The siloing of data has long been a problem for businesses, causing significant friction and confusion, not to mention unnecessary duplication of labour. But with artificial intelligence (AI) widely acknowledged as the next step in enterprise IT, there is now more reason than ever to get it under control.
“Businesses need to ask:‘Do we have a unified architecture so that we can actually track our governance across it all?’. Ultimately, that facilitates decision-making, as data is the fuel that our businesses run on,” said William Flanagan, director of AI and digital transformation specialists OpenSky Data Systems.
In addition, Flanagan said there were important regulatory issues to consider, notably the forthcoming European Union Artificial Intelligence Act (EU AI Act), but that notwithstanding, businesses needed to get their data in order to benefit from AI at all.
As a result, he said, data should be taken as seriously as cybersecurity.
“The thing is, we’re all going to have AI systems and they’re going to become more and more important in business. We’ve all made big investments in cybersecurity to give us a strong stance, but we also need that for our data.
“AI systems are going to be trained on something, and that will be our unified data. What goes into that AI training system has to be the right data, curated properly and, if it is sensitive, used appropriately and in such a way that we can track and trace its lineage.”
The thing is, we're all going to have AI systems and they're going to become more and more important in business
The AI Act is not the only regulatory imperative, either. Between it and two other landmark pieces of legislation, the EU’s Digital Operations Resilience Act (DORA) and updated Network and Information Security Directive (NIS2), all businesses will feel the effect. The first thing they need to do is get their data collection and storage under control.
“When you think about it, businesses will have spreadsheets and email attachments with data in them. Many organisations are decades old. These things build over time, and there may not have been an impetus to do it when they were smaller or when regulatory frameworks weren’t in place. They are now, though,” said Flanagan.
The obvious question then is: how do we get there from here? Technology will play a role, with increasingly powerful data platforms such as Microsoft’s Purview and Fabric available to organisations. However, even before delving into the solutions, Flanagan said, the key was to understand the business goal.
“We all have our sources, we all have our accounting systems, we all have our supply chain systems and we know what our CEOs’ requirements are, or our management teams are, in terms of reporting”.
Categorisation and classification of data was key.
“There is a methodology and a practice, but I would start small. I would start to classify data in one aspect of the business, say supply chain. The documents will be in several places, so get them sensitivity-labelled and get the lineage.”
Businesses should ask themselves serious questions, such as what is going to cause the biggest pain, and work from there.
“It could be risk-management, it could be supply chain management. So, you pilot those things. You can start small and scale up as you need to. Things like Fabric and Purview are cloud-based, which means you don’t need to make a massive investment,” he said.
As the proverb goes, ‘a journey of a thousand miles begins with a single step’, but the fact remains that businesses, many of which fully grasp the importance of security, are lagging on data governance.
However, there is an easy way to conceptualise its importance, Flanagan said.
“When someone hacks into your system they’re after your data. That’s what ends up on the dark web, being sold.”
Nevertheless, IT is often still seen as a cost centre, and some organisations will baulk at spending that which, apparently at least, contributes to neither the top- nor bottom-line.
“I have huge sympathy for people who work in IT in large organisations, because they probably spent the last five to ten years begging for investment in security. To do that again with data governance, where you also have questions about skillsets – though there are enablers like cloud technology – is no small thing.”
Still, the forthcoming regulations are likely to concentrate minds.
“One of the things that will help IT people here is the regulatory environment, because it's the senior management who are responsible – and even liable,” he said.