News/Trends, Tech/Engineering

The Challenge of End-User Computing Data Governance

Malcolm Chisholm

This article was originally published on

Data governance is still relatively new as a function in many enterprises and is trying to address concerns on a variety of fronts such as legal requirements, dealing with data vendors and ensuring that data issues are processed efficiently. Yet the needs are great, and there are significant areas that data governance is only just beginning to deal with. One of these is end-user computing (EUC). This is the domain of spreadsheets, standalone users, individual devices, email and applications such as Dropbox.

It is fair to say that EUC is not a traditional area of data governance. It is also fair to say that some data governance professionals are hesitant to tackle the needs of EUC as they feel that data governance already has enough to deal with. Such an attitude is understandable. A good deal of data governance has its roots in IT and Operations, and the focus of these groups is corporate systems. Hence, this is the focus of data governance, too. And of course there are certainly many needs that data governance has to tackle around corporate systems, such as ensuring that downstream analytic users can successfully consume the data produced by upstream transactional applications.

However, the scale of EUC is so great and the needs so pressing that it really cannot be ignored and some level of data governance resources need to be devoted to it. But before this can happen data governance needs to understand what EUC is and why it is so important.

Understanding EUC

Because EUC components (architecture may be too flattering a term) have not arisen via the systems development life cycle (SDLC) it is not always easy to appreciate what it is used for. Some examples of why EUC is needed include:

  • A corporate system exists, but has some functionality missing. This is made up for by EUC, e.g., a customer MDM hub may exist, but does not directly support checking anti-money laundering regulations.
  • A user works in an area that is largely unsupported by corporate systems, e.g., a risk department in a young, rapidly growing financial services company.
  • A user works in a near-solitary manner, e.g., salespeople who are on the road a lot.
  • A group of users works in a remote office in an environment unsupported by corporate systems, e.g., a Latin American country for a company that has traditionally been focused on the U.S.

More sets of circumstances can be added to this list. Yet, even though these considerations are fairly obvious, they are rarely addressed by data governance – primarily because data governance has to answer to powerful interests in IT and Operations.

But just because data governance is being held to account by these interests in IT and Operations does not mean that EUC is not important. Although figures are difficult to come by, the scale of EUC is very large. A few questions can be revealing:

  • How much data is moved between users in an organization every day via email and personal storage applications such as Dropbox, compared to traditional FTP (file transfer protocol) and ETL (extract, transform and load)?
  • How many reports are produced from EUC environments every day, compared to corporate analytics environments?
  • Is it not a fact that there are entire departments where EUC rules supreme, such as sales, risk and actuarial?

Naturally, these questions will be answered differently for different enterprises, but they provide a reasonable justification for at least suspecting that the scale of EUC is quite large.

Why is EUC Important for Data Governance?

If we accept that relatively large-scale EUC environments exist, are they important to data governance? To answer this question we need to have a good grasp of what data governance is about. Here are a few examples applied to EUC:

  • Protecting the enterprise data resource from loss, accidental destruction and theft. Admittedly, IT and data security play a role in these areas, but ensuring adequate data management practices are in place is within the purview of data governance. It is well known that EUC environments are vulnerable in all these respects.
  • Ensuring data in EUC environments is legal and compliant with corporate polices. Some contracts with data vendors are very strict and can easily be violated by the presence of ungoverned copies in EUC environments. Similarly, governing the types of data sets that are allowed on personal devices versus being kept in corporate systems is very important.
  • Applying standards to EUC data. For instance, the enterprise may have a standard of a 3-character country code, but an EUC application may use a 2-character one.
  • Knowing what data is where. If an employee is suddenly terminated, or leaves suddenly, it may be vital to know what data they were using. Similarly if a laptop is lost, it may be very important to know what data was on it.
  • Again, these are only some examples. Most enterprises, if they think about EUC environments, will conclude that they are important.

Therefore, given the scale and importance of EUC, what should be done about them?

Converting EUC Environments

A frequent response, especially from IT is that EUC environments should be converted to corporate systems. Enterprise Architecture, in particular, can supply many good reasons for this approach. However, it is nearly universally rejected by the users who own the EUC environments.

This can put data governance in an awkward position. It is not data governance’s job to set standards on what software and hardware should be used inside the enterprise, but it can easily be caught up in disputes between IT and the EUC users. This is why it is very important for data governance to think though how it should be applied to EUC environments. The list given in the previous section is a start.

Ultimately, conversion to corporate systems is not viable because of the cost and timeframes involved, and the fact that IT has many competing priorities. The dispute between IT and the EUC users often degenerates into IT trying to ban the technologies that the EUC users have implemented. The users typically retort that they have been forced to do this because of lack of support from IT.

The Data Governance Approach

Since EUC many environments are not going to be converted to corporate systems in the near future, what should data governance do?

To be successful with the EUC challenge, data governance must take a leading role. It cannot ask IT, or the EUC users for that matter, what their requirements are, and try to align to their needs. Rather, data governance must think out in detail what data management is needed for EUC. Transparency, security, compliance are examples of attributes that data governance will likely focus on. What is important is that the mix of stakeholders in EUC requires that data governance is mature enough to stand on its own and formulate practical solutions that will make EUC environments robust and secure.

Author Malcolm Chisholm will be the analyst in The Briefing Room on June 9 to discuss “Rethinking Data Availability and Governance in a Mobile World” with Dave Packer, VP of Product Marketing, of Druva. Click here to register.