Welcome to my Blog. I resisted writing a blog at IBM for many years. I have a short attention span, and just couldn't conceive that I would have anything interesting to write about for more than a few sentences a month. You may still not find what I write about to be that interesting, but as I get older my attention span seems to be growing so I am going to give this new medium a chance.
I have to begin my blog about Data Governance with a Short History of Data Governance at IBM.It started in April 2004.
Customers were talking about new requirements and trends in the marketplace that involved Security, Privacy, Compliance, Data Management, Policy, Audit, and Organizational Structures all at once. I saw large banks and credit card issuers nervous about increasing rates of internet fraud and identity theft in their merchant supply chains, facing millions of potential exposures across their merchant networks.
There were brokerages concerned about data transformation for offshore application testing, insurance companies aggregating all lines of business to create common customer records requiring new forms of data protection and access control. I heard confusion regarding global regulatory demands, cross-border data flows, institutional stovepipes and growing cybercrime and identity theft. Data has always been treated like a redundant and valueless commodity, but it must have a value if governments are regulating its use and criminals are trying to steal it. It must be both an asset and a liability, though I don't think anyone in 2004 fully understood what this means.
Through the spring, I visited many customers, and asked many questions. In June, I found myself in front of a CISO on Wall Street presenting the IBM Enterprise Privacy Architecture. I had about 30 charts prepared, and we had just updated EPA to version 2.0 so I was excited to share our latest ideas. At about the second chart, the CISO stopped me and said, "this is all very nice, but personal information is just one of our data types. We need a data architecture that embeds policy into business processes for all our data types. We want to discover the existing, unwritten policies that are part of our business culture that you'll learn about if you ride the elevators here for a day, as much as we want our employees to follow the new written policies we try to deploy every day. How do we do that?"
I didn't know the answer, but I did know that the stories and vignettes I was hearing pointed at new kinds of challenges that privacy, security, or data architectures alone would not solve. I went back to IBM to ask if we had any solutions for these problems, and heard from various camps that we had parts of these items covered. Peering beneath the assurances, I still saw gaps in understanding and capability, and volunteered to host an event to bring the two sides together - customers with new problems that had no name, and IBMers with old solutions that didn't fully apply.
In July 2004, I announced an IBM Security & Privacy Leadership Forum on Data Governance to be hosted at the Mohonk Mountain House in New Paltz, NY on October 6-8. The date was ideal, just on time for autumn foliage. The agenda involved three days of interactive dialog with customers on hard issues with no easy solutions. I didn't want a marketing and sales event. I wanted a Socratic dialog, an exploration of challenges, to define the outlines of a new marketplace. I wanted to bring IBMers and customers together in the same room exploring challenges, building a new partnership with our customers, and lead IBM in an outside-in design movement to align our capabilities to real customer requirements. Mohonk is a special location.
Built in 1878, the old Catskills resort sits at the lip of lake carved out of a crater at the top of a mountain amidst 5000 acres of wilderness. There are no TV's in the rooms, bad cell phone reception, and at that time no internet connectivity. The air is sweet, the views breathtaking, and the atmosphere quickly removes you from the reality of your work environment. It was the perfect location, and 120 people attended the 3-day event, including 60 representatives from companies across the world, 20 business partners, and 40 IBMers.
The original agenda file is too large to post, so I am posting some of the presentations instead.We divided the agenda into three workshops on Policy, Content, and Infrastructure. On the first day, we invited Customers to describe their challenges in these categories. On the second and third days, we broke up into workshops and explored the issues. The Infrastructure discussions were dominated by business partners and technical issues. The challenges and solutions were the most concrete and least revelatory. The Policy discussions started well but quickly devolved into a debate about whether policies were made of rules or rules were made of policies. There was no resolution, and yet there was also no letting up in the debate. It raged for two days, and continued in email thereafter. The Content breakout took place in an attic conference room with bad acoustics. But the dialog was fantastic. We explored new data architectures, challenges with legacy document formats, storage, archiving, discovery, and reporting. The discussions were interactive and intellectual, and all the participants came home with new ideas and insights.
In the end, I think we had the wrong categories on the agenda. I had asked all the discussion moderators to bring issues and questions on their charts, and many of them did but many of them also didn't. You can't really control every aspect of a presentation, or an event. But it didn't matter, because the most valuable part of the entire event was social interaction of customers from many industries and geographies recognizing that their problems were not unique, that they were connected in a common fabric that demonstrated new market requirements that every IBMer in the room heard loud and clear. And everyone accepted that the new name for these challenges was Data Governance.
Following the event, I received many letters of thanks from customers, partners, and IBMers. We clearly connected with many, and some customers asked if we could continue the dialog. They recognized that Data Governance was a common challenge that would require much more discussion and understanding. With that invitation, I formed the IBM Data Governance Council in November of 2004 as committee of industry peers dedicated to exploring common challenges and solutions in Data Governance. Key Bank, Merrill Lynch, Danske Bank, Bell Canada, and Deutsche Bank were the first members.
By the time we had our first Council meeting at the Ritz-Carlton Amelia Island in February 2005, we had 20 members. Since then, the Council has grown to about 55 members, and we've explored many issues and achieved many milestones. We meet four times a year, normally three times in North America and once in Europe. There are some participants who have attended every meeting. The meetings last 2 days, and over the course of the last three years we have built enormous social capital and trust in the Council that has enabled us to collaborate cross organizational stovepipes, among and between competitors, in ways that set an example of good governance.
In my next blogs, I will describe the road we took, the meeting contents, deliverables, and lessons learned.