Traditional data access management strategies often make the IT department out to be the bad guy. Because of limited data access and a never-ending backlog of requests, IBM i operators are frequently the only ones running reports in their organization, but just because they hold the keys to the digital kingdom doesn’t mean they need to singlehandedly take on all of the data access work.
Although, it’s not a good idea to let everyone have access to critical enterprise data due to security and compliance risks, it’s important to address how to empower end users. The question remains: Should IT allow users more access to enterprise data or keep a firm grip on sensitive assets to prevent security nightmares?
Access vs. control
Technology teams have the knowledge and awareness to safeguard their systems, but when they're the only ones running reports and collecting data, it can stifle their productivity. The problem is that traditional data access management techniques are often inefficient. For IBM i operators, this typically means writing new Report Program Generator applications or developing numerous custom queries. These solutions create a couple problems:
- It still limits user access
- It's time consuming for the IT department
- It delays time-to-information
- It’s more to manage
According to New York Times blogger Quentin Hardy, the problem with management strategies like these is that data is a lot more dynamic than it used to be.
"Someday you'll tell your grandchildren you remember the old days when data just sat there, like some list of information for people to look at."
The business data ecosystem has changed considerably, with companies looking to do more with their digital assets than they have in years past. Information is coming in from numerous platforms and applications, and the data itself is constantly changing as companies adopt new software. When database changes happen, queries have to be adjusted accordingly and IT gets bogged down in manual processes. End users aren't likely to see all of the IT departments other responsibilities, but they will notice if the financial report they requested isn't available by the morning.
What About Cybercrime?
More so than ever, the focus of business intelligence is on end user empowerment and equipping employees throughout an organization with the data they need as quickly as possible. Of course, this philosophy often conflicts with the goals of IT security. You only need to look at the $8.9 million price tag attached to cybercrime each year to understand why tech teams might be a little hesitant to hand over their company's data.
The good news: according to a study conducted by the Ponemon Institute, malicious insiders orchestrated only 8 percent of cybercrime incidents in 2012. These attacks are significantly more expensive and time consuming to contain than attacks from outside of the organization. In addition, the growing risk of identity theft and social engineering - in which cybercriminals use non-technical means to trick users into giving up account information - makes a reasonable case for keeping data as safely guarded as possible.
It is true that technology employees should not let users into the system unrestricted and unmonitored. However, keeping data isolated to just technical users is no longer a viable option in today's fast-paced business environment. This means that IT teams will have to solve a set of core operational challenges before they reach an effective answer to this data access problem.
Moving Toward Self-Service BI
Self-service business intelligence may seem like an idealistic goal in light of many failed attempts to implement data access solutions for non-technical users. However, it is not a new concept, nor is it an unreachable goal. Although software can play a significant role in the success of these initiatives, it is critical to first gain an understanding of the company's data environment, how it is managed, and what needs to be done to improve those practices.
There are several key ingredients involved in creating a data access strategy that really works. Wayne Eckerson, director of TechTarget's BI Leadership Research unit, surveyed 234 professionals to identify the common challenges and potential solutions to the problem. One of the core themes that emerged from the research is an emphasis on user empowerment, but the problem is that many companies implement a one-size-fits-all solution when their employees all have different levels of expertise. In other words, one user may be ready to create custom queries and reports right away, but others will need more accessible features or the ability to intuitively delve deeper into an existing report.
"Just installing an easy-to-use BI tool doesn't automatically mean you have a self-service BI environment," said Claudia Imhoff, president and founder of BI consultancy Intelligent Solutions. "There are different needs within an organization. You need to know who your information workers are and what kind of self-service they really want."
Another essential ingredient to allowing self-service BI is governance. IT departments may need to work alongside business teams to determine which information is considered sensitive or confidential. This allows technical staff to better prioritize which data should be most closely monitored.
Find a Good Strategy
It may seem like IT is opening the floodgates to compliance violations and security vulnerabilities, but a user-centric data access strategy is about more than just giving employees what they want, when they want it. Such a strategy will also lift some of the burden off IT's shoulders. Involving business units into some of the planning process will raise awareness regarding key security issues, and empower end users to generate their own queries and reports.
Once a clear strategy has been identified, the remaining challenges are well within the technology professional's domain. It will be up to the IT team to select the data access solution that best accommodates their company's strategy, and addresses the challenge of balancing access and control.
With the right data access & reporting tool, you can give each individual user what they need, when they need it, and give your IT department freedom to work on projects more strategic to the business. Download the Data Access & Reporting Kit Today >