Enterprise Mobility – Data in the Driver’s Seat – Part I

This is Part I of a two-part series on the importance of data in an enterprise’s ability to effectively enable mobility for users. The first part covers the necessity of a solid data management foundation and the second will explore how that foundation drives the app ecosystem.

Besides email, can you name your three most valuable data sets in your organization? If a new data set is created do you have a process to bring it under management? Do you have audit capabilities? Do you know who is accessing your data sets? When discussing the various popular topics of enterprise mobility such as BYOD, Consumerization of IT, Mobile Device Management (MDM), and Mobile Application Management (MAM), the topic of security – especially data security – is always top-of-mind. The idea that one of your most valuable corporate assets is potentially running around on insecure devices is enough to induce a panic attack for many IT professionals.

A lot of mind-share has been devoted to the idea that data, not devices, is of paramount security and management importance to enterprises. Lost or stolen data represents the greatest risk to your organization with mobility. Mobile Information Management (MIM), as a technological solution, is seen as a pinnacle of enterprise mobility management. While I subscribe to the idea that MIM is the desired destination for mobility management, MIM must sit firmly atop of the best practices of data governance. Data governance is often assumed but not discussed or, at best, only briefly mentioned. It is a practical house-keeping exercise that, while mundane, will produce the optimal atmosphere for the success of Mobile Information Management. Data governance is the idea that data is formally managed in an enterprise and adheres to a life-cycle process as would any physical asset in your business. The idea of data governance seems almost too obvious and simple to bother to discuss, but I am always amazed at the number of organizations that I help advise that have very limited data governance practices. Perhaps it is the seemingly ever-changing nature of data. Perhaps it is due to rogue data creation. Perhaps it is just sheer laziness. Whatever it is, mobility presents an opportunity to only compound the effects of poor data governance. That is why this is so important to raise as an issue. Mobility represents another technology layer for access, consumption, and creation of data. Without the proper data governance processes in place, organizations are at risk of piling additional complexity on top of an already lacking process. This will only create more opportunity for data dispersion and exposure risk.

Data governance should be approached as a process issue and not as a control issue. It is far too easy for users to create their own data sets. This is exacerbated further with the services available to users through mobility. If you create a process that works for users rather than against them, your chances of success are greatly increased. Where data resides and how it is conceived might change, but a robust process will be flexible enough to adapt to these changes. This doesn’t need to be an over complex, heavy-handed process. Communication and education are your best and primary tools. Your goal shouldn’t be how to tightly control data but rather developing a network of those who take an active part in ‘owning’ and curating the data.

If you currently lack any process for data governance you could easily begin with performing a high-level data inventory – better to start simple than have nothing at all. A simple data inventory consists of:

• A central record of all data sets
• Who currently ‘owns’ it
• Should it be backed up

There are many more elements that one could collect but this basic data inventory will get your organization to a baseline. Once you have this baseline established you can begin to collect more refined attributes, but more importantly, develop process and community around adds, edits, and deletes to data.

It is most important to remember that a technical solution is a poor substitute for a process. Mobility has activated our imagination and allowed us to see just how easy access and exposure of data has become. It has jolted our senses and brought data security to the forefront of the mobile discussion. But, MIM, as it is often discussed in the public sphere, is a solution and not a process. Its effectiveness is heavily reliant upon good data governance being firmly in place. MIM should be the technology applied to a well conceived process. Technology will never be the solution to bad process. When it comes to your data this is no exception. How good of a handle do you have on your data? Where do you think the process could be improved? Do you think that data governance is overkill? Post a comment and let me know what you think!

Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.



Filed under Information Management, Mobile, Uncategorized

6 responses to “Enterprise Mobility – Data in the Driver’s Seat – Part I

  1. The potential risks with the proliferation of mobile devices are similar to those posed by the cloud as pointed out here: http://www.technologyreview.com/blog/arxiv/27642/

    What those researchers are saying is that complexity inherently brings about unpredictable risks and emergent network effects.

    More devices equals more risk period. Moving from owned and operated devices to devices owned and operated by 3rd parties increases those risks exponentially.

  2. Certainly you have to regulate the manner in which data is handled, but the move to mobile devices compounds the issue of vulnerability. To be hugely reductionist, imagine a stack of cash in a vault compared to a stack of cash in your wallet – the one that’s bolted to the floor is still vulnerable to theft but far more difficult to get to than the one bouncing around in someone’s pocket. Certainly you always have to be aware of how people are (mis)using data, but when a desktop computer is concerned the bad behavior presents less of a risk than a laptop – it’s harder to break into a building than pick up a machine that someone left at Starbucks. Look at the huge increase of breaches of confidential patient information in the healthcare field that accompanied the adoption of portable devices: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
    I agree that data governance is a holistic process, but there are some solutions that can be implemented immediately to patch some holes. Encryption of portable devices is particularly important and goes a long way to ensuring data security.

    • Paul,

      I agree – mobility greatly increases data access points. As I stated above “Mobility has activated our imagination and allowed us to see just how easy access and exposure of data has become.” Encryption is a vital aspect of enterprise mobility. My point is not that device capabilities and management isn’t part of the picture – just that you need to know the boundaries of the data you wish to protect. Without this your risk increases even further.

  3. Pingback: Enterprise Mobility – Data in the Driver’s Seat – Part II | remotelyMOBILE

  4. Pingback: Do I only need one mobile device? | MyPersonalPhone

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s