Using Varonis: Why Data Owners?

November 30, 2012

by Brian Vecci

(This one entry in a series of posts about the Varonis Operational Plan – a clear path to data governance.  You can find the whole series here.)

Data Owners

One of my first jobs in IT was on the help desk for a medium-sized company. A big part of my job was provisioning access. If your company has shared data (and what organization doesn’t?), the words “I need access to this folder” are probably very familiar to you.

There are countless reasons for modifying access controls: new hires, consultants, role changes, temporary projects, cross-functional teams, terminations, department restructuring, M&A – the list goes on.  Coordinating who has access to which data has—detrimentally—became a core responsibility of IT.

Let’s peak inside a typical permissions conversation between an end-user and the help desk:

User (to the Help Desk): I need access to a folder in the S: drive, can you help?
Help Desk: Of course. Can you tell me which folder?
User: The folder is called FYQ3-docs. I need access for the next few weeks.
Help Desk: Do you know who manages the folder? To make this change we need an approval.
User: My boss asked me to get access. I can forward you the email?
Help Desk: Sure, that will be good enough.

Look familiar?

In some organizations, this process may be a little more complicated, a little more automated, or both, but in general the process follows this workflow: access is requested by a user, approved by that user’s manager, and provisioned by someone in IT.

That’s the way it’s been done for years, and it works great, right?  Well, not really.  This ostensibly innocent access provisioning workflow can be the seed for the most costly data breaches an organization will ever face.

The wrong people

In this example, the user’s manager is the one providing the approval. That person may not be, and in fact usually isn’t, the person who should be making this decision. The data itself is a businessasset, so access to that data is a business decision. That means that the owner of that asset—i.e., the data owner—should be the one making the decision.

Imagine if access to a financial account worked the same way as access to a shared folder—managers would be able to get access for their team without the actual budget owner having any idea about it.  Madness!

Organizations that have an excellent grasp on data ownership and information governance have not only figured out a way to ensure approval is granted by the right person, but they’ve factored the help desk out of the equation completely, freeing up precious resources.

A recent article on the Harvard Business Review blog states:

Different kinds of assets, people, capital, technology, and data demand different kinds of management. You don’t manage people assets the same way you manage capital assets. Nor should you manage data assets in the same way you manage technology assets. This may be the most fundamental reason for moving responsibility for data out of IT.”

Let’s now re-envision the access provisioning scenario:

  • User fills out a web form describing which data she needs access to, why, and for how long.
  • Request gets automatically routed to the business person in the organization who is best equipped to approve the request – i.e., the data owner.
  • Data owner approves or denies the request by clicking a button.

Much better!  The access request is fulfilled by the correct person without involved the requestor’s manager or IT.

Easier said than done

The hard part here, and the reason things have traditionally worked this way, is that when it comes to shared data, we don’t have a good way of figuring out who the actual owner is. IT may have some idea based on group access—if there’s a single group that grants access to a folder, you may be able to figure out the director or manager of that group, for instance. But what happens if data is open to two or three different teams? What about data open to everyone? Identifying and aligning owners is extraordinarily difficult if you rely on traditional methods.

With Varonis, there’s a much better way. Because DatAdvantage is constantly gathering a complete audit record, we can use aggregate access activity to identify likely owners. If the three or four most active users of a folder all report to the same person, it’s highly likely that person is the true data owner. At worst, you’re one phone call away from knowing.

By identifying business owners of data, IT can take the first step toward shifting the burden to the teams who have the right context (and often authority) to be making decisions about access. One challenge with this approach is figuring out which folders actually need owners, something I’ll talk about in the next post.

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

The Predictive Analytics Revolution- Are you sitting on the sidelines?

October 18, 2012

Predictive analytics (or Big Data) is here to stay. You may not understand it. You may not believe that it really works. But the reality is this: your competitors (and it may be just one or two of them) are using predictive analytics to chew up market space as you remain on the sidelines.

Don’t believe me? Consider the retail space. Who is the undisputed king of retail? That’s right, Wal-Mart. What’s their secret? What has given them the edge for so many years over their competitors? Data analysis. They live and die by data and have been for decades. Wal-Mart knows their customer data better than anyone and have the market share to prove it.

Recently the Dollar stores took on Wal-Mart by providing cheaper supplies like toiletries and medicine. Their strategy started to see some success and Wal-Mart even started to lose market share. But the retail giant went back to their data for a solution. The data said that many Wal-Mart customers started pinching pennies at the end of each month and needed a few basic items to get them over until payday. The solution, stocking shelves with thousands of items under $1 at the end of each month. Customers lured to the Dollar stores for such items were back in the Wal-Mart fold.

Target has also jumped into the game with their own consumer analytics program. The most famous example is how they used in-store data to pick out pregnant women through their shopping habits. They used this information to send marketing material promoting baby products. It worked…almost too well.

Wal-Mart, Target, and online stores like Amazon have forced everyone in this market make a decision, if you want to compete in retail you had better jump into the data science and predictive analytics game or a going-out-of-business-sale is in your near future. Sitting on the sidelines is not an option.

This isn’t isolated to just retail. There are stories everyday in the news about companies in a variety of markets taking a second look at their data and finding a treasure trove of valuable information.

Despite the hype and the proof that predictive analytics can give companies a competitive edge, the sidelines are full of businesses that are still not sure about getting in the game.

The New York Times reported that a handful of universities are using their data and predictive analytics to help them find students who are about to drop out of school. These schools know that higher enrollment means more money. These early adopters are reaping the benefits and aren’t afraid to tell everyone. Why? The vast majority of their competitors haven’t given this type of data analysis a second thought. Just like the example above, a few colleges will charge ahead and reap the benefits of higher enrollment while other universities…sit on the sidelines.

You can find the same thing in the health care industry. The Wall Street Journal published an article by Dr. Marty Makary of Johns Hopkins pleading with hospitals to make better use of their data to save lives. You can almost hear the frustration in his voice when he writes, “Medical mistakes kill enough people each week to fill four jumbo jets.” Even though there are 98,000 deaths due to medical errors in the United State, most hospitals and medical facilities are slow to adapt any type of data analytics.

A few forward thinking hospitals and health care facilities will see the opportunity and do what Dr. Makary suggests. Using the data visualization and predictive analytics, the trend setters have improved patient care, are keeping costs down – and most importantly – saving lives in the process. But just like the universities, the majority of hospital will remain on the sidelines. (I hope I can take my family to the forward thinking hospital!)

Why are so many still sitting on the sidelines?

The Harvard Business Review may have the answer. In an an eye opening survey they reveal the source of the bottleneck. (I highly recommend reading this entire study.) The study shows that the hype and awareness about data analytics is at an all time high.

According to the survey, a vast majority of companies are planning Big Data initiatives:

  • 85% of organizations reported that they have Big Data initiatives planned or in progress.
  • 70% report that these initiatives are enterprise-driven.
  • 85% of the initiatives are sponsored by a C-level executive or the head of a line of business.
  • 75% expect an impact across multiple lines of business.
  • 80% believe that initiatives will cross multiple lines of business or functions.

But here is where the rubber meets the road. HBR reports that:

  • Only 15% of respondents ranked their access to data today as adequate or world-class.
  • Only 21% of respondents ranked their analytic capabilities as adequate or world-class.
  • Only 17% of respondents ranked their ability to use data and analytics to transform their business as more than more than adequate or world-class.

The majority of companies are on the sidelines because they think they can’t readily access the data they have, they don’t have in house tools or talent to analyze it and don’t have the ability to put the data to use anyway. In other words, they don’t think their data is good enough.

Don’t let this kind of thinking keep you on the sidelines. I talk to business owners everyday who think they don’t have enough data for predictive analytics or even just analytics. Most of time, just the opposite is true. Many of our clients were pleasantly surprised when we told them they had more than enough data to jump into the game.

Don’t be one of crowd still sitting on the sidelines. Be one of those early adopters in your market space that uses predictive analytics to jump ahead of the competition. Would you like to learn more?

Thanks to http://blog.canworksmart.com/predictive-analytics/the-predictive-analytics-revolution/?buffer_share=e125e

 

Leave a Comment » | Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 753 other followers