<a title="Click Fraud Protection" href="http://clickguardian.co.uk"><img src="http://protection.clickguardian.co.uk/nojs.php?d=helastel.com&amp;k=N15i7ILUrfW3k" alt="Google Click Fraud">

Overcoming the CIO’s dilemma: data protection or business agility?

Find me on:
Ian Guerit
Agility Banner H.jpg

If you’re a CIO, one of your biggest challenges will be balancing the need to control and secure your business’s data with the need to use it to underpin and enhance your products, services and customer experiences.

The multi-million-pound dilemma

On the one hand, with GDPR and its threat of multi-million-pound fines now in effect, the security-conscious might try to put up barriers, restricting the use of customer data as much as possible. But on the other hand, customer data can hold the key to better customer service, better products and services – and the ability to respond faster to ever-changing market conditions. Businesses, understandably, see the commercial opportunities and want to make maximum use of this incredibly valuable asset.

As guardians of the data, how do CIOs and their IT departments marry these two, seemingly conflicting, needs? How do you make sure you’re genuinely empowering the business with the data it requires, while simultaneously safeguarding it against massive financial and reputational risks?

The key is to get proper control of your data as it comes into, moves through and leaves your business. This means understanding and managing what data you have, where it’s held, how you’re allowed to use it, which business processes are currently using it, and how they’re using it. Let’s explore these areas in a bit more depth.

Get a business-wide overview of your data

The first challenge is typically the silo problem: organisations hold data in lots of different systems for specific purposes. Eliminating these silos of information is usually unrealistic: you’ll have bought each system because it’s best-in-class at what it does, and don’t want to be asking certain parts of your business to make compromises by switching to inferior or unsuitable applications.

Instead, you need some kind of overlay that joins up business processes and the data in these disparate systems, enabling them to share information and keep everything up to date in the most business-efficient manner. That way, for example, a change in one system can automatically be recognised and reflected in the business process that links those other systems.

Understand and control access permissions

The next thing you need to be able to understand and define is what you’re allowed to do with each piece of data. Who can view the data? Can it be edited and, if so, by whom? Can it be used for marketing or publicity purposes? Can it be combined with other data and used for a different business process? How long can you keep it for? And who is responsible for it?

If data is to be a true business enabler, you need a centralised, business-wide view of this potentially very complex permissions landscape. This will ensure, for example, that when someone in the organisation asks for access to a particular customer attribute to underpin a new service, you can quickly and accurately determine a) whether you have that data and b) whether you’re allowed to use it for the intended purpose.

As a result, IT, as the data guardians, will be able to respond fast, empowering the business by accelerating development of the new service.

Where and how data is used

The other crucial requirement is that you can see and control where in your organisation each piece of data is currently being used, what for and who by. This requires you to model and manage your business processes in a way that gives you easy visibility and control over these areas.

So where the above centralised view of your data enables you to quickly identify what information you have and what you can potentially use it for, the centralised, data-centric view of your processes gives you a real-time understanding of where and how that data is actually being used, and by whom.

This live process overview and control is crucial for compliance and audit purposes. For example, if a new regulation comes in regarding certain types of data, you won’t need to spend months of trial-and-error making sure you’ve identified every process in your business that uses the data in question (and inevitably missing one somewhere, because someone is still using their own spreadsheet). Instead, you’ll be able to confidently pinpoint exactly which processes will be affected and centrally amend them to be compliant.

Intelligent business process management software

Put together, the data- and process-control capabilities we’ve outlined deliver the ideal business scenario of a quick and easy overview of business processes along with control of access to data in an appropriately governed way.

Making this possible requires specialised intelligent business process management software, or iBPMS. As we hinted at earlier, iBPMS doesn’t necessarily replace your existing data-handling and execution systems. Instead, it adds a layer that ties them together and provides an enterprise-wide level of process management, data governance and business-empowerment that’s impossible when you operate numerous siloed systems.

iBPMS is now a mature area of enterprise technology, with products available from the likes of Pega, TIBCO Software, Appian, Bizagi, IBM and Oracle, as well as Helastel’s own Intelastel suite. Intelastel is designed to be flexible and easily configurable with minimum coding, thereby avoiding the sometimes-lengthy coding processes associated with implementing more traditional software solutions.

The best of both worlds

So if you’re a CIO or IT director faced with the multi-million-pound dilemma of data use versus data protection, iBPMS could well be your answer. Putting this kind of capability in place can simultaneously safeguard your critical data, enable you to manage its use within your critical business processes and consequently empower your organisation to squeeze every last drop of value out of this important asset.

Topics: Agile, Security, data management, Compliance, Information Governance, IT Manager, data security, Business Process

Why not try these ones next?