cherezoff - stock.adobe.com

How APAC firms can tame the data beast

Companies and data management experts across Asia-Pacific reveal how they are tackling data management challenges that have been compounded by growing cloud usage and compliance requirements

This article can also be found in the Premium Editorial Download: CW Asia-Pacific: CW APAC: Expert advice on data management

At MinterEllison, years of inattention to data had created a deep web of inaccuracies across its data landscape. And with no central oversight of its data, the Australia-based legal and consulting firm did not have strong enterprise definitions of its data, which affected its ability to leverage shared insights.

Also, the firm’s data was strewn across internal infrastructure, public cloud, private cloud and various software-as-a-service providers, which were not always connected, inevitably allowing data silos to flourish and the issue of data duplication to compound.

These challenges are common to many enterprises. According to a global Veritas study conducted by Vanson Bourne, organisations reported losing as much as $2m a year because of their inability to manage data on a day-to-day basis. On average, employees lose two hours a day searching for data, resulting in a 16% drop in workforce efficiency.

Howard Fyffe, managing director of Veritas in Australia and New Zealand, said Australian firms have been more affected by data management woes than others. Pointing to Australia’s high cloud usage, he said enterprises in the country have been struggling to maintain visibility and control of data that resides in multiple locations.

Add to that is Australia’s recent data breach notification regime, which requires organisations to report data breaches to the authorities. When faced with such compliance requirements, Australian firms could face challenges in finding the right data that needs to be reported, said Fyffe.

Gary Adler, chief digital officer at MinterEllison, said that with an explosion of data in all areas, it has become a challenge to find the right data for the right purpose, and to do so in a timely way.

“Although we have various search tools, we also have compliance and regulatory challenges, which by its nature means that some data needs to be further locked down, leading to an insufficient or inaccurate data search,” he said.

Singapore’s MyRepublic, a regional mobile and fibre broadband service provider, is wrestling with similar challenges. The city-state’s Personal Data Protection Act (PDPA), which will soon include a data breach notification rule, requires organisations to properly obtain, use and secure personal data under their care.

“The key challenge for us is to ensure data protection in the organisation, particularly pertaining to personally identifiable data,” said Eugene Yeo, group CIO of MyRepublic.

“As strong data privacy regulations such as PDPA come into force with the onset of a string of data breaches happening across the world, the onus is on companies to establish and maintain strong protocols and control measures to protect the privacy of their customers and stakeholders.”

Yeo’s other challenge is to ensure that his organisation, as a whole, understands the company’s data objectives and strategies, and to provide a clear framework in terms of accessing, using, modifying and removing data.

Best practices

Addressing data management challenges will require a review of people, process and technology controls to ensure sufficient management of the data lifecycle, according to John Ho-Chi, partner for advisory services at Ernst & Young.

“Every business should go back to the basics to evaluate, streamline and standardise their data processes and procedures, to identify the data quality and cyber security gaps,” he said. This review process is invaluable in helping organisations develop a strong data governance framework, he added.

MinterEllison, for one, has created a data governance strategy and operational framework to guide how issues of data quality and definitions are managed, said the company’s Adler.

The framework covers overarching principles, defined data ownership of the organisation’s data entities, plus the stipulation of a data governance authority and how this is supported by data stewards among business users and data custodians among technical staff.

Read more about data management in APAC

MinterEllison has also invested in centralised data analytics capabilities, initially centred on data warehousing and business intelligence to deliver insights to the business. Adler said this involves building a trusted, centralised source of truth for corporate data, as well as signification investments in a data visualisation platform that supports user and security requirements.

At the same time, MinterEllison has created an information and data security strategy as part of its “total data management approach” to mitigate risks related to how data is accessed, managed and stored.

This is in line with Ho-Chi’s recommendation that organisations develop a strong data protection programme to prevent, detect and respond to data privacy issues.

“Organisations should adopt privacy and security by design by leveraging new technology, he said. “This will require process and information owners to take responsibility for data protection and regulatory compliance.”

For MyRepublic, the ISO 27001 standard provided a strong foundation for building a data security framework. Yeo said the rigorous certification process enabled the company to conduct a full review of its control measures and governance in order to improve its overall data security posture.

“We are now looking at combining the principles and requirements of these standards, including the General Data Protection Regulation, into our data security and management framework,” he said.

Roles and responsibilities

But who should be responsible for managing data management challenges and what roles do employers and workers play? The simple answer is: everyone.

“We are all working in data-driven environments today,” said Chris Gondek, principal architect at Commvault. “A healthy data culture needs to be set at the executive boardroom level across all areas of business to address ever-evolving business needs. This falls into two categories of data: external and internal.”

Dealing with external data requires training each employee to be wary of cyber attacks, to identify what constitutes a fake email or phishing attack, and ensure that best practices around security are followed, such as enforcing strong passwords, locking unattended devices and secure browsing.

“Internally, information systems and enterprise data must be managed appropriately by senior IT executives and technology teams, as well as staff,” said Gondek. “Some organisations may appoint a chief data officer to work with the CIO on understanding governance and compliance.”

MinterEllison recently hired a head of data and analytics and will build a centre of excellence around this role overseen by its chief operating officer, chief digital officer and chief financial officer.

Data stewards in each of the functional areas are also responsible for their own data and serve as the bridge between functional groups and business owners of enterprise systems, under the guidance of the head of data and analytics.

Is DataOps the answer?

Some enterprises are looking at data operations, or DataOps, to alleviate their data management woes.

DataOps started as a set of best practices and is an emerging discipline that brings together DevOps teams with data engineers and data scientists to speed up data analysis using tools, processes and organisational structures.

Similar to other disciplines, the use of DataOps will vary by industries. According to Ho-Chi, those that depend heavily on the quality of their data and operate in dynamic markets are already adopting agile methodologies and DevOps, and are in various stages of DataOps adoption.

But Commvault’s Gondek noted that DataOps is still in the nascent stages of being adopted globally, not just in Asia-Pacific.

Central to DataOps is the need to align people, processes and technology around the flow of data, but many businesses remain unclear about how to implement this or are unconvinced of its potential benefits, he said.

“There needs to be one or two high-profile stories of how DataOps has led to positive change before business leaders will start make appropriate decisions,” said Gondek. “We see this in the form of ‘DataOps-as-a-service’, which claims to alleviate data management challenges.”

One problem lies in the definition of what data management challenges are, he said.

“Data management is a broad term encompassing different disciplines, such as data protection and recovery, data archiving, data replication, data analytics and data cleansing – the list goes on,” said Gondek. “Given how broad the definition is, DataOps will only address a small portion of data management challenges.”

Read more on Data quality management and governance