Until recently, the emphasis within organisations regarding data management has been on hardware and applications, with an aim of creating self-contained islands of functionality that can provide reports on the data held within them to help someone reach a decision. This person would generally have a well-defined role that would be supported by a specific application – such that a customer services supervisor would be using a customer relationship management (CRM) application, someone involved in logistics would use either or both of enterprise resource planning (ERP) and supply chain management (SCM) applications. Their decisions would be fed in to other systems, such as business dashboards for the executives to make their decisions. Information flow was one way, from the bottom to the top, decision flows impacted from top to bottom.
All good and well for a command and control environment, where change could be managed over a period of months and years and decisions could be made on an as and when basis. Unfortunately, that is not today’s business environment.
Data is just data. In itself it has little to no value. It is only once something has been done with the data to make it relevant to a specific process or issue where it becomes of value. Data management is crucial, and has great benefits for the enterprise. Also, organisations have moved from a formal data (database) centric approach to a more ad hoc (document) centric approach to their information creation and usage. To make matters worse, data creation is no longer just managed within the organisation – the increasing availability of information on the web means that the use of search engines is bringing in data that may, or may not, be of value, and areas such as social networking provide additional feeds that need to be monitored and managed.
To compete effectively in today’s markets, an organisation has to realise that information is the new currency: it is only through data management across an organisation that it can be fully effective.
What can an organisation do to ensure that they can compete in such an information economy? The aim has to be to ensure that the information is correct and that it has inherent value when it is presented to the person who needs to make any decision.
Quocirca recommends that the following steps be applied to help to get to this end:
• Use master data management to ensure that all data on a specific item can be easily identified and accessed within the security profiles of the employees, partners and customers of the organisation
• Use data cleansing to ensure that what you have reflects reality – check for different name spellings (is C.S. Longbottom the same as Clive Longbottom?) as well as different address formats (1, High Street may be the same as 1 High St.) and so on. Run checks against external data sets, such as the OCIS, Electoral Roll for people or current catalogue data for supplier items to ensure that data reflects the current situation.
Ad hoc data:
• Use a basic taxonomy for tagging data as close to the point of creation as possible. For example, use public, internal, private, commercial in confidence, secret and for your eyes only to allow actions such as email and print to be enabled or disabled for content. Create templates based on the above classification so that users choose at the point of creation what sort of document this is going to be.
• Enable extra tagging capabilities so that information can be tagged with content information, enabling faster and more effective information search and reporting
• Use user access controls at a granular level to identify who wants access – as well as what their context is. For example, a general worker wanting access to pretty much anything from a public access point (e.g. an internet café) may well be blocked completely, with a web page stating that they need to access from a secured device. An executive may also be warned, but may have the capability to override the warning, but with the understanding that should anything go wrong, it will be held against them. Also, ensure that privileged users (system admins, database admins, etc.) do not share passwords, and that everything they do is logged.
• Use data leak prevention to control what goes out of the organisation. By drilling down into email, ftp streams, social networking and other informational streams, content can be examined and blocked or referred for further action.
• Employ a solid information search and reporting capability across all the data and information sources. Reporting tools that are built in to a specific application will lead to a lack of overall visibility, and may lead to decisions being made that are based on only a small part of available data.
The main thing, though, is to sit down first and decide what is the organisation’s risk profile, what this means to the overall information security policies required by the business, and then ensure that not only the IT policies, but the whole organisational policies around such areas as the use of the telephone, fax machines, print output, paper-based mail and information being carried in and out of the organisation in bags and briefcases are contained within one set of overall policies.
Make sure that users fully understand these intellectual property protection policies – and why they are important.Spell out that any intellectual property leakage could lead to unrecoverable damage to the business. Let them know that what they do is being monitored – not to apply a big stick to them when things go wrong, but to try and ensure compliance with best practices with the minimum impact on them.Let them know that any accidental leakage will be dealt with without undue blame being apportioned – but that any malicious leakage is a sackable offence.Make sure that this last point is part of an employee’s contract of employment – and make it a zero tolerance issue.
Intellectual property: your crown jewels
Through the above means, intellectual property becomes the main focus – and the organisation becomes far more able to pull this out from the mass of data available to it. The intellectual property can be better leveraged, so making the business far more effective and competitive in the market.
Forget over-focusing on hardware, forget the application. It’s information that matters – build IT platforms and functions that enable data to be turned into effective knowledge and then managed as such. Focus correctly – and make the most out of tomorrow’s information economy.
Clive Longbottom is the founder of Quocirca, a UK-based research and analysis company. His primary coverage area is business process facilitation, through which he helps companies understand their core processes and technologies that can be used to improve them. Longbottom has been an ITC industry analyst for more than 15 years and is also a frequent speaker at industry events and webinars. For more information on Quocirca, or to download any of its freely available research reports, go to www.quocirca.com.