IBM forms data governance council
05 July 2005 | 4868 views | 0
IBM says it is has assembled dozens of financial institutions and technology providers in an industry body called the Data Governance Council which will develop a blueprint for protecting data from thieves and hackers.
Council members include financial firms such as ABN Amro, Deutsche Bank, American Express, Merrill Lynch, World Bank as well as security and network firms including ActivCard, Ping Identity and Corticon Technologies. Institutions such as North Carolina State University, Nova Southeastern University and the United Nations Development Program have also signed up to the scheme.
The council is developing a blueprint for the governance and protection of personal and organisational data within and between enterprises, and is evaluating how firms can implement a data governance blueprint.
The move follows a number of high profile incidents in the US of lost or stolen data including a security breaches at Federal Deposit Insurance Corporation and at third party payments processer CardSystems where more than 40 million credit cards were exposed to fraud.
IBM says companies are finding it increasingly difficult to measure the value of their data, including the types and probability of risks around data loss, and have no standard way to mitigate these risks. As a result, all data is protected the same way - low quality data is over-protected and high value data is under-protected.
Steven Adler, chair of the Data Governance Council and program director, IBM Data Governance Solutions, says one of the biggest problems for organisations is how to manage and control all the data that resides within a company, especially as more firms now do business online, extending into large data supply chains.
"There is a clear need for common solutions and governance models to protect and share data on different levels. At the heart of the IBM Data Governance blueprint, is an initiative to bring a collection of proven technologies and collaborative methods to build consistency and quality control in governance, which will help companies better protect critical data," adds Adler.
According to early findings by the Data Governance Council, the top governance challenges are the need for security, privacy, compliance, and risk challenges to be addressed with common standards; lack of connection between organisational and IT roles and behaviour, which causes potential exposures; policy and business rules not linked to business processes or IT systems; lack of common methods for meta-data classification and IT integration and controls are deployed before long-term consequences are modelled.