Data Governance Best Practices

Data Governance and Security with Head of Data Engineering and Deputy Director of Professional Services, Shan Patel

During the first in the series of our Q&A sessions, Shan – the subject matter expert – answers questions submitted by some of Tahola’s closest customers on Data Governance Best Practices.

Shan Patel has been at Taholah for more than 16 years, working his way from the support department to consultancy and is now the Head of Data Engineering. His background before joining Tahola was working for various companies in the retail and hospitality sector.

Q. How can I manage security and access when moving my data warehouse into the cloud?

When you’re carrying out data management by moving an organisation’s data from various data sources, the best thing to do is use secure protocols such as HTTPS and SFTP. That way you can securely transfer your data to and from the cloud without any issues.

The other thing that you should do is have really good authentication, strong passwords, maybe two factor authentication. That will help you prevent any unauthorised access.

When you’re working on accessing the data. You could use role based access controls. This will help you manage the access to your cloud resource and your data. And as always, use reputable cloud providers such as Microsoft, Google, Snowflake and Amazon.

Q. What is your advice on changing passwords generally in a business, should this be done regularly?

I always change my passwords around about every 30 days or so. Don’t have your passwords rolling passwords, such as Password1, Password2, Password3. They should be totally generic, automatically generated passwords.

Q. Is there a way that a company can make sure this happens across their business? And does this depend on the type of business or is this a standard rule for all customers?

It should be standard for every customer. As part of the Active Directory through Microsoft, you can force users to change their passwords every 30, 60 or 90 days.

Q. How does Tahola approach implementing data governance and security in the context of data analytics and data driven decision making?

We are not big data owners ourselves. We are the data stewards who know the importance of data governance. We work with our customers who have the data, so we collaborate with partners and their external partners that provide data to them.

We have a clear working data governance strategy agreement document in place that includes what we will do with the data and all the security processes and procedures that we will apply when handling their data, to protect their data.

We also train our employees to make sure that all employees know how to handle data and the importance of data security. And we recommend that each customer also do the same with their employees to make sure that the employees that handle the data and receive reports regarding the data know how important it is

On data driven decision making, as long as the employee who receives the report has the information that is needed to make the decisions, they can make those decisions accurately. That is why we need to make sure that the data is securely processed, and no one can interfere with that data that ends up in the reports.

Many of our customers have bursts of reports that could be going to their front of house staff, or different staff members within the business. So, one of the goals of data governance is making sure that they understand that this is governed data and to keep it secure and not share it with other people is really important.

A long time ago, everything was emailed out so you could, if you had access to someone’s emails, create a history of the financial performance of that company from all the reports that they received in their inbox. Nowadays it’s a lot more secure: Your report is ready. You log into our reporting solution to see your reports and see your numbers.

Q. Can you discuss any best practices or strategies for ensuring the security and integrity of sensitive data within an organisation?

Firstly, implement access control. You don’t want anyone accessing information that they should not have access to. For example, you don’t want anyone from the operations accessing personal information that should be tied down to your HR department. So, to do that, you can use access control.

Secondly, the data needs to be stored securely in a database server. A data lake that has strong passwords. And again, you can use two factor authentication too, for additional security.

Q. Do Tahola manage this for their customers?

Yes, we help with the setup of the infrastructure, but the choice of how strong the passwords need to be, whether you have an eight character or six character numbers, special characters, that is all down to each customer’s own policy.

Q. How do you handle data governance and security challenges that arise when working with external partners or vendors such as data sharing agreements and compliance requirements?

Good data governance requires strong data governance frameworks and data sharing agreements to clearly define terms of the data sharing between data users in writing. It should include how the data will be used, who will have access to the data and how the data will be protected.

The agreement should protect you from a legal standpoint. You should review the agreement regularly to make sure that it is up to date and meets the requirements for your partnership with whoever you’re sharing your data with.

Then, you should regularly monitor who is accessing your data. And see if it is correct. Do you have the right people there? Are there people that you shouldn’t have access? It is also important to comply with the regulatory requirements such as GDPR and the UK corporate governance code if you are a public traded company.

On a final note, when you access data that another company is sharing, there is always terms and conditions that you need to read and agree to. It’s important to read the terms and conditions. Don’t just click agree – know what you are agreeing to.

Watch the full LinkedIn Live session here. If you have any further questions that you would like to ask Shan regarding Data Governance Best Practices contact Sales & Enquiries on 01442 211122 or email