Democratization or Governance? You’re Asking the Wrong Question

People   |   Alex Gnibus   |   Feb 21, 2024 TIME TO READ: 10 MINS
TIME TO READ: 10 MINS

When you picture democratizing data access, you might picture Oprah: “YOU get a dataset! And YOU get a dataset! And YOU get a dataset!”

It’s a terrifying prospect for many an IT leader or data engineer who’s responsible for protecting the data (especially if you’re a Guardian type of CIO). The more people who get to access and use it, the more things might go wrong. Security risks. Cloud bills.

Yet the more people who access and use data, the more things can go right for your business. Higher user adoption. Improved data quality. More relevant business insights.

It’s common for governance and democratization to appear to be at odds. Is your company slow to adopt wider data and analytics access because they see more risk than reward? Ever felt like your organization is caught in a tug-of-war between letting everyone dive into the data pool and wrapping everything in red tape? You’re not alone.

But democratization and governance don’t have to be an either/or situation. Business and IT don’t need to clash. In my view, governance facilitates democratization – and in turn, democratization facilitates business results.

Whether you’re a business user advocating for democratization or a data engineer guarding governance, here’s how to think about both: Building a governance approach enables democratization.

Governance isn’t about restriction: It’s about scaling responsibly

Governance can be a confusing concept for most of the business. If you’re an end user, you might only think of governance when you’re getting a request denied or cursing your Microsoft Authenticator app. But governance is not about security restrictions or blocking you. Instead, governance is a big-picture framework that companies can use to scale responsibly.

It’s helpful to think of your business as a bowling lane. Governance procedures are the gutter guards that keep the bowling ball on track. As the bowler chucks a ball down the lane, governance stops it from landing in the gutter and ensures the ball hits the pins. IT and engineering work behind the scenes to put those guards in place.

The data governance “gutter guards” include procedures like:

  • Determining data access policies: Do the right roles have the right level of permissions?
  • Establishing data quality standards: Is the data in a consistent format across the organization? Is it accurate? How will it be used?
  • Meeting data privacy regulations: Does the data respect individual privacy and third-party regulations like GDPR?

Governance is about ensuring that when we all dive into data, we do it in a smart and secure way. And when combined with democratization, it’s about creating value by helping business users stay in the lane and achieve their goals. Let’s look more at what that means.

Democratization isn’t a free-for-all: It’s about getting business results

If you’re in a technical role like IT or engineering, you’re often doing a thankless job. The business might view you as the blocker slowing them down: “Why won’t IT give me access to the data I need?” “Why is it taking forever for me to view the Tableau dashboard?”

Democratization is IT’s chance to be the business hero. It means giving business users the data literacy and self-service tools to solve their problems and drive value. Remember: there’s a cost to getting democratization wrong, from data accuracy issues to incorrect business decisions. And there’s a big upside to getting it right.

When the supply chain team asks for up-to-date information, you can set up a dashboard that refreshes every few minutes. When marketing has a problem getting a view of customer data, you help them access data from a centralized data warehouse to get better customer insights. When the sales team needs more accurate forecasts, you enlist them to help with data quality and preparation for improved predictive models. And when you’re asked to show ROI on the technology you’ve implemented, you can point back to all of the above business outcomes.

If democratization makes you the superhero, governance is your superpower. And with great power comes great responsibility.

Democratization is not a free-for-all; it requires a thoughtful, careful strategy for maintaining the right security and permissions as you increase the number of users. So, as you scale enterprise-wide and allow for more self-service, how do you take on this massive responsibility?

Prioritize “administrative ease of use” in a democratization + governance strategy

Adopting a data solution that enables self-service can be a governance nightmare that makes you think of Oprah handing out cars. How can you trust hundreds of users with the keys to the data, without making your life harder? Administrative ease of use.

Look for tools that don’t just make it easy on the end user. They should make it easy on the administrator in charge of adding licenses, monitoring data usage, giving permissions, and ensuring things are running correctly. Prioritize governance capabilities that make these responsibilities easier:

Visibility: Is it easy to see what users are doing? Can you quickly view what jobs are running and which ones are scheduled?

Scalability: Can you build pre-approved apps that allow thousands of users to ask their own questions, without touching the underlying data or workflows? Is role-based access control built into the data solution, so different users have the appropriate permissions?

Data lineage: Can you track what happened to the data at each stage and get a simple summary of workflows? Or are you digging through messy SQL and local spreadsheets to understand what’s going on?

Your preferred UI: Your business users might be doing their data tasks in a more business-friendly, no-code platform – but that doesn’t mean you have to be on their platform. If you spend your time in Snowflake, can you monitor activity from other data tools from within Snowflake?

On that note, you also want to make sure your data integrations work seamlessly together, without governance hiccups along the way. When you’re evaluating data analytics solutions, it’s helpful to choose the tools that work consistently with the governance standards of your preferred data warehouse or lakehouse. For instance, if you’re using Databricks Unity Catalog to govern your datasets, you should select an analytics solution that supports Unity Catalog. If you use Azure storage, choose the solution that respects Azure Active Directory.

Even when you’re making governance easier on yourself, it’s still easier said than done to implement it. So, let’s look at an example of one organization that successfully balances business value creation with high regulatory needs.

UBS AG On Governance of Models and Workflows in a Regulated Environment – Alteryx

How it worked for a large bank: Expanding self-service machine learning, with a governed approach

Nick Bignell runs the data science service at UBS, a bank headquartered in Zurich. UBS has 100,000 employees and outsourced individuals across offices in more than 50 countries. As the largest wealth manager on the planet, UBS specializes in investment banking, asset management, and financial services. The company was founded in 1860 and has a lot of data — some of it going back that far.

Nick and his team wanted to lift their work out of the 1990s and bring it into the 2020s, including providing more access to data for employees, supported by a strong governance framework. To accomplish this, they decided to focus on upskilling their fellow employees in data literacy and expanding self-service machine learning.

Within UBS, those two capabilities combined are supported by Data Science Service, a center of excellence aimed at creating a platform for making data and analytics available to the entire organization through Alteryx.

In a heavily regulated industry like banking, you’re always waiting for the other shoe to drop. So, once Nick had made Alteryx and related tools available to thousands of UBS users, he knew he’d get questions from information security officers; “How is this controlled? Can people just connect to anything, do what they want with the data, and push it out?”

Nick and the team focused on administrative ease of use by building processes to support users within a governed experience for each scenario. Below are three common scenarios USB solved for.

1. Use a virtual machine to govern automated desktop workflows

UBS Alteryx users run Alteryx Designer on their desktops and create a workflow that executes regularly. How does UBS govern that?

For one thing, UBS doesn’t allow scheduling on the desktop, because users work on a virtual desktop. The virtual machine is scrapped every weekend and replaced the following week. But Nick’s team can identify the activity and source by the phone-home metadata from the application back to Alteryx. So, they captured that and saved it to an internal MongoDB database. This is important for governance because they can tell who’s running what even though Alteryx is running as a desktop application on their workstation.

The result is an inventory database of all activity, from basic usage like data prep to using Python code or the predictive analytics suite of tools. Nick’s team can point users to the applicable policies and have users affirm that they will follow company guidelines.

2. Create ready-made applications for organization-wide sharing

Some users at UBS create applications in Alteryx and place them on a server for other users to use. These “artisans” have created and uploaded about 2,000 workflows to a server. About 8,000 other users can access the workflows, but they don’t run Alteryx Designer; they use Alteryx only to interact with the ready-made applications on the server. This allows more people at UBS to access the data and insights they need, within pre-vetted and approved use cases.

3. Track activity for scheduled workflows with Alteryx Server

Because the local desktop is virtual and does not permit scheduling, users create and test some workflows locally and then upload them to Alteryx Server to run regularly. Activity on Server is very easy to track. Remember: administrative ease of use.

For all three of those scenarios, UBS maintains separate inventories. Users are instructed to follow all applicable rules and controls.

The journey of balancing democratization and governance that UBS has gone through showcases the importance of combining democratization and governance together rather than seeing them as opposing concepts. With democratization AND governance, data is accessible, yet managed responsibly.

Technical roles: You can be the business hero by using governance to enable democratization. “YOU get data insights! And YOU get data insights!” And the more excited your business is about data, the more engaged they’ll be in upholding governance standards like data quality.

And business roles: You can be an IT hero by considering governance in your quest for democratization. Involve IT early and consider the features that support administrative ease of use.

By collaborating to adopt a governance framework that supports democratization, companies can foster a culture where data is a shared asset that drives innovation, decision-making, and productivity.

Tags