Offensive vs. Defensive Data Strategy: Why Not Both?
It's widely accepted that an organization must make trade-offs between offensive and defensive data strategies because there are limited resources; we disagree.
In the Data Management Body of Knowledge, Data strategy is defined as a “set of choices and decisions that together, chart a high-level course of action to achieve high-level goals.” Data strategy sits at a critical spot within any organization: you’re defining what you’re going to do with data to reach the business outcomes you want to achieve. In doing so, you must take into account things like your regulatory environment, current infrastructure, and the limits on what you’re able to do with data.
In an article published in Harvard Business Review, the authors view data strategy as having two styles: offense and defense. Offensive data strategies focus on getting value out of data to build better products, improve your competitive position, and improve profitability, while a defensive data strategy is focused on things like regulatory compliance, risk mitigation, and data security. An organization must make considered trade-offs between offense and defense, the authors propose, as there are limited resources available and attempting to accomplish all of your offensive and defensive goals is akin to having your cake and eating it too.
Here’s the thing: we disagree.
The Harvard Business Review article was published in the spring of 2017, before the privacy regulations we know and love today were in effect, before 2020’s massive shift to the cloud, and before data solidified itself as the critical new trend. The world has changed since then, yet this viewpoint is still echoed by leaders in the fields of data governance and data management as true. It’s time to take a step back and refresh our thinking. Here’s what we know:
Offense is now much easier
Hardly anyone knew the name “Snowflake” in 2017, and in 2020 the Cloud Data Platform became the largest IPO by a software company in U.S. history. They did so by offering a simple way for organizations to store and analyze huge amounts of information. They’re not alone, either. Companies like Fivetran and Matillion make it easy to load data into cloud data platforms like Snowflake, while those like Thoughtspot and Looker allow you to extract value from data within those platforms. With the shift to the cloud, it’s easier than ever to implement an offensive data strategy. Unfortunately, new and increasing privacy regulations mean your focus is forced elsewhere.
You must focus on defense
The Harvard Business Review article was right when it said companies in highly regulated environments must focus on defensive data strategies. What wasn’t accounted for in 2017 were the sweeping privacy regulations that have come into effect around the globe. Now, every company is a regulated company and must spend time and resources implementing a defensive data strategy to avoid the costly penalties that come with a data breach. So if you must focus on defense, is there a way to somehow get the best of both worlds?
Simplicity is the key
Defensive strategies must take a page out of the offensive playbook and implement tools for risk mitigation, data governance, and data security as simply as possible. If tools can be implemented as services, without requiring resources to install and maintain, your team can accomplish both your offensive and defensive goals. Further, tools that can mitigate the risk of credentialed threats through proactive security allow you to enhance your offensive capabilities by moving more sensitive workloads to the cloud and sharing data with more teams.
You can have both
You no longer have to make considered trade-offs between offensive and defensive data strategies. By implementing a defensive data strategy that mirrors the simplicity of your offensive tools, you can actually increase your ability to get value out of data. In this case, you truly can have your cake and eat it too.