Data governance and cybersecurity HARVARD VERITAS
IWILL not write about vendorcentric capabilities on governance technology providers nor shall I expand or validate what everybody else feels they need, on their understanding of data governance or cybersecurity (based on a myriad of white papers out there). Instead, I will give my best opinion on the role of good data governance as one of the keys to an effective cybersecurity program.
First, I will give a layman’s view of what data governance is to a government institution and to the private industry sector partners. And second, I will explain it as what it is to society. To government and the private sector, data governance is a strategy to organize important data that can be accessed, made available to be used for analysis, to make decisions strategically for and from an unbiased and authentic point of view, that shall limit if not reduce completely the risk to either sector to save money and time. This allows both organizations, private and public, to address the unhampered delivery of services or goods needed by society. To society, data governance is a digital knowledge repository, which people rely on to get information from ( presuming that the data on the internet is unbiased and authentic) so that they can make use of this data to better and simplify and live a productive and happy life.
Now you have my interpretation of data governance in general, let me go in further and be a little bit philosophical and yet practical. The nature of the world we live in that will probably always be true is, that we do not know what we do not know and that we don’t know what’s coming next. We must address this or be blindsided. Cybersecurity is what I call a pandemic preparedness of the digital world. I mentioned above that “good” data governance is key to an effective cybersecurity program and that the government, private sector, and society need good data governance as an integral strategy for seamless growth, and yet there is the fact of the unknown that lurks to disrupt all these.
That is data governance. It will always be fluid to a certain extent. Data governance then will always be evolving to address changes. It can be likened to a living breathing organism that has needs and capabilities that change through time and environments, mutating as it adapts. Like water that seeks its own level, it will, shall and continue to evolve till it serves its purpose. In response to that, we are seeing that rebalancing risk avoidance is opportunity enablement.
Trying to leverage the work that’s being done around understanding and getting our arms around data and curating it in an appropriate way so that the business can take advantage of it in a most efficient effective way, is something that’s very important for data governance in general. Remember risk reduction (avoidance) is a cost-cutting strategy. Those are the things that the C-level people in the organization, especially the ones outside of the data realm, are specifically looking for. Data discovery preparation, quality and traceability continue to be challenges, and everyone is finding and looking at different ways to do better. “The organization” at all levels going into automation or going into digitization can all agree that every organization needs an accurate high-quality real-time data pipeline. To society, authentic unbridged and unbiased information (which is good data governance) is important. In the middle of all these two general sets of stakeholders lies the balance unachieved by non-technology practitioners.
I say this because ethically architected technology should be pervasive. The interpretation of this I leave to the technologists. Rule of law even in cyberspace should always be held supreme and be respected, to protect the people who are using the brave new digital world and to limit cybercrime. The question now is who owns/ coowns the generated data? Which law shall apply (the cyberworld is borderless therefore transnational) and who shall regulate and implement the law to make sure that digital governance is in place and we shall put the highlight on? The question, what is the role of all the (public) stakeholders was slow in its evolution pre-Covid, but now given the attention and focus for everyone’s monitoring and regulation for healthy cyber well-being.
A good cybersecurity strategy is therefore beyond good cyberhygiene (not reusing and changing of a complex password, not opening emails without scanning for viruses). Good cyber hygiene should at the least be zipping up documents and AES encrypting before sending and installing antivirus programs and best is not to post photos of IDs, certificates and the like. It is a new way of life, the start of the fourth industrial revolution (4IR). It is the tide that will float all boats (as they say). So, anyone that has engagement or presence in this world shall be on the internet (which is the most prevalent and the cheapest marketing and sales tool not to mention brand presence strategy and monetizing opportunity. Cybersecurity before was like a first aid kit (you never know when you need it, but you have to have it). Now it’s really more of a seat belt when you ride a car. You need it.