Weitere ähnliche Inhalte Ähnlich wie Battle the Dark Side of Data Governance (20) Mehr von DATAVERSITY (20) Kürzlich hochgeladen (20) Battle the Dark Side of Data Governance1. 1© 2018 IDERA, Inc. All rights reserved.
BATTLE THE DARK SIDE OF DATA GOVERNANCE
FEBRUARY 27, 2018
Ron Huizenga
Senior Product Manager, Enterprise Architecture & Modeling
@DataAviator
2. 2© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 2© 2018 IDERA, Inc. All rights reserved.
IN A GALAXY NOT SO FAR AWAY …
It is a dark time for all citizens of the galaxy.
The data that we generate is growing more quickly than our ability to
manage and control it, yet we have an unquenchable thirst for more.
The dark forces continue to strike through breaches and misuse,
threatening our privacy and well-being.
Criminals pursue and steal our identities, with malicious intent.
Other breaches are simply through errors, due to lack of awareness.
The lawmakers regulate in an attempt to control, levying financial
penalties, which penalizes offenders but still fails to protect the innocent.
We must channel the force, maximizing the knowledge at our disposal.
A project or program addressing a specific regulation will not suffice. We
need to establish a culture of data awareness and prevention that is part
of how we conduct ourselves, each and every day...
3. 3© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 3© 2018 IDERA, Inc. All rights reserved.
DISCUSSION TOPICS
Data Security and Privacy Regulations
Implications
The Dark Side
• How do we address it?
Channeling the Force
• Enterprise Architecture
• Models
• Integrated Metadata Repository
• Collaboration
Examples
Summary
Q&A
4. 4© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 4© 2018 IDERA, Inc. All rights reserved.
DATA SECURITY AND PRIVACY
Examples
• Global Data Protection Regulation (GDPR)
• Health Insurance Portability & Accountability Act (HIPAA)
• Sarbanes Oxley (SOX)
Some GDPR Imperatives:
• May 25, 2018 (less than 3 months away)
• Huge fines
• Applies globally
• Any/All organizations holding EU citizen’s data
• Law requires “privacy by design and default”
• 2 categories of personal data
• Standard personal data
− Names, addresses, web audit data
• Special personal Data
− Private data (ID’s like SSN, credit card info,bank account info etc)
− Biometric, genetic, racial/ethnic origin …
5. 5© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 5© 2018 IDERA, Inc. All rights reserved.
HOW AND WHAT DATA IS COLLECTED?
* Business Process Diagram created using ER/Studio Business Architect
6. 6© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 6© 2018 IDERA, Inc. All rights reserved.
PRIVACY IMPLICATIONS
Where is the data?
What is it?
• Which privacy laws could affect it?
• Requires classification!
Who has access to it?
• Access requirements
• Permissions
• Data masking
7. 7© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 7© 2018 IDERA, Inc. All rights reserved.
SOME INSIGHT INTO THE DARK SIDE
Fear is the path to the dark side…fear leads to
anger…anger leads to hate…hate leads to
suffering
Comply not – pay huge fines you will.
Do. Or do not. There is no try!
A Jedi uses the Force for knowledge and
defense
8. 8© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 8© 2018 IDERA, Inc. All rights reserved.
ADDRESSING OUR OWN DARK SIDE
Unaware: “The regulation doesn’t apply to us.”
• Are you sure about that?
Procrastination: “Nobody is ready. They will push the compliance date back.”
• No, they won’t.
Lack of full understanding: Assuming minimal safeguards will suffice.
• There are complex implications to regulatory requirements such as
• The right to be forgotten
• A person’s right to full disclosure and review of information that is being tracked about them
Many regulatory requirements (but not all) should come as no surprise. They represent
practices that we should be following anyway, even without the regulations.
• Just like seat belt laws don’t make us safer when driving. Wearing the seatbelts
makes us safer, with or without a law.
We need to be “proactive” rather than “reactive” in establishing governance policies
and procedures.
9. 9© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 9© 2018 IDERA, Inc. All rights reserved.
HOW TO CHANNEL THE FORCE: ENTERPRISE ARCHITECTURE
Enterprise Enablement
ApplicationArchitecture
BusinessArchitecture
TechnicalArchitecture
Data Architecture
Governance
10. 10© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 10© 2018 IDERA, Inc. All rights reserved.
SOME QUESTIONS MODELING CAN ANSWER
To understand organizational data
• What’s important?
• Where is it? (can be may places)
• Where did it come from?
• How is it used (business processes)?
• What is the chain of custody?
• What are the business rules?
Governance
• How do I identify private information?
• How long should I keep the information?
• Master Data Management classification
• Data quality
• Is it fit for purpose?
• What changed and why?
11. 11© 2018 IDERA, Inc. All rights reserved.
APPROACH AND UNDERLYING ARCHITECTURE ARE EVERYTHING!
Metadata Repository only
• Metadata import
• Metadata Catalog (without visual
models)
• Text search & lookup
• Like the “Flat Earth Society”
Fully integrated metadata and
visual models (ER/Studio)
• Global perspective & focal point for:
• Data Models, Business Process
Models
• Visual Data Lineage
• Metadata, Policies, Reference Data
12. 12© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 12© 2018 IDERA, Inc. All rights reserved.
INTEGRATED MODELING, ENTERPRISE ARCHITECTURE, GOVERNANCE COLLABORATION PLATFORM
Enterprise Data
Dictionaries
Logical & Physical Data Models
Dimensional Models
Visual Data Lineage
Conceptual Data Models
Business Process Models
Goals &
Strategies
Applications
Business
Units
Business
Rules
Stewards
Business
Glossaries
Business
Concepts
Reference
Data Sets
Policies
Alerts &
Notifications
Security
Follow
Capability
Discussion
Threads
Data
Sources
13. 13© 2018 IDERA, Inc. All rights reserved.
HOW WE ACCOMPLISH THIS WITH ER/STUDIO ENTERPRISE TEAM EDITION
Glossary + Terms
• Classification + member
• Business Glossary & Terms
• Policies and Rules
• Reference Data Sets
− Internally defines
− Externally defined
• Limitless hierarchy
• Limitless associations to
• Other instances (terms)
• Model elements
• Custom Attributes
Data Dictionary
• Published from ER/Studio Models
• Data Architect
• Data Models
• Lineage
• Enterprise Data Dictionary
• Business Architect
• Business Rules
• Organization Structure
Collaboration
• Discussions
• Streams
Stewardship
• Assigned responsibilities
• Permissions
Privacy and Security
• Define policies and associate
• Attachments
• Security properties
• Notifications
Full integration and visualization of
• Data Models
• Conceptual, Logical, Physical Data Models
• Business Process Diagrams
• Data Lineage/Transformations
14. 14© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 14© 2018 IDERA, Inc. All rights reserved.
GOVERNANCE POLICY HIERARCHY
15. 15© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 15© 2018 IDERA, Inc. All rights reserved.
SPECIFIC REGULATION (GDPR)
16. 16© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 16© 2018 IDERA, Inc. All rights reserved.
GDPR: SPECIFIC POLICY STATEMENTS
17. 17© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 17© 2018 IDERA, Inc. All rights reserved.
SPECIFIC REGULATION (HIPAA)
18. 18© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 18© 2018 IDERA, Inc. All rights reserved.
HIPAA: SPECIFIC POLICY STATEMENTS
19. 19© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 19© 2018 IDERA, Inc. All rights reserved.
HIPAA: PATIENT INFORMATION
20. 20© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 20© 2018 IDERA, Inc. All rights reserved.
HIPAA: RELATED POLICY STATEMENTS FOR THE OBJECT
21. 21© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 21© 2018 IDERA, Inc. All rights reserved.
LINKED MODEL DIAGRAM
22. 22© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 22© 2018 IDERA, Inc. All rights reserved.
REFERENCE DATA SET LIBRARY
23. 23© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 23© 2018 IDERA, Inc. All rights reserved.
SPECIFIC REFERENCE DATA SETS (LINK TO SOURCE)
24. 24© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 24© 2018 IDERA, Inc. All rights reserved.
REFERENCE DATA: LINKED WORKBOOK EXAMPLE
25. 25© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 25© 2018 IDERA, Inc. All rights reserved.
SUMMARY
Organizations must establish governance to address multiple data
privacy regulations with varying complexity and impact
Conquer the dark side using integrated enterprise architecture
• Data Modeling
• Process Modeling
• Data Lineage
• Metadata collaboration
Channel your inner “data Jedi” to establish a proactive data culture
We need to establish a culture of data awareness and prevention
that is part of how we conduct ourselves, each and every day...
Do. Or do not. There is no try!
26. 26© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 26© 2018 IDERA, Inc. All rights reserved.
THANKS!
Any questions?
You can find me at:
ron.huizenga@idera.com
@DataAviator