governance and impact on organizations by end of 2016:

–          Only 33% of organizations that initiated MDM will be able to demonstrate its value. The difficulty here is that such initiative must present complete approach and be an ongoing process rather than once-off isolated project. This means that there needs to be consensus among senior executives and obtaining this is often quite challenging.

–          Spending on information governance must increase fivefold to be successful – and as per point above, needs to include other disciplines within the Information Management Governance Framework like quality management, lifecycle and retention, privacy and security. This will lead to building larger teams focusing on the governance and higher costs.

–          20% of CIOs in regulated industries will lose their jobs failing to implement information governance. IM governance is a construct that allows organization for compliance with regulations, and the primary responsibility for this lies with CIO and Legal Counsel.  Breaches in information security, leaks of confidential information, and breaches in privacy will lead to reputational and financial damage to those organizations.

The good news is that lot of organizations already recognize these risks, as according to Gartner, last year they have seen 21% increase in spending on MDM.