Data Stewards

A data steward is an organizational role responsible for enacting the data governance policy. Data stewards are typically subject matter experts who are familiar with the data used by a specific business function or department. They ensure the fitness of data elements, both content and metadata, administer the data and ensure compliance with regulations.

Data Governance vs Data Management

Data governance is a strategy used while data management is the practices used to protect the value of data. When creating a data governance strategy, you incorporate and define data management practices. Data governance examples and policies direct how technologies and solutions are used, while management leverages these solutions to achieve tasks.

Data Governance Frameworks

A data governance framework is a structure that helps an organization assign responsibilities, make decisions, and take action on enterprise data. Data governance frameworks can be classified into three types:

  • Command and control – the framework designates a few employees as data stewards, and requires them to take on data governance responsibilities.
  • Traditional – the framework designates a larger number of employees as data stewards, on a voluntary basis, with a few serving as “critical data stewards” with additional responsibilities.
  • Non-invasive – the framework recognizes people as data stewards based on their existing work and relation to the data; everyone who creates and modifies data becomes a data steward for that data.

Essential elements of a data governance framework include:

  • Funding and management support – a data governance framework is not meaningful unless it is backed by management as an official company policy.
  • User engagement – ensuring those who consume the data understand and will cooperate with data governance rules.
  • Data governance council – a formal body responsible for defining the data governance framework and helping to enact it in the organization.

While many companies create data governance frameworks independently, there are several standards which can help formulate a data governance framework, including COBIT, ISO/IEC 38500, and ISO/TC 215.

Goals of Information Governance Initiatives

Data and information governance helps organizations achieve goals such as:

  • Complying with standards like SOX, Basel I/II, HIPAA, GDPR
  • Maximizing the value of data and enabling its re-use
  • Improving data-driven decision making
  • Reducing the cost of data management

Data Governance Strategy

A data governance strategy informs the content of an organization’s data governance framework. It requires you to define, for each set of organizational data:

  • Where: Where it is physically stored
  • Who: Who has or should have access to it
  • What: Definition of important entities such as “customer”, “vendor”, “transaction”
  • How: What the current structure of the data is
  • Quality: Current and desired quality of the source data and consumable data sets
  • Goals: What we want to do with this data
  • Requirements: What needs to happen for the data to meet the goals

What is a Data Governance Policy and Why is it Important?

Data governance policies are guidelines that you can use to ensure your data and assets are used properly and managed consistently. These guidelines typically include policies related to privacy, security, access, and quality. Guidelines also cover the roles and responsibilities of those implementing policies and compliance measures.

The purpose of these policies are to ensure that organizations are able to maintain and secure high-quality data. Governance policies form the base of your larger governance strategy and enable you to clearly define how governance is carried out.

Data Governance Roles

Data governance operations are performed by a range of organizational members, including IT staff, data management professionals, business executives, and end users. There is no strict standard for who should fill data governance roles but there are standard roles that organizations implement.

Chief Data Officer

Chief data officers are typically senior executives that oversee your governance program. This role is responsible for acting as a program advocate, working to secure staffing, funding, and approval for the project, and monitoring program progress.

Data Governance Manager and Team

Data governance managers may be covered by the chief data officer role or may be separate staff. This role is responsible for managing your data governance team and having a more direct role in the distribution and management of tasks. This person helps coordinate governance processes, leads training sessions and meetings, evaluates performance metrics, and manages internal communications.

Data Governance Committee

The data governance committee is an oversight committee that approves and directs the actions of the governance team and manager. This committee is typically composed of data owners and business executives.

They take the recommendations of the data governance professionals and ensure that processes and strategies align with business goals. This committee is also responsible for resolving disputes between business units related to data or governance.

Data Stewards

Data stewards are the individual team members responsible for overseeing data and implementing policies and processes. These roles are typically filled by IT or data professionals with expertise on data domains and assets. Data stewards may also play a role as engineers, quality analysts, data modelers, and data architects.

A 4-Step Data Governance Model

Managing data governance principles effectively requires creating a business function, similar to human resources or research and development. This function needs to be well defined and should include the following process steps:

  1. Discovery—processes dedicated to determining the current state of data, which processes are dependent on data, what technical and organizational capabilities support data, and the flow of the data lifecycle. These processes derive insights about data and data use for use in definition processes. Discovery processes run simultaneously with and are used iteratively with definition processes. 
  2. Definition—processes dedicated to the documentation of data definitions, relationships, and taxonomies. In these processes, insights from discovery processes are used to define standards, measurements, policies, rules, and strategies to operationalize governance.
  3. Application—processes dedicated to operationalizing and ensuring compliance with governance strategies and policies. These processes include the implementation of roles and responsibilities for governance.
  4. Measurement—processes dedicated to monitoring and measuring the value and effectiveness of governance workflows. These processes provide visibility into governance practices and ensure auditability.

Data Governance Maturity Model

Evaluating the maturity of your governance strategies can help you identify areas of improvement. When evaluating your practices, consider the following levels.

Level 0: Unaware

Level 0 organizations have no awareness of data governance meaning and no system or set of policies defined for data. This includes a lack of policies for creating, collecting, or sharing information. No data models are outlined and no standards are established for storing or transferring data.

Action items

Strategy planners and system architects need to inform IT and business leaders about the importance and benefits of data governance and enterprise information management (EIM).

Level 1: Aware

Level 1 organizations understand that they are lacking data governance solutions and processes but have few or no strategies in place. Typically IT and business leaders understand that EIM is important but have not taken action to enforce the creation of governance policies.

Action Items

Planners and architects need to begin determining organization needs and developing a strategy to meet those needs.

Level 2: Reactive

Level 2 organizations understand the importance and value of data and have some policies in place to protect data. Typically, the practices used to protect data by these organizations are ineffective, incomplete, or inconsistently enforced.

Action items

Management teams need to push for consistency and standardization for the implementation of policies.

Level 3: Proactive

Level 3 organizations are actively working to apply governance, including implementing proactive measures. Data governance is a part of all organizational processes. However, there is typically no universal system for governance. Instead, information owners are responsible for management.

Action items

Organizations need to evaluate governance at the departmental level and centralize responsibilities.

Level 4: Managed

Level 4 organizations have developed and consistently implemented governance policies and standards. These organizations have categorized their data assets and can monitor data use and storage. Additionally, oversight of governance is performed by an established team with roles and responsibilities.

Action Items

Teams should actively track data management tasks and perform audits to ensure that policies are applied consistently.

Level 5: Effective

Level 5 organizations have achieved reliable data governance structures. They may have individuals in their teams with data governance certifications and have established experts. These organizations can effectively leverage their data for competitive advantage and improvements in productivity.

Action items

Teams should work to maintain governance and verify compliance. Teams may also actively investigate methods for improving proactive governance. For example, by researching best practices for specific governance cases, like big data governance.

Data Governance Best Practices

A data governance initiative must start with broad management support and acceptance from stakeholders who own and manage the data (called data custodians).

It is advisable to start with a small pilot project, on a set of data which is especially problematic and in need of governance, to show stakeholders and management what is involved, and demonstrate the return on investment of data governance activity.

When rolling out data governance across the organization, use templates, models and existing tools when possible in order to save time and empower organizational roles to improve quality, accessibility and integrity for their own data. Evaluate and consider using data governance tools which can help standardize processes and automate manual activities.

Most importantly, build a community of data stewards willing to take responsibility for data quality. Preferably, these should be the individuals who already create and manage data sets, and understand the value of making data usable for the entire organization.

See how Imperva Data Security Solutions can help you with data governance.

Imperva Data Governance Tools

Master Data Management (MDM) tools are commonly used in data governance projects, to define a business glossary which is a single point of reference for critical business data. MDM tools help define official data types, categories and values—for example, an official list of product catalog numbers—and manage business workflows related to this Master Data.

Security tools are also crucial for data governance, and responsible for the task of safeguarding sensitive data.

Imperva File Security is one such tool, built specifically to assist with governance. With it, you can monitor files and databases across the organization, to:

  • Discover and map file and database servers
  • Identify securing sensitive data such as social security numbers, credit card data, etc.
  • Gain visibility and control over current usage of data
  • Enable role- and workflow-based management of data—allowing you to grant access to data stewards to the data for which they are responsible, at the appropriate stages of its lifecycle
  • Create compliance reports for organizational data

Beyond File Security, Imperva’s data security solution protects your data wherever it lives—on premises, in the cloud and in hybrid environments. It also provides security and IT teams with full visibility into how the data is being accessed, used, and moved around the organization.
Our comprehensive approach relies on multiple layers of protection, including:

  • Database firewall—blocks SQL injection and other threats, while evaluating for known vulnerabilities.
  • User rights management—monitors data access and activities of privileged users to identify excessive, inappropriate, and unused privileges.
  • Data masking and encryption—obfuscates sensitive data so it would be useless to the bad actor, even if somehow extracted.
  • Data loss prevention (DLP)—inspects data in motion, at rest on servers, in cloud storage, or on endpoint devices.
  • User behavior analytics—establishes baselines of data access behavior, uses machine learning to detect and alert on abnormal and potentially risky activity.
  • Data discovery and classification—reveals the location, volume, and context of data on premises and in the cloud.
  • Database activity monitoring—monitors relational databases, data warehouses, big data and mainframes to generate real-time alerts on policy violations.
  • Alert prioritization—Imperva uses AI and machine learning technology to look across the stream of security events and prioritize the ones that matter most.