Getting data governance right

Panellists from Okta and Somerford Associates address the challenges of implementing best practices around data access

Posted 8 December 2022 by Christine Horton

Government organisations need to ensure data governance to control access to the abundance of data available today, according to an expert panel at last week’s Think Data for Government event in London.

“The only way a government department is going to see the benefit of its data is by accessing it, and to do that you need governance to ensure the right people have access to the data at the right time,” said Bob Feeney, central government & defence: cloud security: identity & access management: data governance, at Somerford Associates. “The software’s out there to do that, but there has been a reluctance in the past. But I’m seeing a number of departments leading the way on this.”

Feeney was joined in discussion by Clare White, public sector account manager at Okta and Grace Dolby, Okta technical champion at Somerford Associates.

However, the panel noted that organisations must balance access to data with both security and the user experience.

“Where I’ve been seeing the most difficulty for a lot of organisations, both public and private sector, is walking this fine line between providing access to everybody that needs it, at the right time – but also balancing the security question and finding a way that reduces the friction to the end user,” said Dolby.

They noted there are ongoing conversations within government departments about how to open up new datasets to all user types.

“Perhaps the way datasets are being accessed today is presenting some challenges, either on scale or for security, or for mixing content. Certainly, in some of the projects we’re seeing, there are datasets sitting in different areas of government that need to be brought together. And that might be by an external provider,” said White. “So, it’s how you’re securing those authentication flows so that people are having the right access at the right time, and it’s all traceable.”

First steps

On the first steps for organisations, White advocated for introducing automation.

“It could be that you’re looking at using an API strategy for internal documentation, internal processes that need accessing so you can start rehearsing what it’s going to be like on scale, when you then look at building that with other government departments and collaboration with partners outside of government. So that’s a stepping stone. There are some easy ways to start looking at adopting these processes and testing them out in a safer environment.”

For her part, Dolby advised building identity into the design of whatever into any data governance project.

“So often, identity is an afterthought or thrown in at the end. It’s not going to work. You need to think about the identity journey through that first meeting, right the way through to implementing in production. If you don’t, it will feel like an afterthought to the people who manage it and admin it. And also, for your end users. It’s going to feel clunky; it’s not going to be a smooth frictionless experience.

“Also really make sure that your platform is robust for all the different identities that you’re going to have access it, because it’s not going to be a one-size-fits-all.”

Above all, Feeney says there should be greater collaboration between government departments on such projects.

“You’ve got a lot of great examples within government, where projects are being rolled out. It’s just a wish that you would all talk and promote best practices that you’ve carried out already, because you’ve got some really corking designs, examples of where things have worked.”

We are already working on the agenda for the next Think Digital Identity for Government conference in April 2023 but if you missed this conference, you can still register and view the session recordings online. Register to view here.