Centralised, correct data helps a company operate
efficiently. The challenge to consistently present one version of
the company's data becomes apparent as businesses increasingly use
IT systems to enable their operations and achieve their missions,
writes Sean Pollonais, information security consultant atBD&F
Infosec.
Businesses merge and need to align their information, HR
departments need to know what movement is taking place among staff,
and the marketing department must know who is a customer and what
products they have bought. These are a few examples of the need for
consistent data.
Master data management (MDM) is the term used to describe
products and processes to align the view of data throughout an
organisation and across to its partners. MDM is a relatively new
discipline but one for which there is a clear need.
There is already a wide range of products from both large and
small suppliers. Choosing the products to suit the company's needs
can be a long process because the functions and support matrices
can be very elaborate. The challenge is to get as close as possible
to what the business needs for the price the business wants.
A company should prepare its data before attempting to buy any
of these systems. The preparation exercise will present a concise,
centrally available description on the data that flows through the
company. The result may prove the purchase of an off-the-shelf MDM
system to be unnecessary. If a system is brought in, the
implementation process will be easier.
To prepare the data it is important to start at the highest
level and outline a company-wide meta data definition. This will be
used as guide to information labelling and treatment across the
company. The sales department, for example, may define a customer
in such a way that marketing will have a clear idea of the level of
that person's interaction with the company. This will avoid the
advertising of a particular product to a customer who has no need
for it.
The process that data goes through within departments should be
studied and documented. This would identify how data is created,
updated and stored. From such a study, redundant systems and
processes are identified. There might be legacy systems, now
non-essential, that are still functioning as information
repositories. Some departments might be using this data while
others are accessing it from a newer, more relevant system.
At the user level, the amount and type of data collected by
staff needs to be examined. For every entry field on a form, the
question "Why do we need this?", should be asked. This helps keep
data lean and can aid compliance with legislation such as the Data
Protection Act, which states that all data collected from an
individual should be relevant to the agreed transaction. This
user-level review should be conducted regularly.
With the knowledge gained from a meta data audit, the company
will have a clearer view of the information that comes into the
enterprise, how it is processed, where it is stored, who updates it
and how it comes to an end of life. At this point the company can
make a more informed decision as to the need for a MDM tool. It
will also have a better idea of what it wants from the product.
Security Zone: read more advice from (ISC)² qualified security
professionals >>