Industry Insights

The Difference Between Data Governance and IT Governance

The Metadata Era | Varonis Systems

 

The Difference Between Data Governance and IT Governance

Posted: 18 Jan 2018 06:00 AM PST

Lately, we’ve been so focused on data governance, extracting the most value from our data and preventing the next big breach, many of us have overlooked IT governance fundamentals, which help us achieve great data governance.

The source of some of the confusion is that data and IT governance have very similar and interdependent goals. Broadly speaking, both processes aim to optimize the organization’s assets to generate greater business value for the organization.

Since IT and data governance are so inextricably connected and vital to an organization’s operations, how about we compare and contrast the two.

What is IT Governance?

IT governance ensures that the organization’s IT investments support the business objectives, manage the risks, and meet compliance regulations.

Examples of organization’s IT investments: physical and technical security, encryption, servers, software, computer and network devices, database schemas, and backups.

It’s often argued that these investments are considered a cost center rather than a money generator. Here’s some tough talk: organizations wouldn’t be able to operate, optimize or even generate revenue without IT.

In short: no IT, no data, and no business.

But good IT operations require dedicated leadership to ensure that tech investments are maximized.

Stakeholders involved in the success of IT governance include the board of directors, executives in finance, operations, marketing, sales, HR, vendors and, of course, the chief information officer (CIO) as well as other IT management.

The key individual who’s responsible for aligning IT governance to the organization’s business goals is the CIO.

To accomplish their goals, CIOs will often use existing data governance frameworks, created by industry experts. These frameworks also provide implementation guides, case studies and assessments. Here are some frameworks you may have heard of:

COBIT 5: A staple in the industry, this framework helps enterprises with IT governance, business optimization, and growth by leveraging proven practices. This framework is based on five key principles for governance and management of enterprise IT:

1.        Meeting Stakeholder Needs

2.       Covering the Enterprise End-to-End

3.       Applying a Single, Integrated

4.       Enabling a Holistic Approach

5.       Separating Governance From Management

ITIL: IT Infrastructure Library helps with aligning IT services with the needs of the business. Most known for their framework of five core publications, each book collects the best practices for each phase of the IT service lifecycle.

FAIR: This is new framework and according to their website, “they’re a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.  They provide information risk, cybersecurity and business executives with the standards and best practices to help organizations measure, manage and report on information risk from the business perspective.”

When it comes to frameworks, you’ll have to decide which one works with your company culture and often times, organizations will find that a hybrid approach works the best.

And with proper IT governance, the chance for data governance success increases. Why? Execution and management of systems, applications, IT support and their management of data within a company will impact data governance.

So What Then is Data Governance?

Data governance refers to the management of data in order to improve business outcomes and fuel business growth.

So far, with the exception of asset type, data governance very similar to IT governance.

The stakeholders involved for data governance include all the individuals required for IT governance plus a few more executives: the board, executives in finance, operations, marketing, sales, HR, vendors, CIO, IT management.

However, the individual responsible for aligning data with the organization’s business metrics is the chief data officer (CDO). The CDO will also enlist data scientists, programmers, and any department that generates data, which is every department within an organization.

CDOs are a recent addition to the C-suite, and they help lead companies in generating business value from data. According to Gartner, 90 percent of large organizations will have a chief data officer by 2019.

Yes, a CDO is very much a technical role, but this position also requires business and change management skillsets. After all, they have to aggregate the data, analyze the data and the most challenging of all, get the business to act on the data.

Since this data governance is a relatively new field, there aren’t established frameworks, such as COBIT 5.

But based on my research and speaking with pros at conferences, a company’s executive suite should be asking some of the following questions:

1.        What is your business strategy?

§  A data strategy isn’t going to generate a single incremental dollar for your business, it’s simply an enabler.

2.       Have you defined and communicated key objectives throughout your organization?

§  You’re going to be wasting a lot of time, money and resources solving for a problem and if you don’t know what the business problem is.

3.       Do you have the right data and is it of sufficient quality?

§  Without data quality, your data projects and analytics will inevitably fall short.

In talking with Jeffery McMillian, CDO of Morgan Stanley, I learned that he spends 90% of his time focused on the first two questions.  Based on his experience, if you don’t get these right, everything else is pretty much null.

Keep data assets safe and secure– get a free a risk assessment today.

The post The Difference Between Data Governance and IT Governance appeared first on Varonis Blog.

 

Ransomware Is Not a “Malware Problem” – It’s a Criminal Business Model

Ransomware Is Not a “Malware Problem” – It’s a Criminal Business Model

posted by: on May 10, 2016 5:00 AM

filed in: Threat Prevention, Unit 42
tagged:

Today Unit 42 published our latest paper on ransomware, which has quickly become one of the greatest cyberthreats facing organizations around the world. As a business model, ransomware has proven to be highly effective in generating revenue for cybercriminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – all are potential targets.

New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer

posted by: and on March 6, 2016 11:30 AM
Unit 42, Palo Alto Networks

On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware “KeRanger.” The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.

Metadata: What You May Have Missed

Metadata: What You May Have Missed

The Internet of Things: Advanced Threats Against Medical Devices

The Internet of Things: Advanced Threats Against Medical Devices
Author: Fran Howarth

ShoreTel Mobility Pro Tips: 5 Things to Make Mobility Work Better for You

ShoreTel Mobility Pro Tips: 5 Things to Make Mobility Work Better for You
By: Clinton Fitch, Practice Manager of Advanced Applications - EMEA

‘DHL’ SMS Spam Distributes Android Malware in Germany

‘DHL’ SMS Spam Distributes Android Malware in Germany
By on Jul 31, 2014

Check out our favorite free sysadmin tools that we use to help us work faster and be more awesome.

Check out our favorite free sysadmin tools that we use to help us work faster and be more awesome.
by Rob Sobers

Technology nerds take over Hot Stove Society….is Tom Douglas in trouble?

Technology nerds take over Hot Stove Society….is Tom Douglas in trouble?
by Kara Marsh

5 Things Privacy Experts Want You to Know About Wearables

5 Things Privacy Experts Want You to Know About Wearables
Posted by:

Seahawks’ Stadium Scores Big With Major Tech Upgrade [Video]

Seahawks’ Stadium Scores Big With Major Tech Upgrade [Video]

by Rob Roache

Metadata Era: What you may have missed

Metadata Era: What you may have missed
Posted by:

Securing the Cloud

Securing the Cloud

Robert ClauffJuly 10, 2014 - Posted by Robert Clauff to Security Insight

A Botnet Worth Geeking Out Over

A Botnet Worth Geeking Out Over
by Michael Perna  |  July 09, 2014

Say Hello to Lifesize Cloud

Say Hello to Lifesize Cloud

Cloud VoIP Phone Systems

Cloud VoIP Phone Systems

The Expanding Data Universe

The Expanding Data Universe

by Cindy Ng

Social Engineering: A Successful Method of Attack

Social Engineering
A Successful Method of Attack
Posted by Jeremy Scott

GameOver ZeuS Media Coverage and Update

GameOver ZeuS Media Coverage and Update
by Chad Kahl

The Growing Menace of Internal Threats

The Growing Menace of Internal Threats

Protect Privacy to Better Manage Risk

Protect Privacy to Better Manage Risk
Author:

3 Challenges for the National Patient-Centered Clinical Research Network (PCORnet)

3 Challenges for the National Patient-Centered Clinical Research Network (PCORnet)

Posted by:

Why The Internet Of Things Is Quick Moving From Big Idea To Big Deal

Why The Internet Of Things Is Quickly Moving From Big Idea To Big Deal

The Other Stories Behind the DoJ’s Indictment

The Other Stories Behind the DoJ’s Indictment

NCA Awarded Certificate of Environmental Accomplishment

NCA Awarded Certificate of Environmental Accomplishment

Looking into the Crystal Ball – What’s Next for Cybercrime?

 Looking into the Crystal Ball – What’s Next for Cybercrime?

Jason RaderAuthor:
Jason is the Director of Cyber Threat Intelligence for RSA

ShoreTel Service Alert - Open SSL Heartbleed Bug- May 2, 2014

ShoreTel Service Alert - Open SSL Heartbleed Bug

Rethinking the CIO: From IT Leader to Business Leader

Rethinking the CIO: From IT Leader to Business Leader

by Rob Roache

Security Awareness Metrics - Measuring Change in Human Behavior

Security Awareness Metrics - Measuring Change in Human Behavior

Metadata: What you may have missed

Metadata: What you may have missed
Posted by:

Why Creative Crowdsourcing Is Good For Business

Why Creative Crowdsourcing Is Good For Business

ShoreTel Service Alert - Open SSL Heartbleed Bug

ShoreTel Service Alert - Open SSL Heartbleed Bug

Subject: OpenSSL Heartbleed Bug

Date: April 10, 2014

The Heartbleed Bug

The Heartbleed Bug

Addressing Data Security and Management in the Public Sector

Addressing Data Security and Management in the Public Sector

Webinar: Thurs, March 27 - 11:00 am PST

Top 10 SXSW IT Talks for Business Leaders

Top 10 SXSW IT Talks for Business Leaders
by Richard G. Twilley

5 Ways UTM Security Can Help Schools

5 Ways UTM Security Can Help Schools
Posted by WatchGuard Team

Malevolent Marketplaces

Malevolent Marketplaces
By Michael Buckbee

An Impassioned Perspective

An Impassioned Perspective

By: Bob Griffin

McAfee Cyber Defense Center Zooms In on Middle East

McAfee Cyber Defense Center Zooms In on Middle East

By

More Articles ...