Data and Analytics Risks for 2019
Predictions for 2019 started a while ago. Personally, I would rather just be surprised. I do wonder though, does anyone go back and say, “Hey, you were totally off base”? I read an article on Gartner’s predictions for 2019, identifying the risks around data and analytics, and why chief audit executives (CAEs) can be in the hot seat with their boards, audit committees, and executives. Despite my abhorrence of predictions, Gartner brought up some good points, but they were mostly items that CAEs should be doing anyway. Nothing earth shattering. So what did they come up with? Data governance, data privacy, and third parties.
Regarding data governance, only 37 percent of the CAEs interviewed have a formal data governance framework. They recommend, “first creating an inventory of data assets across the business and establishing a data classification policy.” It just so happens that is exactly what we recommend. Bear with me with all the links, this isn’t a sales pitch – I’m just providing examples of how our clients do exactly what Gartner’s survey findings recommend.
We call it content optimization and file analytics, and consider it a prerequisite for migration. Using our conceptClassifier platform, all content, regardless of where it resides, will be classified to one or more taxonomies with automatically generated multi-term metadata. By the by, the technology is still unique – that was a sales pitch. The end result is a taxonomy populated with phrases, subjects, topics, and concepts. Supplied with a user-friendly, interactive interface, it’s all easily managed. As a side note, this is a great way to clean up your file shares. The technology will also identify inter and intra related content, if they share the same theme.
Let’s tackle data privacy. I think data privacy has been hammered into our heads for the past few years. According to Gartner, not enough it seems, “More than half of companies affected by General Data Protection Regulation (GDPR) will not be in full compliance with it by the end of 2018.” Considering those impacted by GDPR, it would be interesting to know the real number of organizations that don’t protect privacy or sensitive information. We supply 80 rules for identifying data privacy vulnerabilities. But you can also create your own search terms – remember, you can use multi-term phrases. So, you’re not stuck with your typical regular expressions that most vendors provide. This functionality also works in real time, so potential breaches are identified as they happen.
Now, what I consider the biggie, third parties. Here’s what Gartner has to say about these, “Nearly 70 percent of CAEs report third-party risk (or fourth, fifth, etc.) as one of their top concerns, but many organizations still struggle to account for and manage it.” This topic is interesting as the internal user, who is sharing information, is also culpable. You already know what’s coming. Of course, we have a solution. We do a lot of government sales and they are focused on security. From an internal perspective, we do provide secure collaboration.
Exactly what does that mean? A couple of years ago we had a government entity that used several subcontractors. For the project, it wanted each contractor to have access to only the information that was applicable to them, as they were also competitors. Since our solution can extract specific content based on our selection criteria, it was able to secure portions of the project documentation and plan, to ensure each contractor saw only content pertinent to them.
Back to the end user. Your organization must dot its i’s and cross its t’s, meaning the security on content must be in place, as well as user access. Gartner recommends, “Internal audit teams can help by evaluating third-party contracts and compliance efforts, as well as investigating regulatory requirements for third-party data handling.” That’s all well and good, but organizations must first be responsible for internal due diligence.
What do you think of these predictions? Certainly not astounding. If you aren’t addressing these issues, I wouldn’t wait until 2019. I think I would get started now.