Blog

In 2007, I hosted an IBM Data Governance Council Meeting at the Ritz Carlton Bachelor’s Gulch in Vale Colorado. It was September, and we were 40 people 9000 feet up in the mountains, meeting to review our recently created Data Governance Maturity Model.  We had foxes meeting us at the fire pit every night, and I invited a bunch of analysts to participate and offer us their worldly verdicts on the Maturity Model – to both bless our work and offer suggestions on how to use it. It was the first time we had shared the model with “outsiders” and it was also the first time any of us reported on its usage to others. So it was a kind of debut.

Unfortunately, none of the invited analysts followed the script I gave them. Instead of presenting their analysis of the model, they each just talked about how great their analyst firms were and what services they could provide to the customers in the room. This was, in fact, the exact thing I didn’t want them to do but you know its just human nature that people often show up unprepared and give you whatever they are good at giving regardless of what you really need.

I held back on my displeasure during the first two analyst presentations, hoping against hope that the last one would deliver what I asked and salvage the day. But he didn’t, and by then most of my Council members were staring at their blackberries, walking out to talk on the phone, or staring out the window at the valley below. I was pacing around the room in my mind trying to figure out how to get these guys back on track to deliver the content we all wanted to hear.

So, I just interrupted him and said, “that’s really nice about your company but we invited you here to tell us about the Maturity Model. What do you think about it?”

Analyst: puzzled look and silence.

Audience: Now awake, smiling, some giggling in the back of the room. The tension is thick.

Steve: “Did you read it?”

Analsyt #3: “No”

Analyst #2: “No”

Analyst #1: “Yes, I read it and its a hard read (grumble, grumble – how dare you interrupt my gratuitous sales pitch). Its way ahead of its time. 95% of my customers aren’t ready for this. They are under-appreciated and stuck on the basics.  They need help with metrics.  They don’t know how to sell Data Governance to the Business and they need the most help just getting the justification to start a program. This Maturity Model is for companies who are already running towards Data Governance. My customers are sill learning to crawl.”

You don’t get much truth in this world if you don’t poke people. I poked this guy and he gave us the truth we didn’t want to hear then and four years later most companies still don’t know how to sell Data Governance to “The Business.”

They lack the facts, the patterns of problems, metrics and impacts that together make a business case for change. Change isn’t easy. Most people reject change when they see it for the first time. You need clear and consistent language to convince people to change, and consistency is just one of the hardest things to accomplish.

Well, here’s a super new book, written by my friend Sunil Soares, that can help every organisation develop those clear and consistent business cases which are the essential ingredient for Data Governance Success. Its called “Selling Information Governance to the Business” and its not just another theoretical methodology for college professors or sales reps. This book is a meticulously researched and well documented exploration of the metrics, indicators, and elements of Data Governance business cases by industry. It contains all the raw materials and roadmaps you need to build successful Data Governance business cases and consistently sell your policy ideas to “The Business.”

I don’t want to write a fake review with all the superlatives you read in the phoney movie reviews these days. I’m telling you honestly – this is a great book. Its an important contribution to our industry. It will help you succeed.  Its detailed and I think everyone will benefit from reading it.  I recommend this book and if I end up teaching another class on Data Governance I will use it as primary source material for my students.  Its that good folks.

I really believe fundamentally that this industry won’t succeed without more companies starting programs that will succeed.  And you can’t succeed without a consistent method to building business cases for change based on real evidence.  This book can help you get the evidence and build the business case.  You’ll still need to translate this into things that will work in your organisation, finding the data patterns and problems that require policies and compliance.  And you will need technology to help orchestrate all of that.

But this book is the best example I’ve seen on how to get started and how to succeed.  I recommend it highly.

You can buy it here online or you can pick up a signed copy from the Author when he presents it at The Information Governance Community Meeting on October 23rd @ IOD

The Information Governance Community will meet at IBM’s Information on Demand Conference on Sunday October 23, at THE Hotel in Las Vegas, NV

New speakers are being added every day.  Space is limited so register toay!

Two years ago, I met Helmut Willke, the author of Smart Governance: Governing the Global Knowledge Society, at a hotel cafe near the great cathedral of Cologne. Professor Willke is a sociologist who teaches Global Governance at the Zeppelin University in Friedrichshafen, Germany.  Late in 2009 I became interested in Governance as a system of decision-making and Professor Willke had written an excellent book exploring this topic.  While the Professor is German, he writes extremely well in English and his book very well written and insightful.  Like a lot of philosophical texts, it is not an easy read.  Dense descriptions, long sentences, and theory backed by ample example make it a book you have to read at least twice to fully comprehend.

I was in Cologne in late February 2010 to meet the CIO of the City and attend Rosenmontag at City Hall.  I had already seen several days of Karnival, with the endless parades, costumes, and candy strewn about the streets.  For five or six days in February, the staid and reserved city of Cologne becomes an endless drunken party attracting visitors from all over the world who wear outrageous costumes and march in parades on incredible floats and throw candy to the bystanders.  Its unlike any parade I have ever seen.  Quite amazing.

It had snowed a lot that year.  It was white from Brussels to Berlin, and Cologne was still covered by eight inches.  The square in front of the Dom was clear, and I had spent the morning before our meeting visiting the Roman museum across the square.  Cologne is an ancient Roman city and the ruins are collected in a fantastic museum right next to the Dom.  Of course there are columns and pediments, but also beautiful mosaic floors, jewellery, stained glass, and decorative arts.  There is a model of the Roman city and you can see how the Germans built the city on the same street grid with walls built on top of the Roman walls.  Of course, much of this was destroyed by allied bombs in WWII, but some remnants remain.

Looking back at Roman colonial rule of Cologne was an excellent introduction to the systemic ideas of Governance Professor Willke and I discussed over coffee that afternoon. He is not a tall man, mostly grey late-50′s I would say, with bright blue eyes.  He makes an immediate impression, and is passionate about his book.  I had used the book as text for a class I taught at the Bucerius Law School on Data Governance in Hamburg that January.  My students did not entirely appreciate the dense prose and abstract ideas, but through class conversation we did ultimately appreciate the idea that Governance is a system of decision-making that could be described and modelled.  And we used Social Networking metaphors to explore the idea of policy-making, human behaviours in a system of Governance, and how to model potential outcomes.  Of course there is political science, which describes political models of Governance – Democracy, Dictatorship, Monarchy, etc – but what is unique and important about Professor Willke’s book is the application of systems theory to Governance.

We had some coffee and talked mostly about how the Professor wrote the book and why.  As I had in 2007-8, the Professor had used the Global Credit Crisis as a use case to describe failures in Governance.  I had covered this topic from a Data Governance perspective, arguing that hundreds of incremental failures in business processes and data quality had produced a domino effect that plunged the global economy into Depression.  He covered the topic from a decision-making perspective, and while we approached this topic from different directions we arrived at similar conclusions – policy-makers can’t possibly make the best decisions without understanding the consequences of those decisions on incredibly complex and interconnected global systems.  And those consequences are impossible to understand without new information systems that render the complexity with software and illustrate how the policies will be accepted and resisted.

In my class at Bucerius, my students complained that the Professor had not done enough to provide solutions to the problems he had identified, or that his solutions were too abstract.  I presented these criticisms to him at our meeting and he responded that it was not possible to offer concrete solutions because every systemic problem needs to be modelled to understand the variables and outcomes – that there is no one size fits all.  At the time, I thought this was a dodge.  It took me a few more years to understand that he was right.

There are no Governance Solutions that can auto-magically produce the best outcomes for every decision.  But it is possible for policy-makers to use systems theory and software to construct decision-making models that can plot many of the actors, objects, variables, and potential outcomes to understand the impact of policies on complex systems made up of hundreds, thousands, and even millions of human beings with unique behaviours.

After my course, I synthesised concepts from the book with ideas from my students to create the Six Steps to Smart Governance.  It’s not meant to be a Framework. Frameworks and models are nice tools to help people feel more secure about challenges they seek to overcome, but they are not useful in making better decisions.  The Six Steps are meant to be a structure for decision-making that one would apply iteratively; in which each of the six steps would involve different data points and variables.  Of course, it is highly summarised, flavoured with marketing.  And I would say in hindsight, its not really useful as a practical or operational tool.  It’s really just a theory, a simplification of the better documented ideas Professor Willke writes about in his book.

And I think we can do better.  In the IBM Data Governance Council we will soon begin to explore dynamic simulation models that go far beyond the Six Steps to Smart Governance, and I recommend reading both the white paper and Professor Willke’s book:

Smart Governance: Governing the Global Knowledge Society

Today, thanks to really powerful simulation software, we can create dynamic models that help demonstrate the impact of policy on people, processes, and technology.  The Data Governance Simulation Project will revolutionise the field of Data Governance by applying theory, software, and observed practices to an interactive model that will yield powerful insights into Data Governance Value Creation and Risk Mitigation.

A lot of people ask me, “how do I show the value of metadata?”  Some say, “how do I make the business case for Data Governance?”  Consultants and Gurus will have a framework or process to offer you, a get started guide with use-case examples, graphics, and legends about their successes.  But these myths won’t help you, because your challenges are unique.  Your politics are special, and your people are not machines.  Best practices are useful examples of glorified solutions that are very hard to replicate outside the lab.  And as many are already finding out, people resist policies they don’t think apply to them and its really tricky to understand how to change organisational behaviours on an on-going basis without policies that dynamically change with new circumstances.

Data Governance is, by nature, a systemic challenge and you can’t solve systemic problems without systemic solutions.  Projects and teams that expect quick hits and 90-results are the reason you have systemic Data Governance problems in the first place.  But it is possible to create software models that allow you to plot the goals, metrics, policies, communications, outcomes, variables, and modifiers and evaluate the impact of new policies and controls on your environment.

And that’s the lesson of Smart Governance: you can model complex environments through Simulation and make better decisions.  To learn more about using Simulations to make better decisions, take a look at the IBM Smarter Cities Demo.  In that demo, the complex interactions of human beings living in a city are compared to the goals of human policies, the metrics measured by interactions, and potential outcomes.

Many of our organisations are as complex as small cities.  Policy and Politics share the same ancient Greek root word – epolis.  epolis is a city, which itself is an aggregation of human beings who require Governance to arbitrate their diverse interests and achieve better outcomes for all.   Today, we can simulate those interactions and help Policy makers profile the impact of their policies before they are deployed.  Its a kind of Visual Risk Calculation.

If you would like to participate in the Data Governance Simulation project, please read the Six Steps to Smart Governance White Paper, the book by Professor Willke, and  join the IBM Data Governance Council by executing this membership agreement.

Only members of the Council will be able to participate in this exercise and you don’t want to miss this because it will fundamentally change Data Governance.

The IBM Information Governance Community will be meeting at the Global Forum, in the Palais de Egmont, in Brussels on November 7-9, 2011.  The Global Forum is a yearly gathering of business and government leaders dedicated to discussing the impact of Information Technology on Democracy and Society.  I am a member of the Global Forum Steering Committee, and each year I host a session on Data Governance, Security and Privacy and many members of the international Data Governance Community participate.

I speak at a lot of conferences every year.  This one is very special.

What’s unique about the Global Forum is the calibre of the participants and the fact that they all stay for each and every session.  Regular attendees include EU Commissioners, Current and former Prime Ministers, US FCC and FTC Commissioners, CEO’s, CIO’s, and many entrepreneurs.  The environment is far more relaxed and open than Davos.  Everyone is approachable and interested.  It is a venue to influence and be influenced, the premier networking event of the year for the Data Governance Community.

About the Agenda

This year, the Data Governance Session will cover the following topics:

• Geolocation Data and Privacy∙
• Nation-state Cyber Warfare (Including Cyber Attacks & Prevention)∙
• Security, Privacy and Authentification
• Wireless, Mobility & Internet of Things & People
• Data Governance Success Stories
• Why Can’t I Copyright My Data? ( Including Intellectual Property Rights-IPR)
• Citizens Safety and Security
• The Freedom of Information as a human right
• Power, Politics, and Governance
• Videos: what’s public and what’s private?
• Toxic Content: What Can We Trust?

Enclosed is the draft agenda of all the sessions, and a brief video describing the Global Forum:

Global Forum 2011 – Draft Agenda

I encourage you to review them both.  Our subject is center stage at this event and we will have a fantastic opportunity to effect policy around the world.

This is an event where each presentation is a concise calling card and the really interesting discussions happen in hallways, at lunch and dinner, and for many months and years after.  You will at this event develop relationships with some of the top thinkers and doers in the world that you might not meet in other venues.  Dine with a former French Prime Minister, lunch with the FTC Chairman, have drinks with an economist or entrepreneur.

And make an impact with a Data Governance presentation.

About the Venue

In 2006, we met at the Hotel de Ville in Paris, France.  In 2007, the venue was a private island in Venice, Italy.  In 2008, we met at a palace in Athens.  In 2009, it was Bucharest, Romania.  And last year, we gathered at George Washington University in Washington, DC.

This year, the venue is the the magnificent Palais d’Egmont.  The Palais de Egmont belongs to the Belgium Ministry of Foreign Affairs and is used for meetings of Heads of State and Ministers of Foreign Affairs. It was built between 1548 and 1560 by Françoise of Luxembourg and her son, Lamoral, Count of Egmont, first in Flemish Gothic style, later Renaissance. The palace was dramatically transformed in the 18th century, when the building was clothed in classical style, while the property passed onto the Arenberg family.  NATO Foreign Ministers often meet here and the venue offers an extraordinary experience in the heart of Brussels.

I invite all members of the Information Governance Community in France, Belgium, and Poland to participate in this unique and important event.

Not two months after I made this declaration at the IBM Data Governance Council Meeting at the US Embassy in Paris on April 14, 2011 (and wrote about it in a blog on May 11), the United Nations has published a report entitled ”The Freedom of Information as an Internationally Protected Human Right.”

I am honored that the UN read my blog and agrees.  You can read the report here:  foi-as-an-international-right

In the Information Governance Community we spend a lot of time talking about Maturity, Models, Governance, and Quality.  But today I want to talk to you about Business Outcomes and the real integration of people, process, and supporting technology.

In the last year, I’ve traveled over 200,000 miles and met with hundreds of clients interested in building effective Information Governance programs.  All of these clients are trying to achieve Five Business Outcomes as the goals of the programs

Semantic Consistency: Organizations are struggling with confusion and mis-understanding their own information, which we call semantic inconsistency, and the cross-organizational dysfunction that both causes it and results from it.  It’s a vicious cycle that prevents organizations from understanding each other and what their own information means.

Data Quality Reporting: They struggle with Data Quality in every department and division and lack the ability to map and monitor it to identify the issues before they become crises.

Single View of the Truth: Truth is ephemeral, I know.  But clients have so many views and versions of the same information it isn’t possible to agree on even the most basic definitions.  They lack a single view of both Truth and falsehood to supply the right information to run the business.

Trusted Information: And with the huge volumes of data being transacted daily, created as much by customers as organizations themselves, it is incredibly difficult to know what is happening, where information is, and how to discover and use it at the right time. Data can so often be hidden or even lost just when its need is most urgent.

Security Threats & Privacy: Even inconsistent, low quality data in many views that isn’t instantly available is still under constant threat, so our customers want to make sure all their information is Secure and Protected throughout the organization.

These are simple requirements that every organization should be able to provide.  After all, worldwide we spend over $2 trillion on IT investments each year.

As my kids often ask on long roadtrips, “Are we there yet?”  Unfortunately, we’re not even close. These challenges continue to get in the way making it very hard to achieve our goals.  But the reason they are hard is that we haven’t organized our people, processes, or technology to succeed on a sustainable basis.

We continually add constraints to our environment by fixing short-term projects instead of long-term programs.  And the old processes just don’t keep up when we are creating petabytes of data every month.  This mountain of information is crushing our old Data Management methods and that can seriously impact the performance of production systems if not properly managed.

Our focus has been on buying or building applications.  We work in silos and build silos into our databases. We have so many versions of the same data, we don’t know what to trust.  Our Security & Privacy approach is the same – we protect systems and control access to applications, but it’s our data that holds the real value, and it is often unprotected.   And you know IT budgets are shrinking, but expectations to do more with less constantly keep growing.  Clearly we need to change.

To achieve these outcomes and goals and overcome these very common challenges, our clients are implementing Information Governance programs.  This isn’t a small development or an incremental project.  This is a global movement with new roles, process-oriented programs, and solutions seeking sustainable results.  Information Governance can help you achieve: Better information understanding to gain semantic consistency across the enterprise;  Higher Quality Reporting and Analytics to promote organizational effectiveness;  A trust in the information you have through a Single View of the Truth; So you can make smarter, faster decisions; While meeting compliance mandates and providing information that is Secure and Protected throughout its lifecycle to reduce risk.

IBM can help you build an effective and sustainable Information Governance program.  We are the leader in this market and we bring our experience to help you understand what works.  We’ve done workshops all over the world and we have proven methods and solutions.

Let’s walk through some simple steps that you can start with today:

People: Whether you have a top-down mandate for change or are building a program grass roots – you need Data Architects and Stewards to succeed.  Data Governance is a compliance program.  Architects set policies, standards, and guidelines, and Stewards measure compliance.  Architects envision the world as it should be, and Stewards measure it as it is.  Each is co-dependent and vital to each other.  And neither can succeed without technology organizing their efforts and reporting their milestones.

Process

Architects should be measured on how well they sell their visions to the organization through adoption rates that Stewards verify via compliance checking.  Stewards should be measured on the value they add to business units through fixing the policy gaps they uncover.  Both roles need three defined processes to implement policy and verify compliance:

1.  Assessment: New business products, applications, mergers or acquisitions will impact semantic consistency, data quality, views of the truth, trusted information, and security & privacy.  You need a standardized assessment to evaluate the risks posed to data by these changes.  The IBM Information Governance Maturity Model is a great tool for this purpose.
2.  Investigation: You also have to monitor smaller changes in database design, table structure, content and context.  This is like an early-warning radar system that monitors your data infrastructure.  With it, your stewards can detect new risks before they become exposures.  Without it, you are flying blind and you already know what that looks like…
3.  Gleaning: Audit is your best friend.  They won’t find everything on their own.  But after assessments and investigations, they will find hard to see issues.  Use them to glean the fields and pickup the kernels your machines miss.

Technology

None of this is possible without Technology Solutions from IBM.  Architects and Stewards need solution support to be effective on a sustainable basis.  You already know that semantic consistency, data quality, single views of the truth,and trusted information that is secure and protected are difficult to achieve on their own.  But here’s how IBM can help you pull your people and processes together with best of breed solutions that make Information Governance work:

Semantic Consistency: We all know how hard it is to get human beings to agree on common definitions, and our data systems are just as confused.  But Information Governance can make a difference.  Here is an example of how it works:

Data Architects can use IBM Metadata Workbench to discover and classify data elements and attributes.  Metadata is basically the data about the data you have. It’s about who owns it, where it lives, where it came from, where it’s used and what it means.

The Data Stewards work with business units and IBM Business Glossary to define glossary terms for common definitions, product codes, customer codes, logistical elements, and even linguistic synonyms.  This is by no means an easy process, and it requires consultation and patience to get terms defined and change the definitions over time as usages change.

But once defined, Data Architects and Stewards can work together to link business terms in the Glossary to metadata and the organization can reap the enormous benefits of semantic consistency – Data Search by business terms; Faster reconciliation and reporting of financial results; Reduced error rates in data entry; Efficient coding in Software Development.

Data Quality: Unfortunately, a byproduct of more information is more lower quality.  The ratios can remain the same, but with higher volumes and increasing redundancy, you have a wider proliferation of information that is out of date, unreferenced, error-prone, or just unverified.

The widespread use of metadata and Business Glossary to achieve Sematnic Consistency will help alleviate Data Quality problems in the future by reducing data processing errors introduced by the use of outdated product and customer codes and similar issues.

To fix current challenges, Data Architects need to first document the sources and varieties of data quality errors and omissions made in the past processes to create new standards and policies.  Compliance testing is the feedback loop for policy-making.

For example, Data Stewards, working with IBM Information Discovery and Analyzer can pull data out of production and perform trend analysis to identify data quality problems that require remediation.  Working together, creating policies and checking compliance, Data Architects and Stewards can improve data quality over time and help their organizations improve  business results, cut costs, and reduce operational inefficiency.  And Metadata, Glossaries, Discovery, and Analysis can be brought together in a new tool called IBM BluePrint Director which links data assets to definitions and data flows.  Its an Architects tool to define how the world should be and your Information Governance program is incomplete without this capability.

Single View of the Truth:Most organizations are product oriented.  An organization with 50 products might have 50 customer databases with more than 50 instances of the same customer data, and rarely will even two instances match.  Increasingly, organizations are implementing IBM Master Data Management as the hub of their Information Governance program to create one master record of “Customer,” “Product,” “Contract,” etc – to become Data-Centric.

MDM is a dynamic solution and it takes Information Governance to maintain its integrity as your organization changes and grows.  Each new application and data repository will need to be related to the MDM master in order to maintain operational consistency.  The best way to accomplish this is to organize your Data Stewards by MDM Data Model types.

Data Architects should create policies that requrie every new application and database to use the MDM hub, and a standardized assessment process that looks at new applications and evaluates how to apply MDM.  IBM Information Discovery and Information Analyzer can again be used to detect changes in database infrastructure that indicate instances where MDM is not being used.

Altogether, by using MDM with your Information Governance program you can realize a 30% improvement in productivity for the Sales organization, consolidate and reduce IT costs by replacing existing infrastructure, and reduce the over-production of your product catalog and saved millions of dollars.

Trusted Information: Your data is an asset to your organization, and like any other asset can lose it’s value if not properly maintained across its lifecycle – becoming a liability.  When you retain information you don’t need, you degrade application performance, impact operational efficiency, and leave yourself open to litigation through eDiscovery.  Archiving plays a key part in this area.  As historical data ages, archiving allows you to save money, increase application performance, and even help your people make smarter decisions.  Data must be retained for compliance, but it doesn’t have to bog down your production systems. It’s possible to archive it in a way that allows you to access it even without the application.  Even with archiving in place, you may still have volumes of data so being able to analyze performance, identify bottlenecks and keep data optimized will help lower operations costs – and enable organizations to meet their SLAs.

Data Architects can use IBM Smart Archiving to create information archiving policies that take inactive structured and unstructured data out of front tier storage, classifies it with common metadata and Business Glossary definitions, and sets retention rules that help you meet business and regulatory requirements.  Architects and DBAa can use the Tivoli Omegamon XE products for DB2 for z.OS and IMS – and Option Query Workload Tuner to provide deep performance insight and resolution – across the infrastructure so that systems and applications can be kept in an optimized state.

Data Stewards can work with business owners to document retention requirements and constantly verify that archives are meeting internal compliance mandates.

Working together with your MDM Hub, IBM Smart Archiving can preserve business objects intact and make eDiscovery a seamless process of intelligent search via business terms – providing Trusted Information to the business and minimizing the risks of unnecessary retention.

Security and Protected: Finally, like most organizations, you probably have a lot of data you send abroad for application testing, provide to 3rd parties for additional processing, or even provide to directly to customers over the Internet.  Every time data is shared with others, you face the risk of cyber-crime or inadvertent disclosure.  Information today can’t be trusted if it isn’t verified.

Data Architects will need to work with organizations you share data with to design mutually enforceable security policies governing data in use, at rest or in motion.  Data that is off-shored for application testing will have to use IBM Optim Data Privacy and Test Data Management to de-identify and transform sensitive information prior to testing. Masking data is one aspect of privacy – organizations must also consider encryption of data while in use, motion or at rest so that it can only be read by authorized users.  IBM Guardium technology provides audit of information across different data sources and platforms, enforces separation of duties (auditor v super user) and enables organizations to be proactive rather than reactive through real time alerting – without the performance overhead of database logging.

Data Stewards and auditors will have to inspect the audit reports to make sure data usage is compliant with policy and work with internal legal counsel and external auditors on spot audits and other forms of non-intrusive verification.

Your data is an asset.  Once lost, the liability can be immeasurable.  Without proper information protection solutions from IBM, your Information Governance Program could be at risk.

Don’t take that chance!

We have explored five information governance use cases and the descriptions of the problems and solutions were all too brief.  But this is just an introduction to the key issues you need to understand to make your Information Governance succeed:

Semantic Consistency
Higher quality Data
Single View of the Truth
Trusted Information
Protect and Secure Privacy

In each of these areas, IBM has developed Information Governance Blueprints that can help you organize your people, processes, and technology to develop Information Governance programs that provide sustainable results.  We have a library of in-depth briefings designed for each of these goals, with detailed use cases and implementation examples. IBM also helps you build strong business cases for these capabilities using a library of ROI calculators, Business Value, Data Quality and Vulnerability assessments – and teams of specialists around the world ready to help you implement them.

Yes, this article has the form of an advertisement for IBM solutions.  But you know what, I think its time for that.  Companies are just not going to succeed without technology supporting people and process and the other vendors are not showing how their solutions fit in a simple Information Governance structure that anyone can emulate.  This is a start.  I wanted to discuss the Business Outcome Maps the Council Created in September 2010, but go beyond the Maturity Model.

Let me know what you think.  Comments and Feedback are welcome.

Since the 18th Century, Freedom of Expression has been enshrined in constitutions around the world as a Basic Human Right.  It defines Democracy in its defense and Dictatorships in its assault.  People like to control and don’t like to be controlled, and the tension between controlling and being controlled requires this Human Right to be defended and re-defined every year.  Sometimes, like during the McCarthy Era in the United States, the tide turns against Freedom.  Other times, like in the Middle East today,  the Freedom to speak changes the course of history.

Small is beautiful.

We had a small group in Asheville but it was intimate and interactive from the moment we sat down on Tuesday until we ended 27 hours later on Wednesday.  We discussed Metadata, Data Classification, Data Architecture and Stewards, Security & Privacy, e-Discovery, Legal Liability, and so much more.  We were 12 people in the room and 26 on the phone.

Some photos of what we experienced are posted here:

https://picasaweb.google.com/countciano/Asheville#

And I interviewed several participants and posted them to our Youtube channel:

Thanks to everyone who participated and contributed to make the meeting so valuable and memorable.

I’ve been advising companies to form Data Governance Councils for five years, and its a mistake.  Its not 100%, but if you want to succeed with a Data Governance program there are easier ways with lower risk.

A few reasons why:

Councils require executive support and executives have their own power structures and agendas which are not always well served by new structures they don’t control.  If you want a Council, you need to find an executive who will see the Council as an advantage.  That executive will need to persuade other execs that her Council isn’t a threat to anyone.  The easiest way to make it non-threatening is to invite the other Executives to participate.  They will probably reject that idea because Executives go to enough meetings.  But if they go along, you now have a Council with a lot of executives.  Executives have short attention spans and are very demanding.  Unless you have suffered a massive loss due to poor data quality or a serious security breach, you will need a phenomenal business case to justify the time of all these executives going to meetings you no longer will run talking about things you can’t in any way control.

I saw an example of this a few years ago.  Becky came to my very first Data Governance Summit in October 2004, at the Mohonk Mountain House in New Paltz, NY.  She sat in the back and took copious notes for three days.  Then I never heard from her again.  But about three years later she rang me up to say that she had learned a lot at Mohonk and had implemented what she had learned in her company.  They had a DG Council for well over two years and could I come out and talk to them.  I was delighted and made plans to fly out to meet with them.  Of course, I had many questions.  There weren’t many Data Governance programs around in 2008 and even fewer with functioning Councils.  So I asked about their charter, functional powers, roles and responsibilities, and metrics and milestones.

They didn’t have any of that.  Nothing written down, no formal mission statement anyone could remember, vague roles and responsibilities, and almost no metrics or milestones.  But they did have a lot of executives meeting once a month talking about data.  And you know what, they hated those meetings and I had a good feeling many of them hated each other.  Most of my meeting with them was me serving up questions and them batting the answers to each other.  It was ugly and I left rather glad to go.  At the time, I saw the definition flaws, the lack of scope, and the poor documentation as the principle reasons for the failure.  It never occurred to me that maybe the institution itself was prone to problems – that Councils are awkward instruments to be used sparingly.  As I look back now I realize this was a warning that I did not heed.

The Washington Post had a great article yesterday about the most famous Council in the world; President Obama’s Cabinet.  If you remember, Obama hired an all-star cabinet in 2009.  From Transportation to State, this is a cabinet of high-achievers and big egos, people with fantastic experience and resumes.  But the complaint today is that most of them have been ignored by the White House the past two years.  ”They were not well used” is the common refrain.  Why?  Well it appears that it was just a lot easier for a small clique of operatives around the President to make decisions on their own and inform others later.  So even if you have an all-star Council full of fancy titles and personalities, it doesn’t mean they will be heard, well regarded, or have any collective power to make things happen.  Quite often they just don’t.

Look, I could give you a lot of other examples of Councils with dubious chances of success.   At the end of the day, this is still a hierarchical power structure that costs time and money to organize and that resource can be better spent on easier targets.

My advice: don’t do it.  And don’t listen to “experts” who tell you to do it either.  Those experts haven’t been around long enough to learn from their own, or anyone else’s mistakes.

So what should you do and what do you need to be really successful with Data Governance.  This is so simple and I don’t know why the truth alluded me for so long.

1.  Get yourself some (Data, Security, Content) Architects. This is a VERY important role.  These people define standards, policies, architectures and guidelines.  They are visionaries who see the world as it should be.  They can use tools like IBM Blueprint Director.  This role should be centralized, but the Architects should be measured on how many business units adopt the standards, policies, guidelines, and architectures they create.  They can’t just paint pictures in the corner.  They need to sell what they create and you need to measure who buys it and how it gets implemented.

2.  Next, define some (Data, Security, Content) Stewards.  Notice I’m not just calling them Data Stewards.  Data Governance is more than MDM and Data Quality.  Its about the confluence of those things and Security and Unstructured Content.  Don’t let vendors tell you its just about whatever they are selling.  That’s a narrow view that won’t do much more for you than you are already doing.

Back to our story.  (Data, Security, Content) Stewards – call them Data Integrity Officers if you like.  These people are internal compliance officers.  They compare current practices to architectural standards, policies, and guidelines and measure the world as it is.  Their job is to be a feedback loop to Architects, and vice versa.  These two functions are interdependent.  But you need your stewards out in the field.  They need to be either in operations or directly assigned to a business unit.  They should understand data and how it is used.  What it means and what it’s worth.  These are your local enablers that fix small problems every day and help business units to get more value from their information.  They are semantic experts and understand how glossaries are created and how politically challenging some definitions can be.  The see both IT and business issues and help both sides understand each other.  This role is hard to fill, and these people are like gold in your program.  Pay them well.  Treat them well.  The dividends are enormous.

3.  Build a standardized assessment process and insert it into your Software Development Life Cycle. Change happens.  All the time.  If you aren’t watching, it still happens.  You need a way to assert your (Data,Security,Content) standards, policies, guidelines, and compliance mandates into the Change Processes that drive your business.  SDLC is one of them.  Make sure no one can get IT funding for new widgets without getting the OK from your team.  Use the Information Governance Maturity Model to create your assessment.  It’s industry based and free for non-commercial purposes.  But don’t expect to change the world.  70% of new projects will ignore or bypass you (because they don’t know who you are, don’t like you, don’t think you add value, or are best friends with your boss and can do what they want).  But catching 30% is better than nothing, and having a process to measure non-compliance is important (CYA).

4.  Start monitoring your business processes for failures that impact (Data,Security,Content) Integrity. Data geeks only see the problems associated with what they work on.  But business process failures have a huge impact on Integrity.  If your company acquires another and no one does Data Governance due diligence on the new data assets, it will drive down quality, security, and transactional integrity.

5.  Also monitor your IT infrastructure for new databases, tables, data marts, and other tell-tale signs of changes that escaped your SDLC checkpoint. IBM tools like Optim, Infosphere Discovery and Guardium, Information Analyzer and Metadata Workbench, are excellent for this task.  You need to expect that people will do things without telling you.  But you still need to find it somehow.  Put in place a monitoring infrastructure to tell you things people don’t.  And then make this and the business process information VERY widely available.  Use Cognos to create a Data Governance Scorecard to report everything that happens, what your team is doing about it, and how much it has made or saved the organization.  This is where you try to find out about the 70% that doesn’t use your assessment process.  Without this technology layer your half-life is very short.  You can’t govern effectively if you don’t know what’s going on.  Operational Awareness is your most important asset.

Everything you monitor gives you facts you can use to make business cases to fix repetitive problems your stewards can’t change on their own.  Without facts, you have no case.  Without a business case, you can only put out small fires while the house burns down around you.  Or worse, you make up facts to suit your business case and sell it to your company to change the wrong things.  That never happens does it…

6.  Become best friends with Audit and teach them how to do some of your job for you. They should be checking DQ in large transactional systems, audit logs, retention records, metadata repositories, and they should be doing Information Governance Maturity Model assessments with different business units every month!  Stewards in business units will get be co-opted by the measurement system.  They will see more trees than forest and despite all your efforts to achieve operational awareness, people are people and they make mistakes.  Audit will find those mistakes.  This is your insurance policy against human nature.  Make the most of it.

Of course there is more than this.  I can’t tell you everything I’ve learned over the last six years in one blog article.  But you don’t need to know all of it.  You can probably do a lot of what I just described with most of what you already have.  That’s right, you are already doing a lot of things right.  You don’t need a Council or Executive Sponsorship.  Your chances of success are so much greater without them.

Take my advice: forgo the risk.  Keep it simple and learn from my mistakes.

A friend rang me up last week to ask if I’d have a look at his project plan.  He was proposing a major data consolidation plan for a client.  The proposal involved consolidating hundreds of data marts and repositories around the world into five new data centers with a fancy new BI layer on top to transform how the customer used information.  The problem descriptions were excellent.  The customer used gut instinct to make decisions more than their own data because the data often wasn’t available when needed, in the wrong format, out of date, or just inaccurate.  Also, the organization had developed decision-making models that didn’t use data scientifically because it wasn’t available – so the culture evolved in a way that made data usage unnatural.  And its always a lot more fun to just make stuff up rather than check the facts and pore through lots of boring data…

The business case for change was based on some very conservative estimates of revenue growth due to better forecasting, cost cutting from redundancy elimination and fewer mistakes in decision-making, and increased efficiencies from better access to accurate information.   The organization knew it had to change and was ready for the very large project to begin.

I reviewed the proposals and discussed the ideas with my friend.  A lot of it looked eerily familiar.  And then I remembered that this company had done a very big data consolidation just 6 years ago.  But when I asked my friend about this, he said that was news to him.  Then I told him the story how I had been asked to provide similar feedback on a story just like this at the same company at the time of their last consolidation.  And I asked him, “so how come this company is right back where it started six years ago and now has to spend another kazillion dollars on a data consolidation?”

If you’ve been around Data Governance for more than a year, the answer is obvious.  Companies think about new applications that fix problems today, but don’t plan to prevent past problems from re-occurring.  Data Governance is like Change Management.  If you’re not watching what changes every day, it still happens.  Change doesn’t stop.  Your innovative new applications are perfect for about 5 minutes after they are deployed.  Then someone makes a mistake, deploys a fix, creates a table, changes a definition, or just does their job in a slightly eclectic way.  Then they create copies of a data warehouse, propagate data marts and spreadsheet, and pretty soon your data is so disseminated no one knows what’s right or wrong.

But it doesn’t happen overnight.  It takes months and years, and the changes are incremental – so small no one is inconvenienced by one or two.  Most even are good for the company in the short run.  But they add up.  Like the way water drips in a cave and produces stalagmites over many days and years.  And before you know it, you’ve got calcium deposits that muck up your data and your decision-making processes.

Its all about change.  If you aren’t watching what’s happening, its still happening.  A few years from now, it will feel like Deja Vu all over again.