The data management challenges facing today’s businesses stem from the way that IT systems have evolved. Enterprise data is frequently held in disparate applications across multiple departments and geographies. The confusion caused by this disjointed network of applications leads to poor customer service, redundant marketing campaigns, inaccurate product shipments and, ultimately, a higher cost of doing business. Add to that a sense of unrest and poor communication between departments regarding data quality and you’re at a standstill. Hear Tony Fisher discuss IT’s role in compliance.

How does one reconcile dealing with data that affects, to varying levels, multiple departments and facets of a corporation? More importantly, who will be responsible for turning a fragmented, disorganized data-driven chaos into a clean, manageable boon for efficiency? Will it be the infrastructural/technology management wizards in IT? Or perhaps the business/finance managers or analysts who use customer and product data in every aspect of their jobs and therefore must ensure that it’s of a certain quality? Well, unfortunately, recent trends show that there is a lot of uncertainty about who is, in fact, ultimately responsible.

The debate – is data quality an IT or a business problem? – has raged on for years. Proponents of IT data management argue that only technology-savvy overseers are capable of handling customer, product and master data; only they have the knowledge and expertise to govern data round-the-clock. Some IT executives themselves, however, will contend that they a) don’t have time to manage an entire company’s data, and b) shouldn’t have to clean up the business side’s messes.

Business executives are often eager to take control because data is essential to their day-to-day operations (and not necessarily so important for IT). These staff members can be frustrated that another department is pulling the strings on how quickly data can be integrated, cleaned and amalgamated to provide reporting and analysis. Nonetheless, the business side has a problem, too. They can’t single-handedly manage enterprise-wide data, which can lead to a fragmented, confused view of the organization.

Regardless, now that we’re on the brink of a recession – and wasting money on customer outreach and product management is the last thing executives want to do – it’s time we put an end to this confusion. The answer is simple: both IT and business sides are responsible for ensuring data quality. How does that work? Well, if IT and business haven’t been working together in the past, the best option is to bring in a referee. A referee, in this case, is known as a “data steward.”

Data stewards can help a company make significant gains in managing the data. Simply put, data stewards are people trained to exclusively handle the middle ground between IT and business – they are technically savvy individuals who understand the corporate goals for the department, division or enterprise. The role of a data steward is to govern customer, product, supplier and metadata across various silos, back-end and front-end systems and departments. They’re a solution to the IT vs. business debate because they’re neutral and can see both sides of the equations.

Conflicts in communication between IT and business departments will only be resolved if a data steward understands what both sides are aiming for and makes a constituted effort to appeal to them on an equal level. Here are some factors to consider when hiring a data steward to keep your information high quality and fit for purpose:

• Data stewards must not only possess strong technical acumen, but they must have a great understanding of how data affects an organization and the people skills to get the necessary results. A good data steward has often held positions – or at least “dotted line” responsibilities – with both groups.

• A key element to any data stewardship program is creating a culture where making and maintaining high quality data is a core discipline of the organization. People naturally support a program because they see a benefit, rather than supporting a program out of a sense of duty. Data stewards must accurately convey the real benefits of improved data quality – and help business and IT employees understand the impact of bad data.

• The best data stewards typically begin a new project by holding a meeting with key stakeholders and departments to discuss objectives and business drivers. The drivers could include the need to better cross-sell to its customer base or to have greater visibility into the organization’s product portfolio. This dialogue must be ongoing – data stewards frequently relay successes or failures, always linking these back to the effect on the business.

• Data stewards also make sure key executives are aligned with project ideals. People are more likely to commit to a project when they realize that the boss is on board. Having executive support instantly lends credibility to the data steward’s mission.

If your company’s data steward is competent in all of the above areas and yet still cannot get IT and finance to work together and communicate effectively when it comes to data responsibility, more measures must be taken. Typically, top management must outline the accountability of both departments in the ultimate success or failure of data management.

One of the best examples of this comes from a large high-tech manufacturing company that embarked on an immense internal data quality project. Rather than task its data stewards to create arbitrary standards for data quality, the company created service-level agreements (SLAs) between the IT and business groups. These agreements held both parties responsible. Business units created rules for monitoring the quality of corporate information; IT committed to a specific level of quality.

The SLAs included information about what metrics the data stewards would track and what thresholds were acceptable for different data points. The interplay between business and IT utilized the strength of each group. The business users were responsible for creating a blueprint of good data. The IT group, along with the data stewards, then enacted the data quality and data integration rules to make that a reality.

After an initial clean-up phase, the data stewards encapsulated the rules provided by the business users to create monitoring rules. These rules would scan incoming data in real time and fire system notifications or emails when data did not meet expectations. With this method, data quality problems were found farther upstream, before bad data could impact operations.

Savvy data stewards know that even the best technology in the world, although obviously helpful, isn’t enough to ensure smooth data management. In the end, the integrity of a company’s data hinges on the integrity of its employees’ maintenance practices. Enabling an environment conducive to respect and cooperation can go a long way in effecting quality data that drives quality business decisions.

About Tony Fisher: Tony Fisher joined DataFlux as president and general manager in 2000. In his years at DataFlux, he has guided the company through tremendous growth as DataFlux became a market-leading provider of data quality and data integration solutions. Prior to DataFlux, he was the director of data warehouse technology at SAS. Tony was a key technology leader at SAS, providing the engineering research and development direction that helped make SAS the market leader in business intelligence software. Tony is a native of North Carolina and earned a degree in computer science and mathematics from Duke University.

Photograph courtesy TurboPhoto.

Image courtesy of IconDrawer.

The key is to understand both what the company needs and the ramifications of moving to an IP-based system. For some companies, the need is a no-brainer: For instance, VoIP is undeniably an asset to a highly mobile organizations in which getting the right information quickly to the right person can spell the difference between success and failure. Companies also must look at competitors: In some cases, organizations lose ground by standing pat.

In other cases, companies simply wouldn’t realize enough benefits from a transition to VoIP to make it worthwhile. Perhaps an academic publisher can do without VoIP. The emphasis today is on features and applications, not cost. At the beginning of the VoIP era, the differences in pricing between standard and VoIP services was a big deal. This is less a factor today because traditional phone companies have cut their prices to the bone in order to stay competitive.

There also is an added element of risk. Having discreet voice and data networks is expensive and can be seen as wasteful now that quality is good enough and it is feasible to squeeze everything onto one network. But there is a significant advantage: A dual network lets the company keep communicating with the outside world even if one network fails. In a consolidated network, a company risks losing all communications if a problem arises. The investment that a prudent company makes in network redundancy obviates some of the savings from the initial collapsing of the two networks into one.

The bottom line is that IT departments and people who must ultimately approve or pass on a switch to IP must truly understand each other. Some key questions:

• Is it needed? Is it needed for some departments, but not others?
• What are our competitors doing?
• What benefits will the organization realize from the switch?
• What are the risks?
• What is the cost to do it? To do it right?
• Are our operations people trained on this technology? Must we hire? Retrain?
• Will there be retraining of employees?
• Will we eventually be able to cut staff?
• How will this help our disaster recovery/business continuity efforts?
• Are their regulatory, legal and/or compliance issues?

There clearly are other questions. If they all are not answered to the satisfaction of IT and the financially-oriented departments, the organization simply isn’t ready to make its move.

–Carl Weinschenk

Image courtesy of Everaldo.

A common disconnect between finance and IT stems from a different understanding of what risk is.

IT has a tendency to view risk through the prism of security—managing controls and compliance through checklists and best practices. From the finance side, however, true risk management deals with uncertainty around outcomes–looking at potential consequences in business terms and weighing those against potential reward.

While information security standards and guidelines are a good thing, they can be very easily misused and abused. They encourage cookie-cutter thinking and miss the bigger point – no two industries are the same. No two companies within an industry are the same. No two geographies within a company are the same. No two data centers within a company geography are the same. No two services run on hardware in the same data center are the same.

And guess what? Depending on the time of the year, the needs of your customers and other factors, the same business process may have different needs on different days!

There are libraries of control checklists from numerous standards organizations that provide great common practice guidance around how to secure information assets. As new vulnerabilities are discovered, new patches and workarounds are circulated and proactively communicated through a huge number of alerting services. But there are always too much vulnerability to remediate and too many controls to implement across the typical enterprise. As a result, critical deficiencies may go unmanaged.

The IT security professional needs to be able to assess risk exposure—the likelihood of an event multiplied by the magnitude of the impact—in order to focus energy where it does the most good (in other words, focus on the lesser number of elephants rather than the multitude of mice).

Risk management is a business decision revolving around how much risk a business is willing to tolerate in order to meet its business objectives. That decision involves evaluating what the organization wants to accomplish and assessing the potential impact of outcomes.(Listen to The Maturing of GRC for more background.)

A risk manager’s primary concern is to help protects the firm’s continued business success by preparing for unexpected and unfavorable events and outcomes. The risk manager focuses on identifying and measuring risks to the business and figuring out how to mitigate it, such as by transferring risk to other entities via insurance, reducing the potential through controls, avoiding it by exiting a too-risky business area, or establishing capital reserves to ensure a risk event will be covered.

A risk management system provides the framework within which managers can explicitly consider how the organization’s risk exposures are changing, determine the amount of risk they are willing to accept, and ensure that they have the appropriate risk mitigation and controls in place to limit risk to targeted levels.

Over the past 40 years or so, information technology has migrated away from being a pure cost-center into a central function critical to the successful execution of corporate strategic objectives. Yet information technology managers and business managers still often find themselves at odds with each other.

For years, IT has talked about aligning to the needs of the business. It’s still a challenge. The fact of the matter is, it’s tough getting C-level executives to prioritize business objectives and processes amongst their own agendas and silo’d operations, much less as a deliverable for IT.

Bridging this gap requires greater transparency, more collaboration and a shared understanding regarding the impact of risk on the organization. Achieving this melding of the minds requires agreement on a taxonomy, or common language, that both business managers and IT can relate to and a framework for risk management across the organization.

Software can automate the process of identifying, measuring and monitoring operational risk. An enterprise risk management system can integrate all risk data in a risk analysis– risk and control self assessments, loss events and key risk indicators (KRIs) – into a single solution. Risk management software aims to integrate document and process management with a monitoring and decision support system that enables organizations to analyze, manage and mitigate risk in a simple and efficient manner.

There are some truly brilliant people managing information security and doing amazing things with limited budgets. Risk management systems can help information security professionals make better decisions faster, helping practitioners do more with less. Risk management is a great tool to help information security practitioners work more efficiently and ensure they’re working in synch with colleagues on the financial side of the house.

About Gordon Burnes: As Vice President, Sales and Marketing, Gordon M. Burnes is responsible for leading the company’s sales, marketing and partnership efforts to help drive OpenPages’ revenue growth. Burnes brings to OpenPages seventeen years of experience working with high growth companies. Burnes comes to OpenPages from McNamee Lawrence, a boutique investment bank focused on the information technology sector, where he provided strategic financial advisory services to mid-market software companies.

Homepage icon courtesy of Sim Wong.

Image courtesy of IconDrawer.

The need for IT and financial people—the check signers—to communicate effectively is nowhere greater than in DR/BC. For a plan to actually be effective—not just to make people feel a false sense of security before an emergency strikes—there are myriad details that require a clear understanding and deep cooperation between IT and the finance folks.

For instance, a situation may arise in which limited functionality can be restored at an early point. The two sides of the house must have a crystal clear understanding of which systems have the priority for restoration and which can wait. Likewise, employees understanding of their role in emergencies—where to go, what emergency duties to undertake, who to report to (and who to report to if the first choice is inaccessible), etc.—can only really effectively be created via deep cooperation between IT, the executive suite and various operational leaders.

Assuming that these decisions can be made on the fly assumes that communications will exist and that decision-makers will be accessible. It is impossible to guarantee such conditions, of course. It’s simple: Not making these decisions before the emergency hits is extraordinarily reckless.

A company is never more vulnerable than during an emergency. Almost by definition, its money generating endeavors are slowed or halted. In the best case scenario, such emergencies are rife with in-decision and fear. A good DR/BC plan can show a path through these trying times, and good communications between IT and the rest of the organization is key in creating one.

In business, a computer disaster equals an event that halts the normal operation of day-to-day business activities. The result of such a disaster is that business stops–orders cease to be placed, accounting activities freeze, data is unavailable, electronic communications halt, and the company has no access to decision-critical information. All of these events cost companies revenue and may result in unrecoverable damage. Also, events like Katrina, fires in Southern California and other parts of the West, tornadoes in Midwest and the hurricanes in Florida have made data protection, disaster recovery and high availability high on the priority list of many financial institutions.

Companies that do not have a proper disaster plan pay dearly through lost productivity and financial loss. As corporate data continues to grow exponentially, so too does its value. Loosing access to critical data for even an hour can cost a company millions of dollars. The Meta Group reports that the downtime cost for each company in the Energy Industry is $2.8 million/hour; in the Telecom Industry $2.0 million/hour; and for Financial Institutions, $1.4 million/hour. The National Archives & Records Administration reported that 93% of the companies that lost their data center for 10 days or more filled for bankruptcy within one year of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately. And anyone who watches nightly television should be aware that disasters could occur anywhere.

The question to ask is if CFOs are paying enough attention to disaster recovery and business continuity. Is the task being handled only by CIOs and IT department? It is imperative that the top management in every company and especially the CFO should pay proper attention to protect their key servers and systems. The financial well being of a company depends a lot on their key systems being up and running all the time.

Microsoft Environment

Microsoft Exchange, SQL and Windows servers are being increasingly used for corporate communication, for storing data and documents. Microsoft Windows Servers and Exchange Servers are ubiquitous in any organization big or small. SQL Server is also being increasingly used with enterprise class applications. But many organizations do not use the proper process for backup and recovery and in particular disaster recovery of Microsoft Servers.

The explosive growth and popularity of Microsoft Servers in general and Exchange Servers in particular presents a challenge to administrators all over the world. This growth coupled with exponential growth in associated data volume makes it difficult to manage, protect and administer the servers. Hence it is imperative to have proper disaster recovery processes in place to protect Microsoft Servers.

Common Mistakes

The biggest mistake typically made by people is thinking that since they are taking backups, they are assured of recovery in case of a disaster or system crash. Based on statistical data, 30-40% of the data stored on tape can never be recovered. Also, most of the tools available today focus on backup, not on recovery. So it is imperative that IT Administrators give enough thought not only to backup, but also to recovery.

Depending on the criticality of the environment, and the needs of a particular organization, it is always a good idea to take more frequent backups.

How to Protect Your Data

First of all, companies have to decide how critical their data is. Organizations also have to determine their Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

RTO defines the tolerable maximum length of time that a business process can be unavailable, while RPO defines how much work in progress can be lost.

Also, companies have to decide whether to go for a tape backup or a disk-to-disk backup, or a combination of both. Tapes are the traditional way of doing backup, but when it comes to recovery, they’re not very reliable. Disk-to-disk backup is fast, reliable, and the data can be recovered immediately. The best approach will be to back up the data to disk regularly and archive it to tape every week, every month, or every three months based on the criticality of the data.

Disaster Recovery Plan

The best way to prepare for a disaster is to avoid the disaster. Therefore, look for any potential problems you can find, and correct them. You should address those issues that you can solve and which will provide benefit. Regardless of the cause, fast and effective recovery of your IT environment is essential. You must be able to quickly implement your recovery plan–which must be tested and well documented before problems occur.

Developing a disaster recovery plan for your systems in general, and databases in particular, is tedious and time consuming. If you can automate the entire process through configurable templates, then the process can be completed within a short period of time, saving time and resources. Also, one should focus not only on backup, but also on recovery. When a disaster occurs, it can take hours, if not days, depending on the complexity of the situation, to have all your systems and databases up and running. Users should look for applications that will help them to recover to the point of failure, or to a point in time quickly without the need to write any script or code.

Companies can create a cost-effective disaster recovery site by simply investing in standby servers. They provide a high level of data protection and fast recovery if the primary server fails. Standby solution bridges the gap between a highly expensive failover clustering solution and native backups. The standby server can even act as a read-only device during normal operations. The extra server generally costs much less than buying extra peripherals or services.

Unlimited budget does not guarantee total protection. In fact, in today’s environment, even the most profitable company with lots of cash will think twice before spending money on unnecessary or redundant projects or tools. As explained before, RTO and RPO will determine the type of plan and systems that need to be put in place. Companies should have a clear understanding of their requirements, and then design/implement a disaster recovery and business continuity plan.

Before jumping on to implementing a plan or an application, it is imperative that users properly think through all the different scenarios and the impact a particular disaster will have on their business. With proper planning, even companies with highly mission critical data and information can implement a plan within a reasonable budget. Of course, what is reasonable is always subjective.

Disaster Recovery Strategy

Today every company, big or small, depends on its network for virtually all its activities. Any downtime in terms of server crash or system failure will result in enormous productivity and financial loss. Hence what can organizations do to mitigate the losses? Many smaller companies do not have the trained staff to do extensive planning or can afford to take on major activities that have no immediate payoff. Furthermore, most disaster recovery software and services are aimed at large companies with sophisticated computer systems, in-house expertise, and large budgets. What about a typical small company with one or two IT people and the usual Microsoft software and Intel servers?

Fortunately, there are solutions that are reasonably priced and easy to implement. Companies can use a combination of disk and tape backup solutions to protect their systems. The best strategy nowadays is to back up your data to disk regularly and then archive it to tape every so often depending on how critical it is. Be sure to test tape recovery; it is a notoriously fickle and uncertain operation. A trial run now will avoid big problems later.

Companies of all sizes must take backup and disaster recovery seriously. Who knows what can happen? In recent years, information and data has become a vitally important corporate asset essential to business continuity all around the world. The ability to recover critical data quickly after a disaster is a fundamental requirement of economic viability. Microsoft SQL, Exchange and Windows Servers are being increasingly used in mission critical environments and hence recovering them from a disaster is crucial for business continuity.

It is very important to have a disaster recovery plan that is easy to follow, well documented, and known by employees. Relying on one employee or on a process that is not documented will only leave a company vulnerable, especially in disastrous scenario. It is imperative to have proper processes and software implemented and tested to recover quickly from a disaster. Top management in companies especially the CFO must devote sufficient time and energy to protect the systems and data from potential disasters. The CFO should work hand in hand with the CIO and make disaster recovery and business continuity as a priority.

About Dr. Vas Srinivasan: Dr. Vas Srinivasan is the Vice President of Marketing at Sonasoft. Vas has over 20 years of experience in technology, manufacturing and research areas. Vas played a key role in introducing new technologies and products in High-Tech and Manufacturing industries. Before joining Sonasoft, Vas was responsible for the Supplier Relationship Management (SRM) Solution at Commerce One.

Image courtesy of Everaldo.com.

In today’s highly competitive marketplace, simply working faster isn’t enough. Rather, CIOs also need to achieve world-class resource utilization, and management processes need to be revised in light of this new market dynamic. If anything, CIOs should focus even more on their people. Specifically, CIOs should consider:

• Managing what the organization already has. This involves consolidating infrastructure, eliminating shelfware, knowing what resources exist and how they are used, reducing redundancy and increasing utilization.
• Managing change. Shortened time frames accelerate change. A change management process is needed that can both support the rapidly evolving needs of the business and minimize the cost and disruption of change.
• Measuring results. More specifically, measuring the impact of IT on key business processes, such as order throughput and end-user service times, must be tackled and understood.
• Practicing governance. CIOs must ensure that their people, processes and technology all support business initiatives and meet legal and regulatory mandates. This task typically involves both an assessment of the internal and external risks related to the organization’s current processes and a managed approach to address the most significant risks.

Read More at Smart Enterprise…

Read More at PR Newswire…