IT Governance for Today and Tomorrow: Minimum Viable Principles

Introduction

The traditional one-size-fits-all approach to IT governance, particularly in relation to data, is becoming increasingly unsustainable in the flexible, Agile/DevOps/AI-driven IT landscape. The complexity and rigidity of the traditional approach, despite its origins in necessary standards and principles, can be counterproductive if it gets in the way of business efficiency or restrains innovation and agility.

In the data-rich world of today, we need a much more streamlined approach to IT data governance where just enough control is applied in any given context to avoid undermining agility and speed. The adoption of AI/ML technologies fed by high-speed, high-scale enterprise data flows and the move to put more advanced real-time analytics into the hands of frontline workers make the requirement for agile, automated IT data governance essential.

Balancing Security and Flexibility

The concept of Minimum Viable IT Data Governance (MVITDG) is emerging as a more streamlined approach. By balancing the extremes of heavy-handed data-usage constraints and unbridled freedom, such a streamlined approach to IT data governance aims to ensure ‘just enough’ security, privacy, and other policy controls are applied, but no more on a case-by-case basis. One size does not fit all.

From a business perspective, strategic imperatives can be met with the quickest time-to-value, while ensuring risks are adequately managed and human resources are used efficiently by minimising otherwise unproductive time and effort.

Technology Maturity and Streamlined IT Data Governance

The move towards flexible, context-sensitive IT data governance has been facilitated by the advances in recent years in a range of technology capabilities. These range from advances in data discovery, data cataloguing, and, particularly important, data classification. All of these have one capability in common, and that is the ability of the tools to automate, at least to a very large degree, tasks that even recently would have required significant, potentially prohibitive, amounts of expensive human effort.

In addition, IT solutions have also expanded their capabilities to store important metadata with the data to provide more information to metadata management and data governance engines. On top of this, there have also been significant advances in the tools that automate policy enforcement, which brings us to the core of IT data governance, namely the policies that control how data is used and protected over its lifecycle.

The Need for Shift-Left Thinking in IT Data Governance

Moving towards such a flexible approach to IT data governance places great importance on the policies that manage data usage throughout the changing requirements likely over its lifetime as business use cases vary. This will make it essential that we adopt a shift-left strategy in IT data governance. Such an approach embeds governance early in the data lifecycle, tackling potential issues at their origin to enhance data integrity and reduce downstream complications in data usage.

Shift-left is all about proactively ensuring effective data lifecycle usage and management. Introducing governance practices at data creation or ingestion minimises risks to better align data usage with business and regulatory needs efficiently. Building on the tools already mentioned, such as data cataloguing, metadata management, and automated policy enforcement, it can establish the identification, understanding, and compliance of data usage across the organisation.

People, Process, and Cultural Shifts

A successful shift-left approach necessarily transcends technology, potentially requiring material cultural changes within the organisation. It emphasises the delegation of responsibility, open communication, and comprehensive training to embed data governance into the routine operational fabric of data usage. Overcoming resistance to change is crucial, requiring efforts to secure buy-in from all levels. There is likely to be a need to demonstrate data governance as a strategic advantage for business agility and innovation.

Conclusion

Adopting Minimum Viable IT Data Governance (MVITDG) with a shift-left strategy will enable flexible, yet secure data management and business use. This approach will allow the proactive management of data, balancing the need for innovation with just the minimum of necessary control. A shift-left methodology as part of a business culture that embraces change can ensure data governance acts as a secure growth catalyst, not a brake, aligning with the digital transformation goals of modern businesses.