What's Involved in Risk Assessment?

When it comes to your data, there is no single magic bullet that can protect you from every scenario. But you can improve your overall data health by taking a closer look at the three aspects of data risk: sources, security and compliance.

Start with: Is Your Data Safe? How to Assess Your Data Risk - Part 1

Data Sources

Understanding both the quality of individual sources and the quality of your data mapping is key to assessing your risk. When we talk about data sources, we have to consider not only where data comes from, but how it enters our systems. For example, it's probably safe to assume that the lead list you purchased from a vendor isn't as accurate or up-to-date as the list of leads you captured from a recent, targeted, double-opt-in campaign.

But even if you could 100% trust the accuracy of every record from every source — including manual entry by salespeople, submissions from any range of online forms, engagements within products or mobile apps and shared data from partners or parent companies — you would still be looking at a multiplicity of fields, standards and definitions across sources. One source may require a country code in the phone number field, while another does not. One source may have a single name field, while all the others break out first and last names.

Getting these sources to all speak the same language can be a challenge in and of itself, but it is well worth the time and consideration. Fortunately, there are technologies available that will automate data quality as part of the data integration process, so you can avoid risk with the steep time investment of manual data correction. Also, the industry is beginning to recognize the importance of swiftly identifying data's integrity — 95% of executives agree there should be cross industry standard metrics to assess the quality of enterprise data.

Data Security

If all your data were collected in a single Excel spreadsheet, it would be pretty easy to assign a person or two to watch over that data, to keep it secure and to validate it, line by line. But that's not the world we live in. In fact, less than half of enterprise executives report delivering data accuracy, consistency, accessibility or completeness as "very good."

This data disorder is created by a landscape of data infrastructures composed of a complex network of interconnected programs and platforms. There are obviously tools that specialize in connecting systems and ingesting data into a repository. And some businesses have success just doing that — but are they really getting a true sense of data health? Would they even know if they had data quality issues?

The first step of data security is securely connecting to our data sources, ingesting the data and performing that first pass of data quality checks to ensure that we're getting the right data in the right fields. Next, data profiling technology can help us make sure that phone numbers look like phone numbers, and emails look like emails, and so on, so we can feel safe that we haven't mis-categorized sensitive information. Some profiling technologies may even be able to automate resolution for common data errors.

After that, it's time for people to get involved, so the data experts can manually correct, reconcile and validate any records that cannot be confidently evaluated by the automated data quality tools. Proper processes and workflows need to be in place so that the right people can look at it in a formal way. This will require technology for data inventory, data stewardship and data preparation.

Compliance

Good intentions — even good intentions backed by good technology — can only take you so far. A recent study by the UK Information Commissioner's Office (ICO) discovered that up to 90% of data breaches can be traced back to human error. Believe it or not, this is good news — back in 2015, IBM reported that a full 95% of data breaches were caused by human error.

Technology can help here by providing a centralized infrastructure for managing and ensuring compliance across the organization. These products allow you to establish clear access protocols and permissions that will protect your data, without creating false barriers to access that might make people less effective at their jobs. They also make it possible to automate the classification of data through semantic types and build a well-defined business glossary, so that everyone is speaking the same business language when it comes to their data.

Protecting Yourself from Risk

Your data is too important to leave anything to chance. It will take a balance of people and processes, supported by the right technology and automation, for you to keep up with the never-ending flow of data through your company. In a perfect world, we would all have top-of-the-line security solutions and 100% compliance with every piece of advice from the IT team. But, even in this imperfect world, we can make significant progress.

If you're getting ready to make a change, start small: make sure that your data is standardized, cleansed and adheres to whatever standards you have. Solving the problem of compromised data sources will have a ripple effect throughout the organization, making everyone more effective and efficient, and freeing up resources to devote to larger data issues.