Battle the Dark Side of Data Governance

1© 2018 IDERA, Inc. All rights reserved.

BATTLE THE DARK SIDE OF DATA GOVERNANCE

FEBRUARY 27, 2018Ron HuizengaSenior Product Manager, Enterprise Architecture & Modeling

@DataAviator

2© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 2© 2018 IDERA, Inc. All rights reserved.

IN A GALAXY NOT SO FAR AWAY … It is a dark time for all citizens of the galaxy. The data that we generate is growing more quickly than our ability to

manage and control it, yet we have an unquenchable thirst for more. The dark forces continue to strike through breaches and misuse,

threatening our privacy and well-being. Criminals pursue and steal our identities, with malicious intent. Other breaches are simply through errors, due to lack of awareness. The lawmakers regulate in an attempt to control, levying financial

penalties, which penalizes offenders but still fails to protect the innocent. We must channel the force, maximizing the knowledge at our disposal. A project or program addressing a specific regulation will not suffice. We

need to establish a culture of data awareness and prevention that is part of how we conduct ourselves, each and every day...


DISCUSSION TOPICS

Data Security and Privacy Regulations Implications The Dark Side

• How do we address it? Channeling the Force

• Enterprise Architecture• Models• Integrated Metadata Repository• Collaboration

Examples Summary Q&A


DATA SECURITY AND PRIVACY

Examples• Global Data Protection Regulation (GDPR)• Health Insurance Portability & Accountability Act (HIPAA)• Sarbanes Oxley (SOX)

Some GDPR Imperatives:• May 25, 2018 (less than 3 months away)• Huge fines• Applies globally

• Any/All organizations holding EU citizen’s data• Law requires “privacy by design and default”• 2 categories of personal data

• Standard personal data− Names, addresses, web audit data

• Special personal Data− Private data (ID’s like SSN, credit card info,bank account info etc)− Biometric, genetic, racial/ethnic origin …


HOW AND WHAT DATA IS COLLECTED?

* Business Process Diagram created using ER/Studio Business Architect


PRIVACY IMPLICATIONS

Where is the data? What is it?

• Which privacy laws could affect it?• Requires classification!

Who has access to it?• Access requirements• Permissions• Data masking


SOME INSIGHT INTO THE DARK SIDE

Fear is the path to the dark side…fear leads to anger…anger leads to hate…hate leads to suffering

Comply not – pay huge fines you will.

Do. Or do not. There is no try!

A Jedi uses the Force for knowledge and defense


ADDRESSING OUR OWN DARK SIDE

Unaware: “The regulation doesn’t apply to us.”• Are you sure about that?

Procrastination: “Nobody is ready. They will push the compliance date back.”• No, they won’t.

Lack of full understanding: Assuming minimal safeguards will suffice.• There are complex implications to regulatory requirements such as

• The right to be forgotten• A person’s right to full disclosure and review of information that is being tracked about them

Many regulatory requirements (but not all) should come as no surprise. They represent practices that we should be following anyway, even without the regulations.• Just like seat belt laws don’t make us safer when driving. Wearing the seatbelts

makes us safer, with or without a law. We need to be “proactive” rather than “reactive” in establishing governance policies

and procedures.


HOW TO CHANNEL THE FORCE: ENTERPRISE ARCHITECTURE

Enterprise Enablement

Appl

icat

ion

Arch

itect

ure

Busi

ness

Arc

hite

ctur

e

Tech

nica

l Arc

hite

ctur

e

Data Architecture

Governance


SOME QUESTIONS MODELING CAN ANSWER

To understand organizational data• What’s important?• Where is it? (can be may places)• Where did it come from?• How is it used (business processes)?• What is the chain of custody?• What are the business rules?

Governance• How do I identify private information?• How long should I keep the information?• Master Data Management classification• Data quality

• Is it fit for purpose?• What changed and why?


APPROACH AND UNDERLYING ARCHITECTURE ARE EVERYTHING!

Metadata Repository only• Metadata import• Metadata Catalog (without visual

models)• Text search & lookup• Like the “Flat Earth Society”

Fully integrated metadata and visual models (ER/Studio)• Global perspective & focal point for:

• Data Models, Business Process Models

• Visual Data Lineage• Metadata, Policies, Reference Data


INTEGRATED MODELING, ENTERPRISE ARCHITECTURE, GOVERNANCE COLLABORATION PLATFORM

Enterprise Data Dictionaries

Logical & Physical Data Models

Dimensional Models

Visual Data Lineage

Conceptual Data Models

Business Process Models

Goals & Strategies ApplicationsBusiness

UnitsBusiness

Rules Stewards

Business Glossaries

Business Concepts

Reference Data SetsPolicies Alerts &

NotificationsSecurity

Follow Capability

Discussion Threads

Data Sources


HOW WE ACCOMPLISH THIS WITH ER/STUDIO ENTERPRISE TEAM EDITION

Glossary + Terms• Classification + member

• Business Glossary & Terms• Policies and Rules• Reference Data Sets

− Internally defines− Externally defined

• Limitless hierarchy• Limitless associations to

• Other instances (terms)• Model elements

• Custom Attributes Data Dictionary

• Published from ER/Studio Models• Data Architect

• Data Models• Lineage• Enterprise Data Dictionary

• Business Architect• Business Rules• Organization Structure

Collaboration• Discussions• Streams

Stewardship• Assigned responsibilities• Permissions

Privacy and Security• Define policies and associate• Attachments• Security properties

• Notifications Full integration and visualization of

• Data Models• Conceptual, Logical, Physical Data Models• Business Process Diagrams• Data Lineage/Transformations


GOVERNANCE POLICY HIERARCHY


SPECIFIC REGULATION (GDPR)


GDPR: SPECIFIC POLICY STATEMENTS


SPECIFIC REGULATION (HIPAA)


HIPAA: SPECIFIC POLICY STATEMENTS


HIPAA: PATIENT INFORMATION


HIPAA: RELATED POLICY STATEMENTS FOR THE OBJECT


LINKED MODEL DIAGRAM


REFERENCE DATA SET LIBRARY


SPECIFIC REFERENCE DATA SETS (LINK TO SOURCE)


REFERENCE DATA: LINKED WORKBOOK EXAMPLE


SUMMARY

Organizations must establish governance to address multiple data privacy regulations with varying complexity and impact

Conquer the dark side using integrated enterprise architecture• Data Modeling• Process Modeling• Data Lineage• Metadata collaboration

Channel your inner “data Jedi” to establish a proactive data culture We need to establish a culture of data awareness and prevention

that is part of how we conduct ourselves, each and every day...

Do. Or do not. There is no try!


THANKS!Any questions?

You can find me at:[email protected]

@DataAviator

Technology

Battle the Dark Side of Data Governance