AWS Smart Business Blog
How to Create a Data Governance Strategy for Your Small or Medium Business
When you hear the term “data governance,” you might associate it with highly-regulated industries such as healthcare and financial services. But smart businesses across all industries recognize using data effectively can provide a competitive advantage. A 2021 report on confident decision making with data indicated that “66% of data and analytics professionals experienced improved data quality as a ‘leading benefit’ when implementing data governance programs, a trend that rose to a staggering 83% for organizations that already have a mature data governance framework in place.”
Your small or medium business (SMB) might have moved some of its data workflows to the cloud to improve remote collaboration or security during work-from-home orders. What you may not recognize is that you took the first step towards establishing a data-centric approach to your business. In the cloud, your organization’s data must be reliable and trusted, through well-established patterns and processes. This helps you and your team develop accurate insight into your business initiatives.
If overlooked, data governance can be an obstacle. Customers frequently cite these as reasons why they need expert guidance:
- No business data champion to communicate its value
- Budget constraints
- Skills gap among legacy team members
- Thinking that a tool itself will provide governance
Governance is sometimes perceived as a constraint to innovation. This view mostly originated from how governance has historically been implemented—as a one-size-fits-all solution that leveraged a command-and-control approach. Another contributing factor is around regulatory compliance, or sacrificing long-term innovation to meet short-term goals.
What is data governance?
Let’s take a deep dive into this topic by defining it. Data governance is the process to address the integrity, availability, usability, and security of an organization’s data. Given its importance to your business, how you govern it matters significantly. Some common governance categories include:
- Transaction data
- Reference data
- Customer data
- Product data
Data governance includes developing policies, procedures, use of technology, operationalizing processes, and putting in place a culture of data ownership. This means setting up internal standards that apply to how data is ingested, processed, accessed, and eventually disposed of. It also addresses compliance with external standards set by government agencies, industry associations, and other relevant third parties.
Most SMBs may not have the resources or time to manage and maintain large amounts of customer data. But the true costs of poor data management aren’t just in money—lost and damaged data can lead to poor customer trust. Data governance is about establishing policies to help your organization adhere to best practices for managing and protecting its proprietary data.
The question now is: should SMBs be concerned about data governance?
The risks of not having a data governance strategy
SMBs should strongly consider data governance, whether they’re a team of 10 or 100. Implementing an effective strategy helps in mitigating these five common challenges:
- Erosion of customer trust and credibility: Unreliable or inaccurate data damages a company’s reputation and in some cases, it may be irreparable (especially in a competitive industry).
- Increase in data management cost: Storage costs for duplicate or redundant data and compliance fines are also contributors to data management costs.
- Misuse of data: Without a form of governance, different or incorrect conclusions can easily be made from the same dataset.
- Regulatory and compliance violations: For SMBs, fines levied by regulatory bodies might not be as easily absorbed compared to venture-backed startups and large enterprises.
- Higher likelihood of security events: Ungoverned data could lead to outside parties or unauthorized users accessing the information.
How to implement a data governance strategy based on SMB business requirements
The governance approach should factor in the organization’s operating business context. For example, responding late to disruptions in a competitive industry may be very costly to the business hence agile decision making needs to be embraced.
There is certainly no shortage of data governance frameworks, however no two businesses are the same, so we will focus on activities that can help you build a meaningful foundation with decision makers.
Figure 1: Models of data governance diagram
1. Set goals and priorities
The first step is to identify the specific priorities, goals, and business outcomes of your organization. Some examples include:
- Minimizing risks by increasing data security
- Complying with regulatory requirements
- Realizing cost savings
- Increasing value of analytical data
Identify the business stakeholders (Chief Information, Technical, or Data Officers) that would be responsible for these outcomes and what metrics would be used to measure success. Examples may include data quality, security, and lineage (how data flows from data sources to use) metrics. If your SMB does not have c-level technical roles, identify operational business leaders whose teams work closely with company data.
2. Assess and analyze
After identifying these specific and tangible outcomes, choose a data governance champion. This should be someone who is well-versed in the technology and business domains. They will help with:
- Assessment of data management and control processes to determine if they support identified business outcomes
- Analyzing the data acquisition, maintenance, and propagation processes
3. Define
Set key performance indicators (KPIs) based on business outcomes success and risk measures. Many of our customers prefer to build a team that includes the key owners of the processes directly related to data governance. Members of this team include:
- Data owners: Responsible for ensuring data is managed consistently and securely across all systems
- Data custodians: Responsible for maintaining the security of a given dataset
- Data stewards: Responsible for ensuring the quality of data
For SMBs, more than one role may be assigned to an individual. The key to effective data governance is to assign responsibilities for data areas to individuals who are also empowered to make decisions and take actions to define and standardize the processes. Decisions and actions include:
- Defining data domains for data assets
- Defining access and permissions for each domain
- Defining the system of record for each data domain
- Developing the policies based on the decisions made
4. Operate
Choose the tool(s) to implement the policies and processes outlined by the data governance team. There are several tools available in the industry, however you have to select the right tool for your specific need. For example, AWS Lake Formation provides capability to simplify security management and governance at scale and also enables access control to your data store.
One area that is often overlooked is education beyond the governance team. Build a communication plan for informing the organization about the data governance standards and policies. Information to be communicated usually includes:
- Rules and policies around data governance and definitions. Companies typically include this as an annual training to educate new hires and refresh existing employees’ knowledge.
- Benefits of data governance and how it will help employees make better decisions in their daily jobs
- Escalation matrix on who to contact when there are data issues or security events
- Ongoing changes to the data governance process as needed
5. Evaluate and govern
Data governance is an ongoing, evolving process. This is why SMBs should think of it as a journey, not a destination. After operationalizing the data governance policies and procedures, we recommend these steps:
- Measure and assess the effectiveness of the data governance processes, by creating reports, based on key performance indicators of specific business outcomes.
- Implement changes to the data governance process based on the assessment conducted.
- Seek feedback from end users and introduce data lifecycle improvements
How can AWS Cloud help in this process?
AWS can help you apply its technology in a wide variety of ways to transform your organization—allowing you to govern your most important assets, enable innovation, and reimagine the possibilities of what you can achieve.
With 15 years and over 1.5 million customers using its data services, AWS is one of the most experienced and trusted cloud services providers. AWS offers several services to help you with your data governance journey:
- Monitoring and audit trails
- Amazon CloudWatch collects monitoring and operational data from logs, metrics, and events.
- Amazon CloudTrail tracks user activity and API usage
- Security and data access management
- AWS Identity and Access Management helps you control access to different levels of data
- Data security and centralized governance
- Amazon Macie is a fully-managed data security and privacy service that discovers sensitive data through the power of machine learning
- AWS Lake Formation as mentioned above helps simplify security management control access
- Data integration, transformation, discovery, and preservation
- Amazon Simple Storage Service (Data Lake and Glacier)
- AWS Glue
Next steps
As SMBs seek to maximize the use of their data in a secure and cost-effective manner, we discussed and highlighted the need for executive sponsorship that will align data governance to business goals. The assignment of ownership with clearly defined responsibilities would provide the accountability required for success. Iterative implementation of data governance enables effective and timely assessment against clearly defined KPIs and metrics.
Adopting an iterative and adaptive approach will accelerate the benefits of data governance for SMBs. Let us help you develop a data governance strategy that can enable you achieve your business outcomes. Learn more about modernizing your SMB and contact an SMB expert at AWS.