7 “Not Easy” Steps for Securely Using Data for Real-Time Decisions

A step-by-step roadmap for taking control of your data, securing it and making it meaningful to everyone at the same time, in the same way.

Originally published on LinkedIn on Oct. 22, 2019.

Companies have data in many places. And many companies do not know what data they have, where it is stored, who and what has access to it, the trustworthiness of the data or how to organize it in a timely manner into decision criteria for leadership teams.

The easiest way to know if what I’m saying is truth is to ask someone on your technical staff to provide you an asset and access inventory. Ask them the following:

Tell me:

- All software applications used in the company
- All places data is stored in the company
- All hardware used in the company to host, edit and manage both
- Who/what has access to these things and with what levels of power

And

- How the data is secured in transit and at rest

Give them one business day. Their reaction will reveal your truth.

Running a company minimally requires two things: knowing where you want to go and having access to timely, trustworthy data that will guide your journey. This article discusses the data aspect only.

And as you may already hope, suspect or know, addressing unsecured, unmanaged, disparate applications, data and permissions is a solvable problem. Accessing one view into your company is also solvable. Let’s look at the plan.

1. Find Your Data

Inventory all software applications and data repositories inside and outside your company, as well as, anything interacting with or exchanging data with your applications and repositories.

2. Determine The State of Your Data

What is the technology collecting, managing, editing your data? Where is it hosted? By whom? Is it good, questionable or corrupt data? Who and what has access to it? What are they doing to the data? Who is managing the security and sanctity of the data? How do you know you can trust the data? Is the data current and with what frequency?

3. Secure your data

Is the data managed via role-based permissions or is it wide-open for too many people and systems to manipulate, extract and exploit? Is it direct-connect? Copy-paste? Batch-uploads? API-accessible? Is it secured while at rest? Is it secured while in transit?

Think your company not likely to be attacked, corrupted, ransomed or otherwise exploited? Consider your brand value, consumers, privacy laws and bad company press. Do people trust your brand today? Will they after a breach?

4. Establish a Common Data Format

When data originates from multiple data sources, the structure of the data is usually non-uniform. The first step is to understand the current structure and state of all data at the origination point.

The second step is to determine to what Common Data Format (CDF) all data will be funneled and/or otherwise re-organized. In other words, if your company’s growth strategy has been through Mergers and Acquisitions, you likely have many data stores with similar types of data, but with different states of sanity. If you want one view across all of these data stores, words must have the same meaning for all instances of all data. Establishing the same meaning for all similar instances is “normalization” or “establishing a Common Data Format”.

Many to one.

Only after there exists a common data format are you able to see, understand and make decisions that confidently and consistently take into consideration all parts of the company.

No alt text provided for this image

5. Extract, Normalize and Put

When you understand all places from which data originates and have a CDF, your teams are then able to write predictable, repeatable and auditable methods of extracting, normalizing and putting data into your new, single source of truth.

To be clear, the methods of extracting data, normalizing data and putting data must be predictable, repeatable and auditable. And the structure into which all data is put is itself the CDF. Anything less and you will simply be creating a new mess that must be managed on top of your existing ecosystem — whatever the state.

6. Pull Data Predictably

Now that you’ve made the effort to ensure all data, from all locations, is secured and normalized, protect it. This means there must exist a predictable, repeatable and auditable manner by which applications, systems and companies access your data. Notice I didn’t say people.

To access data from the single source of truth, there must exist predictable, repeatable and auditable set of actors, permissions and activities. If there is variability in actors, permissions and activities, it will no longer be a single source of truth.

Require anyone or thing that wants access to your data to follow your rules. Non-negotiable. This includes people in Mensa, people with twenty years of tenure who have been there since the company started, the CEO’s nephew and your mom.

Your single source of truth is special. No one who wants access to the data is special. Despite what their mom told them when they were young.

7. Use Your Data to Inform Your Decisions Dynamically

Attach reporting solutions. Attach streaming solutions. Attach elastic search. Attach dashboards. Follow the rules. Enjoy peace.

Now you can trust that your data has integrity. You can trust it is secure. You can trust your data is predictable, repeatable and auditable. You can trust your company has one message.

And you can trust that you know all applications, repositories, data management and security behaviors, actors, hosting solutions and reports are something upon which you can bank your company’s reputation.

____________________

If you would like to take control of your data, secure it and make it dynamically meaningful to everyone in your company, the teams at Trility help companies solve these challenges with a focus on predictable, repeatable and auditable behaviors. Email us at forthejourney@trility.io.

Iowa start-up launches new product!

ShowPal, a Des Moines, Iowa based start-up founded by Chad Torstenson, recently launched its first product named ShowPal ID!

ShowPal ID, the first of multiple products and services planned by ShowPal’s CEO, is designed to enable increased safety for Realtors as they meet and interact with clients who often are not personally known to them.  ShowPal ID performs on-the-go identity verification of homebuyers on behalf of real estate agents in advance of engaging with a client so that all parties know who is involved before they meet for the first time.

“Every year real estate professionals are placed in harms way by individuals fraudulently posing as a prospective client.  The statistics of crimes committed against Realtor’s such as robbery, physical assault, sexual assault and homicide are staggering. We intend to change that,” says Torstenson. 

In order to accomplish the goal of building software solutions for the Realty industry, ShowPal engaged Trility Consulting, also of Des Moines, Iowa, to help design, build and deliver a cloud-based software solution that seeks to address a very important problem in today’s real estate marketplace — the safety of Realtors and Buyers.

Trility Consulting focuses on helping companies adopt, build and operate in secure enterprise cloud frameworks so companies can focus on serving customers.

Visit ShowPal’s site! Or stay in touch with them on Twitter  and Facebook!

Update: In the true spirit of a start-up’s need to test, learn and refactor, ShowPal published and tested ShowPal ID and determined that while an important problem to solve, this product doesn’t meet ShowPal’s own requirements for viability. Resultantly, this product has been put to sleep with the potential of re-launching in the future if and when it makes sense. It is hard to build and deliver product.