Data Sovereignty, Data Ownership


Data drives the modern business. It drives the modern development process. And it drives IT operations analytics in the NOC and the SOC. This raises the questions “Who owns all this data? Do data sovereignty rules apply?” Data is everywhere, and it is used in many ways. In many cases, the same data is used in multiple ways by distinctly different groups, working methods, and ivory towers.

This is a growing problem in organizations using analytics for any purpose, whether customer-facing or IT operations in either the NOC or the SOC. This was brought up by Tim Crawford on a recent Twitter #CIOchat. In many cases, these organizations look at the same exact data, just in different ways. Who owns the data? That is relatively easy to answer: the business. But who controls the data is harder to determine. Consider the data created by the average web presence (via web services or APIs).

  • We have business data in the form of leads, products bought, inventory items, etc. This is mostly in the form of network data.
  • We have data used by the NOC by the various ITOA platforms to control the way the web presence responds to load, issues, etc. This is mostly in the form of network data and log data.
  • We have data used by the SOC to monitor the security of any web presence. This is also in the form of network and log data.

There is a common stream of data used by all these organizations for different purposes. Each organization considers its data stream to be separate from everyone else’s. Perhaps this is because they use different tools. However, the data is the same; teams and organizations just use it for very different things.

Now, if we consider a multinational corporation, we end up in the world of data sovereignty. In other words, certain data cannot be sent into or out of specific countries. Just about anything that is personally identifiable is not allowed to move. This includes the IP addresses comprising most of the network data we use to make our decisions.

The question now becomes not “Who owns the data?” or “What does this data tell the organization?” but “Who uses the same data for unique and interesting purposes: business, ITOA, security, others?” In the end, these items all contribute to the success of the business. None can be ignored by the other teams.

The unifying element of any organization is usually physical, rather than the data it uses to make decisions. If we can unify around the data instead—show how that data informs many decisions and how all players use the same pool of data—perhaps we will end up with less finger pointing and fewer silos and other detriments to the business. This is a worthy goal to have.

However, to get to this point, we need not only to unify IT around the data (including security and compliance), but to unify the business around the same set of data. There is a golden metric that each business pays attention to that directs how its data is interpreted by IT. That metric is usually extremely difficult to find, but once it is, it puts everyone on a level playing field. Everyone looks at the same data, pays attention to the metric, and unifies IT and the business.

Yes, the metric is hard to find, and its particulars change from business to business. Like a business case of Plato’s Theory of the Forms, some companies have found the metric and others have found false versions of it. There are many shadows of the metric out there. This leads to dissension about its definition. One company I know has found it. That metric governs the company’s business and offers a direct view of how well the company is doing on a per-minute basis. It is a powerful metric that has unified the company. It provides a place to start for all troubleshooting within IT, regardless of NOC, SOC, or development.

As useful as that metric is, sovereignty over the data is still a tricky question for any organization. In a perfect world, the ownership is easy to claim—that is, if everyone realizes they are using the same pool of data and looking at it differently. Sovereignty involves lawyers, treaties, and politics. That ends up being a harder problem to solve.

Find the metric and end data ownership issues. Every team will interpret the data differently, but the business and IT will be able to agree on one thing.

Share this Article:

The following two tabs change content below.
Edward Haletky
Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]
Edward Haletky

Latest posts by Edward Haletky (see all)

Related Posts:

Leave a Reply

Be the First to Comment!