CIO role could shift toward data quality, says IBM group

By Marcia Savage, Features Editor, Information Security magazine 09 Jul 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Data will be treated as an asset on the corporate balance sheet, and in some countries data governance will become a regulatory requirement.

Looking operationally at the quality of information and the probability of risk in our systems and using those metrics for decision making is imperative. Steven Adler, chairman, IBM Data Governance Council

Those are among the predictions released this week by the IBM Data Governance Council, a group of 50 IBM customers and partners, including Bank of America Corp., Citibank and American Express Co.

The group also predicts that over the next four years CIOs will become responsible for reporting on data quality, and calculating risk will shift from a specialized task by risk officers to an automated IT function.

The predictions are intended to stress the importance of data governance and how critical it is that organizations invest in an ongoing process for controlling mountains of data, said Steven Adler, chairman of the council and director of IBM's data governance products.

"We've all been watching the subprime credit crisis as it unravels," he said. "One thing we should probably learn from that experience is that transparency is really important. ... Looking operationally at the quality of information and the probability of risk in our systems and using those metrics for decision making is imperative."

The subprime mortgage debacle, fueled by fraudulent data and a lack of enterprise risk management, illustrates a systemic problem, Adler said. Data governance requires a systemic approach -- one that the CIO could take charge of by leading a corporate council, he added.

Financial institutions in countries where central banks are helping them comply with regulations such as Basel II expect data governance to become a regulatory requirement, he said.

SearchSecurity radio:

One of the biggest risks to organizations is "bad data quality," Adler said. Enterprise managers often look at reports, dashboards and other information sources but unless they're extremely close to the data, they have no way of judging its quality. "The poor quality poses risks to the organization and people need to calculate that risk. These are really big organizational challenges because we have so much information," he said.

Rob Karel, principal analyst at Forrester Research Inc., said the IBM council's predictions could pan out long term. "It's the direction we see data governance moving."

However, he added that very few organizations have implemented enterprise-wide data governance. "It's still pretty immature, poorly adopted and poorly understood," he said.

In some respects, SOX already has some data governance requirements, but it's just not clear what those requirements are, Karel said. Certain types of data in the U.S. and the European Union already fall under regulations that call for data governance, he added. "I don't expect generic data governance requirements. They will be specific to certain types of data."

Data governance, which he defines as the process by which an organization formalizes a fiduciary duty for management of data assets critical to its success, offers a lot of opportunities. Any data management initiative, such as data warehousing, will benefit from ensuring data quality.

"Data governance can allow your existing investment in data management technology to actually return the value you've planned," he said.

The IBM Data Governance Council plans to develop an information governance framework based on its existing data governance maturity model. Adler said the council is inviting other organizations to help develop the framework, which will define standards and best practices.

Tags: Enterprise Risk Management: Metrics and Assessments,  Business Management: Security Support and Executive Communications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise Risk Management: Metrics and Assessments How to avoid Internet liability lawsuits Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way Bernie Rominski: Communicate Effectively with Management about Risk Best Policy and Risk Management Products Monitoring program data and internal controls for risk management Risk management strategy for an information technology solution provider Align your data protection efforts with GRC The basics of enterprise GRC project management RSA council addresses growing security risks in the cloud How to write a risk methodology that blends business, security needs Enterprise Risk Management: Metrics and Assessments Research Business Management: Security Support and Executive Communications Aligning network security with business priorities RSA council addresses growing security risks in the cloud How to write a risk methodology that blends business, security needs Risk management must include physical-logical security convergence New partnerships, creative thinking help security bust recession How to align an information security framework to your business model Service-focused security offers best value to organization Cybersecurity Act of 2009: Power grab, or necessary step? Information security skills must include communication, expert says Mimic the IBM approach to security at RSA

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary security  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary