Why making data governance part of your security solution should be a 2022 goal

  • Mark Adams, Regional Sales Director, Northern Europe at Cohesity

  • 24.01.2022 11:15 am
  • #data

Effective data governance has never been so important. Organisations around the globe are now hugely reliant on information – but if they can’t trust the data they hold, they won’t be able to make game-changing decisions that create benefits for customers. That’s where technology can help.

Companies have access to a range of tools – from data management technologies through to artificial intelligence-led algorithms – that could make it much easier to pan their databases of information, improve data classification and find the gold that makes it possible to create personalised services and products for customers. 

What’s more, data-led decision making isn’t just about delivering benefits to customers or boosting operational efficiency. While those concerns are critical to long-term success, they are also dependent on a range of rules and regulations that must be adhered to if companies want to make the most of the treasure troves of information they hold.

Juggling Priorities

It’s a tough balancing act – while organisations are keen to collect as much information as they can about their customers, they must also ensure that they respect their right to privacy. Failure to do so could lead to serious ramifications.

In the finance industry, Know Your Customer (KYC) standards ensure investment advisors know detailed information about their clients' risk tolerance, investment knowledge, and financial position. KYC is enshrined in a series of laws and guidelines in different countries that work to protect the people that buy finance products and the firms that sell them.

In fact, financial services organisations face a raft of regulations, such as the Markets in Financial Instruments Directive II (MiFD II) and obligations relating to the General Data Protection Regulation (GDPR). These regulations mean finance firms must ensure they collect and then process data in a carefully managed manner.

MiFID II requires the collection and retention of a large volume of client information, including all electronic communications data. This data must be made available to regulators within 72 hours of a request. Conversely, GDPR introduces subject rights around the erasure of data – with huge fines for those who fail to take necessary measures.

These regulatory requirements create significant pressures for the managers who are expected to deal with compliance. Add in the obligation to both know your customer and protect their rights, plus the ever-growing mountain of information that firms continue to collect, and organisations face a complex data management conundrum. 

Things Are Changing: Where Next? 

So, what can they do about this seemingly intractable challenge? The answer, as we stated at the outset of this article, comes via technology. At the same time as the amount of data that businesses collect continues to increase inexorably, so does the capability of technology to analyse and investigate trends in this information.

However, while key technology trends during the past few years have created the need for a major shift in data management, Deloitte says many businesses remain slow on the uptake. The consultant says organisations continue to use traditional approaches to data governance focused largely on processes, policies, and individual transactional data domains.

One alternative might be to turn to artificial intelligence (AI) and machine learning (ML). AI and ML models can be trained to find patterns and anomalies in big data sets. When used effectively, these models can enhance data classification techniques and make it possible for data governance teams to automatically identify processes and issues that might otherwise have remained uncovered.

That all sounds like a shortcut to more effective data governance – but business leaders should be aware of a significant catch. While emerging technology can help solve some data management challenges, firms that increasingly rely on algorithms must be aware of ethical concerns. Deloitte says enterprises that use AI will need governance procedures that ensure automated outcomes are fair, reliable, safe, and responsible. 

Technology that helps to automate processes associated to KYC and other regulatory concerns can create big operational benefits for businesses. But the decisions that these algorithms make must be explainable. If these decisions are made secretly by black boxes whose inner workings are unexplainable, then customer trust is likely to suffer.

As an added complication, systems that automatically verify KYC could leave businesses exposed to the wrath of regulators. Guidance from the Information Commissioner’s Office outlines how being able to explain automated decision-making is a legal requirement under GDPR. If you’re thinking of automating KYC processes, then you’ll need to show how your technology is making decisions.

Technology’s Helping Hand

Emerging technologies like AI and ML can potentially help your business manage its data more effectively. However, don’t think of automation as a silver bullet. If you rely on these technologies and remove human explainability from your data-classification processes, then you could be shooting yourself in the foot: customer trust could suffer, sales could drop, and you could fall foul of the regulators, with significant fines and costs.

Your first step should be to deal with data fragmentation. Rather than having data held in disparate locations, look for a software-defined next-gen data management platform. Your data governance process should be an inherent element of your security solution.

As well as keeping data secure, your organisation should implement a data management approach that creates auditable operations logs for data protection, helps ensure any personally identifiable information is minimised and stored safely, and that your platform automatically notifies you when something is awry.

Effective data management is crucial to business success. However, automation doesn’t mean hands-off decision-making processes. Make data governance part of your security solution by implementing a platform that helps your business create policy-based automation that makes it easier to comply with KYC, GDPR and a host of other rules and regulations.

 

Related Blogs

Other Blogs