Centralized data management. Time to surrender the silo

Published on September 7, 2017

During my morning runs, I run past this old silo in the middle of suburbia. Surrounded by single family homes, it looks either out of place or serves as a quaint reminder of an earlier time.

It brings to mind a different kind of silo that appears in business and how prevalent they still are, despite the connected nature of business today with cloud computing, big data, machine learning, global markets and the like. Operating in silos where people act independent and without regard to other departments invites duplicated or inconsistent responses. It’s an inefficient and less productive way to operate, especially in this day of technology and non-stop connectivity.

Silo strife
When siloed organizations respond to enterprise-wide risk, a lot can go wrong. For starters, if every department responds in its own way to regulatory compliance, it is, at best, an inefficient doubling or tripling of the work necessary. At worst, it’s a mess trying to distinguish the company’s compliance stance with gaps of non-compliance.

Risk management is just as, if not more, problematic. Information security impacts every department and every employee. Individual business units with IT staff may respond differently based on the technology used and their expertise. The risk of miscommunications or something falling through the cracks is serious.

From the 30,000 foot view, the biggest drawback to silos is the fact they hinder data sharing, accountability, and visibility — the essential elements needed for enterprise risk management.

Connect silos
We could talk until we’re blue in the face, mistaken for members of the Blue Man Group, about business struggles with silos.

Here’s a better idea. Connect your silos with a framework and a platform designed for centralized data management. Frameworks and standards like ISO 27000 series, NIST, and PCI DSS provide a strong base for managing risk in their respective areas. Companies with mature risk management programs rely on integrated risk management systems (IRMS) supported by governance, risk management, and compliance (GRC) technology.

The main takeaway is that you can command a framework using GRC technology to build your own integrated risk management system that interfaces with the company’s business processes.

Driving change
While you know you should transition from operating in silos to connecting departments with a centralized data management platform, you may be concerned about the challenge of driving the organizational change required. Perhaps past programs have failed. Maybe you believe only a major incident would get the attention needed for significant change. There is a better way.   

Start with small steps like documenting your processes, attending a webinar or requesting a demo. Take our quick 10-question survey to see where you stand on the maturity scale for GRC and centralized data management.

Look for quick wins like implementing a pilot and producing key metrics for an executive audience. If that leads to a company leader championing the cause, all the better. Be watchful of too much, too soon. A grand project that sends shockwaves throughout the organization stands to fail. It’s better to start small, collect quick wins, and nurture the growth of your program.

The key is to connect your silos and centralize data management, so cross-functional teams can work together.That will effectively end the data silo era for the betterment of enterprise-wide initiatives like compliance and integrated risk management.

Related Articles:

GDPR compliance is like planting tulips

GDPR compliance is like planting tulips

For tulips to bloom in the spring, you plant bulbs in the fall. You plan ahead for the payoff later in March, April, or May. The annual tulip promise is a lot like where we are now with GDPR compliance.

Put IT risk under new management

Put IT risk under new management

The risk from cyber threat is ever-growing. Here are three major challenges and solutions for IT risk professionals and IT managers, as well as management and the board.