Warning: Mind the Data Governance Gap in Self-service BI


Self-service. It’s no longer a term used to describe simply accessing reports.

The landscape has changed, and now we see the whole data world opened up to business users. Data discovery and analysis is no longer just the domain of the analyst or IT. The definition of self-service has grown to capture data exploration, building reports and doing your own analytics.

In theory, this is an excellent idea. IT resources are called on less, you don’t have to shell out to employ more analysts, and business users get their reports faster because they’re not in a queue for IT’s attention.

But, in reality, there are huge pitfalls. Heaven forbid that Joe Bloggs, who has worked all his life on spreadsheets, starts creating his own reports, altering the data sets and gaining access to data from across the entire company!

The very reason self-service has sprung up as a desirable way of working is because business users have been frustrated with the length of time it’s taken them to get reports or dashboards back. This made people resort to manually and laboriously typing up the data by hand. Self-service won’t address the problem of speed at its root. It is simply a symptom reliever. And the reliever has side effects.

With the rise of self-service a dangerous data governance gap has arisen.


Batten down the hatches. We need governance.


Self-service is often so eager to give unfettered access to data for everyone, it leaves a huge security gap. It has taken data control away from IT and left a gaping hole of vulnerability where almost anyone can access and alter almost anything.

There are multiple layers of governance you can employ to ensure data isn’t misused, altered or divulged. From governing user roles to data source level security, you should be considering who has access to what and why they need the access.


But why is governance so crucial?


Firstly, you want accurate data. But if anyone and everyone has access to even select data sets, the data can be altered. That makes it vulnerable to error. Moreover, without training and experience, how is a business user supposed to build accurate reports? How do they know which data sets to use and how best to join them to answer their questions in a report? They might even be asking the wrong questions. Using the wrong data produces the wrong results. And that causes issues when business decisions are made based on erroneous reports.

Yes, this goes against the ideology of self-service BI. But I believe there is enough evidence to prove that the pitfalls of self-service BI significantly outweigh the benefits. After all, self-service is a symptom reliever, not a cure. You need to tackle the issue of speed of creation at its root. Don’t just pass on the responsibility of data to those who aren’t paid to do data discovery. At the very least, you are taking time out of their day to do a job you’ve not hired them for.

Secondly, you probably don’t want everyone to have access to all business data. Some of it is very sensitive information. Even if the data never leaves the source, someone being able to see it could create an internal privacy issue. You need to have the right security levels to stop business users helping themselves to data they shouldn’t see.

Thirdly, you don’t want an accidental (or purposeful) data breach. As analytics industry expert Jen Underwood said, “Many misuse breaches are not done with malicious intent, but rather for a convenience factor. One of the biggest risks to an organization’s information security is often not a weakness in the technology control environment. Rather it is the action or inaction by employees and other personnel that can lead to security incidents.”


So what governance do we need?


Your priority is protecting the data.

You need to give security back to those who know how to secure the data. Nobody, unless they’re a trained data analyst or data scientist, should be able to manipulate the data at its source. That just opens up gulfs of disaster. You need to govern roles and responsibilities. Define the different types of users you have and determine their levels of access. Reserve access to the data for those who specialize in data analysis.

I would highly recommend you do not give everyone access to creating reports and dashboards. Why? Because anyone who can create reports needs access to data. Ask ‘what can this person see?’ and ‘what can this person do?’.

Allow business users to consume reports and dashboards and drill into the details. Having access to data insights in the form of reports and dashboards is invaluable for business users – the information they can access as visualizations influences their business decisions.

Make sure those with access to data know what they are doing, how to do it and that they understand full implications of what they can mess up. The cost of errors in the long-run is not worth the short-term gain of providing unfettered access to all data for all users.

I whole-heartedly believe in investing in analysts. They cost less than the mistakes of business users using self-service BI in the long run.

Save yourself headaches and a lot of money by selecting BI tool that can be carefully governed, allowing you the freedom to choose exactly who can access what. Just remember, in your haste to get data to everyone, mind the data governance gap.