Last week I attended the First Workshop on Enterprise Data Value and Data Insurance hosted by Dr. Jim Short at the San Diego Supercomputer Center on the campus of UC San Diego.
Below is a summary of the three main sessions of the day, including my own thoughts on next steps based on conversations that surfaced during the workshop.
Session 1: Valuing Enterprise Data
This session set the stage for the day, introducing the Architecting for Value research that was kicked off in 2015. Two long term goals were highlighted:
- The desire to understand data value business processes that are emerging in the industry .
- The desire to understand any impact that data value has on IT architectures.
The research approach was to (a) review publicly documented valuation activities, and (b) generate a survey about data value to be used in 1x1 enterprise interviews. During the morning session the workshop covered information about 5 different use cases that surfaced as part of the research: M&A, Bankruptcy, Monetization, Data Sale, and Data Insurance. One of the observers noticed that many of these use cases were a result of "trigger" events: valuation as a result of a specific circumstances and not as a standard business process.
There were additional lightning talks during this session which focused on top-down approaches to value (i.e. from the business side) versus bottom-up approaches to value (i.e. from the "data" or "infrastructure" side). In addition, the concept of evidence-based value was introduced: can we delete or eliminate data based on evidence of its value (or lack thereof)?
I felt that this session was eye-opening for many of the workshop attendees. They were unaware of the breadth of valuation activities and a bit overwhelmed at how to approach the overall topic.
Potential Next Steps: There was a suggestion in the workshop to create a "Data Value Taxonomy". This would give the community a chance to begin working together and be thorough and precise in the group's understanding of Data Value. This taxonomy would essentially be a "graph" or "map" of industry use cases related to Data Value.
Session 2: Insuring Data
The second session of the day was a drill-down into a specific data valuation use case: data insurance. The session was co-presented and both speakers approached data insurance from a different angle.
Here are some of the highlights that I jotted down:
James Patterson (AIG):
- strong focus on payouts related to data breach
- If you want to know the value of stolen data, visit the black market and see how much is being charged! Common amounts are 50 cents per credit card number and 40-50 dollars for an electronic health record.
- Cyber-insurance settlements include payments for identity monitoring, 3rd party liability/lawsuits, regulatory fines, etc.
- 1999: Underwriting involved IT controls and security assessment,
- In recent years assessment was dropped and a form-based questionnaire was adopted
- 2013 was the low point in cyber-insurance underwriting
- 40% of breaches involve data that the company doesn't need to keep!
- AIG has developed a six-question cost calculator for cyber-insurance
- strong focus on recovering from data loss
- radiology use case: X-RAYS stored in cloud, lost data means expensive re-X-ray process
- Premium payment means cloud provider relies on insurer to get the lost data back
- IT departments often can't keep up with the exposure
- Hans presented equations pertaining to data value and premiums
- Crime-as-a-service (who do you want me to hack; service will give a quote)
- Fixed indemnity policies: customer establishes the data value
- Idea of "reverse onus": insurance company is responsible for preserving and returning data on loss.
This session was wide-ranging and broad (similar to the first session).
One of the highlights of the session was James' comment on industry use cases: "All my stories end badly".
Potential Next Steps: Part of creating a "Data Value Taxonomy" would necessarily include data insurance. There is an opportunity for members of the industry to "drill down" on insurance-related taxonomies and write descriptive use cases that formalize the data presented by James and Hans.
Session 3: Automated Valuation Frameworks
The final session of the day focused on the second goal of the Architecting for Value research:
The desire to understand any impact that data value has on IT architectures.
There were two sessions that were "hands-on" in their approach and provided a glimpse of practical approaches to data valuation.
This session presented the trend that many companies are moving towards a consolidated "Data Lake" architecture in order to more heavily leverage corporate data. The journey towards a data lake architecture can be augmented by simultaneously preparing for data valuation. A three-phase Journey to Data Valuation was described, including:
- Leveraging the cost-savings approach of Application Decommissioning to tag data in terms of its potential value. This results in an "Active Archive".
- Augmenting the active archive with a production data lake that is likewise aware of data value.
- Adding automation frameworks that associate newly deployed applications (and their associated value) with underlying IT protection capabilities.
The presentation was a summary of earlier research results that were updated based on newer discoveries.
The day ended with a presentation from Mike Foley on how his data science team leverages a data lake architecture to produce value in his role as Senior Director of the Marketing Science Lab at EMC. The chart below was used by Mike to highlight the large variety of data used by his team to produce enterprise value.
Mike pointed out that several of these data sources are purchased. This raises the question of how much "value" is produced by the analytic results, and whether or not this value is commensurate with the cost of the data purchased.
The workshop attendees appreciated this session because it illustrated real-world industry use cases where "the rubber meets the road" for data value. The session contained both systems thinking and actual use cases. Having a final session focused on industry best practices was a great way to end the day.
Potential Next Steps: Describe the system thinking and real-world solutions that can be applied to solving the use cases that emerge from the data taxonomy exercise. Focus on specific data value use cases (e.g. data insurance or data monetization).
Overall, the workshop attendees were pleasantly surprised by the unique approach of blending the broad topic of data value with a specific use case (data insurance) and systems architecture, and it was agreed that it would be wise to follow this pattern in future workshops. In particular it was mentioned that data insurance is an excellent use case because the value of data itself is intrinsically tied to the protection levels of the underlying system architecture.
I will continue to post specific insights from the workshop on this blog and will also announce the dates of any future workshops as well.