Courion Corporation

Balancing Data Governance and the Need to Cut Costs

An interesting report has just been published by analyst firm Ovum, looking into the current state of data governance in light of the economic situation in the UK and globally.

The report, Data governance in a downturn, suggests that in the current climate, pressure to achieve short term and instant cost savings to meet lower capital expenditure targets is leading to companies reducing their headcount and focus around data governance. This in turn is disrupting business operations and leading to information assets being lost, stolen and under-exploited due to a lack of oversight.

Acknowledging that expenditure on data governance is often under pressure as it is viewed, inaccurately, as a cost rather than a revenue generator and investment, The report's authors point to several points of concern. These include headcount reductions that compromise a company's ability to maintain data governance, ill-considered technology cutbacks and damage to brand value because of deteriorating partner and customer relationships brought about by poor data governance.

The report and analyst comments have already achieved some notable media interest, with IT PRO in the UK and iTWire in Australia running substantial pieces about it.

As the report identified, companies that cut spending on data governance are all too often gambling with the very data they need to protect.

Failure to safeguard confidential internal and customer data can expose a company to a multitude of regulatory and legal challenges, particularly if any subsequent investigation finds that reasonable steps were not taken to safeguard such data because spending on and attention to data governance has been reduced.

This is not to say that you cannot reduce your expenditure on data governance, of course you can and many organisations have successfully done so without compromising either day-to-day governance or longer-term data compliance. This is best achieved through the considered and planned deployment of technology and services with clear objectives for efficiency and longer-term cost saving in mind. For this reason, investment in data governance cannot be reduced for short-term budget reasons alone.

Reducing capital expenditure on a whim, on both the staff and technology that manages data governance, reduces the corporate capability to not only manage data, but also to manage users and their ability to access sensitive and valuable information.

Fewer data governance resources to manage access controls will inevitably lead to a significant lag between an employee leaving a company and their email, SharePoint and other key user accounts being terminated. Restructuring a company's headcount increases the risk of disgruntled ex-employees or opportunistic ‘dustbin raiders' exploiting ‘Zombie Account' login credentials for criminal gain or the desire to create disruption. Data is at risk of being tampered with, lost or stolen, while a company's brand can be irreparably damaged by a data loss or theft.

According to the Ponemon Institute, the average total cost of a data breach ranged from £84,000 to almost £3.8 million, with an average of £47 per record compromised, illustrating that a poorly planned and executed cut in data governance resources can in fact cost far more than it saves. The cost of a data breach for financial services companies is usually 17 percent higher than other business types, at £55 per record compromised.

If you think the cost of data governance is expensive, look at the overall cost to a business of a data breach.