Security Zone: How to apply master data management

Centralised, correct data helps a company operate efficiently. The challenge to consistently present one version of the company's data becomes apparent as businesses increasingly use IT systems to enable their operations and achieve their missions

Centralised, correct data helps a company operate efficiently. The challenge to consistently present one version of the company's data becomes apparent as businesses increasingly use IT systems to enable their operations and achieve their missions, writes Sean Pollonais, information security consultant at BD&F Infosec.

Businesses merge and need to align their information, HR departments need to know what movement is taking place among staff, and the marketing department must know who is a customer and what products they have bought. These are a few examples of the need for consistent data.

Master data management (MDM) is the term used to describe products and processes to align the view of data throughout an organisation and across to its partners. MDM is a relatively new discipline but one for which there is a clear need.

There is already a wide range of products from both large and small suppliers. Choosing the products to suit the company's needs can be a long process because the functions and support matrices can be very elaborate. The challenge is to get as close as possible to what the business needs for the price the business wants.

A company should prepare its data before attempting to buy any of these systems. The preparation exercise will present a concise, centrally available description on the data that flows through the company. The result may prove the purchase of an off-the-shelf MDM system to be unnecessary. If a system is brought in, the implementation process will be easier.

To prepare the data it is important to start at the highest level and outline a company-wide meta data definition. This will be used as guide to information labelling and treatment across the company. The sales department, for example, may define a customer in such a way that marketing will have a clear idea of the level of that person's interaction with the company. This will avoid the advertising of a particular product to a customer who has no need for it.

The process that data goes through within departments should be studied and documented. This would identify how data is created, updated and stored. From such a study, redundant systems and processes are identified. There might be legacy systems, now non-essential, that are still functioning as information repositories. Some departments might be using this data while others are accessing it from a newer, more relevant system.

At the user level, the amount and type of data collected by staff needs to be examined. For every entry field on a form, the question "Why do we need this?", should be asked. This helps keep data lean and can aid compliance with legislation such as the Data Protection Act, which states that all data collected from an individual should be relevant to the agreed transaction. This user-level review should be conducted regularly.

With the knowledge gained from a meta data audit, the company will have a clearer view of the information that comes into the enterprise, how it is processed, where it is stored, who updates it and how it comes to an end of life. At this point the company can make a more informed decision as to the need for a MDM tool. It will also have a better idea of what it wants from the product.

Security Zone: read more advice from (ISC)² qualified security professionals >>

Read more on Integration software and middleware

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close