In April the Ponemon Institute published a report The State of Data Security Intelligence, reporting its research into ”how organisations are using data security intelligence to assess and minimise risks to their sensitive and confidential information on-premise and in the cloud.”
One of the first questions Ponemon asked in its survey was: “With respect to your organisation’s state of data security, what keeps you up a night?”
The answer might surprise you. Hackers drew just 25 percent of total responses, ranked seventh out of 13 possible sleep deprivers. Number one was "Not knowing where sensitive data is” (64 percent) followed by “Temporary worker or contractor mistakes” (56 percent).
So the biggest problem appears to be not one of security per se, but of data governance, defined as “The overall management of the availability, usability, integrity, and security of the data employed in an enterprise.”
This topic was not even mentioned in the Ponemon report but the results of its survey clearly suggest that organisations either do not have an adequate data governance policy, or have little faith in it.
Help is available, The US based Data Governance Institute (DGI) “provides in-depth, vendor-neutral data governance best practices and guidance.”
Ten years ago it developed a data governance framework that has been employed by hundreds of organisations around the globe. Unfortunately, it does not have much of a presence in Australia.
What Australia does have, however, is the Governance Institute of Australia. It claims to be “the only independent professional association with a sole focus on whole-of-organisation governance.”
Somehow that “whole-of-organisation governance” does not seem to embrace data governance.The only mention on the institute’s web site is to a July 2015 lunchtime briefing on Privacy frameworks & information governance that promised to “use a case-studies approach to illustrate likely consequences of data governance failures, and guidance on how to best implement data governance to promote Privacy Act compliance and reduce risks to business.”
I can’t help feeling that data governance needs a higher profile in Australia. Ponemon’s figures were based on a sample of almost 50,000 IT and IT security practitioners worldwide, so there is no reason that they would not reflect a purely Australian survey.
As the promotion for a 2013 conference on data governance in the Australian public sector said: “We are experiencing increases in data volumes, changes to privacy legislation, funding pressures and demand for better usage and accessibility. With that said, good data governance is one of the most critical challenges facing all public sector agencies.”
Not just “public sector agencies”, but organisations of every kind.