The rise of self-service business intelligence has created a serious data security gap. Data governance can fill that gap.
Business users are often frustrated with the length of time it’s takes to get reports or dashboards. This delay causes people to resort to manually typing up the data by hand, which is laborious and time-consuming.
For this reason, self-service sprung up as a desirable way of working. But self-service simply relieves the symptom – it doesn’t address the root problem of speed. And the relief has side effects.
Side effects of self-service
The landscape has changed, and the whole data world is open to business users. Data discovery and analysis are no longer just the domain of the analyst or IT. Self-service is no longer a term used to describe simply accessing reports. The definition of self-service has grown to capture data exploration, building reports, and doing your own analytics.
In theory, this is an excellent idea. IT resources are called on less, you don’t have to employ more analysts, and business users get their reports faster because they’re not in a queue for IT’s attention.
But, in reality, there are huge pitfalls. Heaven forbid that ‘Joe Bloggs’, who has worked all his life on spreadsheets, starts creating his own reports, altering the data sets, and gaining access to data from across the entire company!
With the rise of self-service a dangerous data governance gap has arisen.
Data governance fills the security gap
Self-service is often so eager to give unfettered access to data for everyone, it leaves a huge security gap. It has taken data control away from IT and left a gaping hole of vulnerability where almost anyone can access and alter almost anything.
There are multiple layers of governance you can employ to ensure data isn’t misused, altered, or divulged. From governing user roles to data source level security, you should consider who has access to what and why they need the access.
Why is governance so crucial?
Firstly, you want accurate data. If anyone and everyone has access to even select data sets, the data can be altered. That makes it vulnerable to error. Moreover, without training and experience, how is a business user supposed to build accurate reports? How do they know which data sets to use and how best to join them to answer their questions in a report? They might even be asking the wrong questions. Using the wrong data produces the wrong results. And that causes issues when business decisions are made based on erroneous reports.
Yes, this goes against the ideology of self-service BI. But I believe there is enough evidence to prove that the pitfalls of self-service BI significantly outweigh the benefits. After all, self-service is a symptom reliever, not a cure. You need to tackle the issue of speed of creation at its root. Don’t just pass on the responsibility of data to those who aren’t paid to do data discovery. At the very least, you are taking time out of their day to do a job you’ve not hired them for.
Secondly, you probably don’t want everyone to have access to all business data. Some of it is very sensitive information. Even if the data never leaves the source, unlimited access could create an internal privacy issue. You need to have the right security levels to stop business users helping themselves to data they shouldn’t see.
Thirdly, you don’t want an accidental (or purposeful) data breach. As analytics industry expert Jen Underwood said, “Many misuse breaches are not done with malicious intent, but rather for a convenience factor. One of the biggest risks to an organization’s information security is often not a weakness in the technology control environment. Rather it is the action or inaction by employees and other personnel that can lead to security incidents.”
So what governance do we need?
Your priority is to protect the data.
Give security back to those who know how to secure the data. Nobody, unless they’re a trained data analyst or data scientist, should be able to manipulate the data at its source. That just opens up gulfs of disaster.
Govern roles and responsibilities. Define the different types of users you have and determine their levels of access. Reserve access to the data for those who specialize in data analysis.
I would highly recommend you do not give everyone the ability to create reports and dashboards. Why? Because anyone who can create reports needs access to data. Ask yourself, ‘What can this person see?’ and ‘What can this person do?’.
Allow business users to consume reports and dashboards and drill into the details. Having access to data insights in the form of reports and dashboards is invaluable for business users – the information they can access as visualizations influences their business decisions.
Make sure those with access to data know what they are doing, how to do it and that they understand the full implications of what they can mess up. The cost of errors in the long-run is not worth the short-term gain of providing unfettered access to all data for all users. I whole-heartedly believe in investing in analysts. They cost less than the mistakes of business users using self-service BI in the long run.
Save yourself headaches and a lot of money by selecting a BI tool that can be carefully governed, allowing you the freedom to choose exactly who can access what. Just remember, in your haste to get data to everyone, mind the data governance gap.