Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm lead advisor and senior analyst with KuppingerCole analysts. My guest today is Paul Fisher. He is senior analyst with KuppingerCole as well. Hi Paul.
Hi Matthias. Good to be back.
Great to have you again. And this is again for very good reason. You've just completed a Leadership Compass. So a document comparing different vendors and products and services around the topic of data governance platforms,
Actually just to correct your slightly, Matthias, it's a market compass not a leadership compass, but that's a good point. So maybe we start with the comparison of both. What is the difference?
Well, yeah, we should maybe tell people what the difference is. Well, the leadership compass is a much longer, more comprehensive report where we, we take a market sector or a product sector, and we rate sometimes up to 20 vendors in that sector. But the real difference between the leadership compass and the market compass is that a leadership compass is also has a lot of scientific ratings applied so that we then get our leadership ratings and followers and challenges in the ratings charts. Whereas the market compass is, well, I wouldn't say it's subjective so much, but we, we look at the market, the trends in the market, and then we look at each individual vendor and give them a writeup on their technology. And then we give them strengths and weaknesses, but also aspire to chart on how well they address some capabilities. So, but I mean, that's also in the leadership compass, but the real difference between leadership compass and the market compass are the big ratings that we do in the leadership compass. So if you're even more confused than you were before, about the difference, and maybe just have a look on our website at some of the leadership campuses and market campuses, you'll see the difference, but data governance is definitely a market compass,
Right? So it's more for the, for the quicker reader who wants to get a comprehensive overview over the market without drilling too much deep into the individual strengths and weaknesses of each product based on these comprehensive ratings, as you said. So it's also to learn something from that. Yeah.
And we also, with the leadership compass, we'll send the vendors very long questionnaire, which forms the basis of our data analysis. So that that's how we base the scorings on, for example, their financial strength and their innovation or market leadership and all those things. But yeah, the market compass is kind of like, I guess, a quick, a quick guide to the market. So if you're in the market for a data governance platforms, then we, you know, you'd get a good overview of what's available, which well, we hope we hope that the people do. Yeah.
Right. That's the point. So if we go back to the actual market segment that we're looking at and where people can learn from, from the, from the market compass that you've written, what is this market segment? What should I think of when I think of data governance platforms? What are they useful for?
Yeah. Well, data governance sounds very scientific and technical, but actually it's really about keeping control of data. We, we have two types of data in, in most organizations structured and unstructured. So structured data is kind of what you would find in as traditional database or even in things like Excel files. So the data is organized and it is attributed and it's easy to find where it is and what it is in the data that you want. The, the growth of unstructured data has really happened in the last, well, probably since the internet sort of occurred and unstructured data is data that sits in word files. It might sit in email, it might sit in a messaging chat, and it's basically any kind of data that just floats around the organization. And quite often, those organizations are not aware of, of this data. They're certainly not aware where it is and they're not really aware of what it could do for the business.
So that's, that's the difference between structured and unstructured data. So a data governance platform basically is there to make sense of all this because to do this kind of thing manually, if you were to try and find all the unstructured data across your organization, that would probably be impossible and would take for ages. So a data governance platform confined, well, some of them will work with both types of data, unstructured and structured, but the ones some will work purely with unstructured data, and then they can discover where the data sits across your enterprise. And don't forget also these days, your enterprise is not just the traditional infrastructure that we would consider to be the sort of the, the organizations HQ your enterprise now extends right out to people on endpoints, extends to your vendors, increasingly extends to customers. So all of those people are creating data on a daily basis.
And one of the things that we discovered when we were doing the data governance market compass was it's not, there's two, two sort of main drivers for data governance. One, one is in the, in the clues, in the word governance, the danger is that some of this unstructured data will contain confidential information, or it might contain personal identifiable information. So you might have people's addresses, you might have their date of birth. You might even have government numbers such as their hospital number or social security number. And that might be sitting. Someone may have pasted that doc information from a structured file, pasted it into a word document, or even into an email and then send it to someone else. So suddenly that data is at risk. So because of things like GDPR and all the other privacy legislations, which are popping up all over the world, plus the security legislation that always exists there's if, if this unstructured data is lost, then the company would be viable, probably defines and loss of reputation and all the stuff that goes with that.
So that's one, one side of it. That's kinda like the, the negative positive, but the positive positive is that data governance is as is, could also add value. So the better the data governance platform is the more likely it can find information and data, but then use analytics to add value that data. So you might find, for example, you have, I dunno, right? A cluster of emails from angry customers in let's say stood guard, just, just do cause for example, cool. Which you wouldn't know that there is a problem in Stuttgart, if you hadn't collated all that information. So these people might be sending emails, they might be sending angry statements on your social media channels as well. So by collecting that data, you can, you can then analyze you and they go, whether there is a problem here, why have all these people instant got, decided to complain about our services and then you can take it from there. So that's just one example. So, but it also would then help the positive or that side would be, if it was a, a product fault or, or service fault, then you can do something about it and improve the product. So data governance is about traditional governance, risk and compliance, but it's increasingly about a business value as well.
That's a very long answer to your question there, wasn't it absolutely
Fine because, because it really explains the whole, the whole, the whole story, the whole journey of what such a such a data access or a data governance platform can achieve. So it's, it's discovery. It's understanding what this data is. It's maybe tagging it, it's rating it. It's adding risk to it, understanding how it should be dealt with if it's critical, if it's regulated or if it's just something that can be ignored. And, and finally then, as you said, use it also for additional purposes for evaluation for analytics. Is this a, I understand that many organizations are the situation that they have to understand which data is flying around the organization and to get a grip on it. How is the market as of now, is it, is it a mature market? Is it the usual suspects say, I don't know, IBM Oracle, or is it about market for, for startups for, or both?
Well, actually it's, I wouldn't say it's a mature market. It may have been, it could be one of those markets that sort of what's mature until the growth, the explosion in and unstructured data. So it was fairly mature in structured data because that didn't really, you know, we had databases, Oracle, et cetera. Hadn't really changed the sort of 30 years or so, but what's happening. And I discovered is that we do have the likes of IBM Microfocus, SAP, Varonis, et cetera, who you might say are the sort of more established players. But recently we've seen a company, for example, at big ID who I don't think even existed probably five years ago, but they've come into the market. They've got this incredible valuation, I think something billion dollar valuation. There's also a smaller company, like one touch.io, lipid ignite, et cetera. And I think the reason why the big ID valuation is so high is because they're adding some elements of AI in, into the analytics and the search function.
So they're adding that extra level of, of meaning to, to the data. Plus I just think that, I think it comes back to the business value thing that businesses are realizing that the data is their sort of lifeblood and within the data that's flowing around their business is could possibly be the answer to market problems or innovation or flattening some bottlenecks within the organization itself. So, you know, for example, a process might generate a lot of internal complaints or, and you might not know about that normally and so on. So it's definitely a area which I think is attracting a lot of interest from some of the bigger players as well now. I mean, some of the bigger it players, so the likes of Microsoft, et cetera, I thinking more about data governance. So yeah, it's kind of, it was mature. And now it's kind of not as mature because of this change in focus, but it's, we also have a number of vendors to watch, you know, within like I would name some names like blue tab, a, of a team oval edge and so on.
And even the company not, not normally associated with access governance. And that is SailPoint SailPoint, you know, as you know, is traditionally identity and access management vendor, but they have a, a product within their portfolio called file access manager, which is in itself a very, I mean, it's very cut down, but it is a form of access governance or data access governance. And that is perhaps a sign of, of, of maybe some future developments that access governance will be combined with access management as well. So you might be able to see clusters of data access going on within the organization and outside it, and you could see trends before, before they happen.
Right. And if I think of our, and we've mentioned that quite frequently in this series of podcasts, when I think of our identity fabrics concept, their data governance is one of the identity related systems or services. So this is something where I think this plays very well together, what you said. So having traditional access management, access governance towards usually structured data or resources or access to, and extending that towards unstructured data towards SharePoint, I don't know wherever data is actually stored. That makes perfect sense. When you want to have a bigger picture of all the types of data that are in your organization. And I think then these players make perfect sense here as well. Right?
Well, exactly. One of the things that we rated, the, the, the various packages we're in, in our spider, I mentioned at the start that we have a spider chart for each vendor where we rate them on a score for how well they, they, they meet capabilities. And in this one we asked, we, we G we judge them on how well they could find data in office applications, how well in chat and messaging, social media, PII discovery report, and how could they, where automation and AI report generation, that's something I forgot to mention. Report generation is hugely important. I mean, not only knowing where your data is, but also a report to tell you, and then to tell you what you could do with it. And then we also rated them on compliance, support and integration with cloud applications. So the social media and chat the messaging right now, not many of the vendors supported that, but some of the smaller and more innovative ones are certainly supporting that.
Cause they realize, you know, with this, with the growth of things like teams throughout the world, that there's there's data being generated there. And if you can't, if your data governance platform can't, can't see that you, you may well be missing out on that as well. Especially as, I guess we talk about customer identity, access and management, and that's one way that customers are being allowed into organizations through, through access, through things like teams. So the, the more you, the more you start looking at this area, the more kind of exciting it becomes because you realize it's sort of at the heart of digital transformation and, and the way that we're using data or, or, or not using data perhaps is a better way of describing it.
Right? So these data governance platforms are somehow a kind of answer of how to deal with these new platforms that we are dealing with. When we're talking about the cloud, talking about communication platforms like office 365 or others, and also the communication via social media and via these modern communication platforms like teams like slack, whatever. So they are really extending the reach of traditional governance towards that area. Did I get that right? And they use AI, of course, we use that buzz word at these ones.
Yeah. They're using well, they're using AI. I mean, it's machine learning perhaps more than AI, but it's still a way of automating processes and, and, and, you know, seeing patterns that you might not see yourself. One thing that is important is that while some of these, you could in theory, use one of these platforms and get going straightaway, but we Kuppinger would recommend that you have a data governance blueprint in place or an architecture. So you actually design how you want data governance to work and then get the platform to do that. But as I said, you could still use some of these and, and deploy them and they would start finding the data, but then you need some kind of framework. So, you know, who's responsible for data, what you're going to do with that data, when it is discovered, who's in charge of an action plan to perhaps, you know, do the reporting and so on you, you, you might need a data privacy officer, you might need someone to, to, you know, manage the whole thing they could be.
They don't have to be a data privacy officer. There could be data governance officer, or, and that would probably differ between different types of organizations. So smaller ones would probably just have maybe one or two people in charge of this. Large organizations would have huge, huge teams in charge of data governance. And it also depends on your business. If you're in finance or health, obviously the stakes are higher about data, data breaches, and data losses, because you're dealing with much more sensitive and important information. So, yeah, I don't think I mentioned the business glossary as well.
Some of these tools can integrate with a business glossary, which you know, which would be unique to each business. So you could have your policies and business policies in there. And then you can map data to the business glossary so that this data is affects what we do in auditing this, this data affects what we do in financial controls. This data affects our employees. And so on. I mean, a business glossary is another whole area of sort of business science. But if your data governance platform can integrate with that, that it makes it even more efficient.
Perfect. So this, this market compass then could be used for those who are interested after hearing this episode of the podcast to learn more about the market segment as a whole, and the individual product that you considered as relevant for this market compass. But when it comes to integrating that into an existing enterprise infrastructure, be it identity and access management, as we've mentioned, or in an overall data science data management platform and data governance as part of that, that could also be, or that, that can be two ways of extending the reach of such a platform and getting to a more comprehensive overall data management that includes governance. But what goes beyond that? So the document, as a understand, it's already available. It's online right now, right?
Yeah. It's been online for about a month. So obviously if you have a cooking show called license, you can download it straight away. If you don't, you can get, I think, a 30 day free trial, which gives you access to all our research. And yeah, it it's called well, it's just called market compass data governance platforms. So if you search for that, you'll, you'll find it. Yeah. That's,
That's perfect. And I would highly recommend it, recommend it because I've read it before we actually recorded, although I had the name or the title, the document type wrong, nevertheless, it's really a great work of research. So thank you Paul, for doing that and for giving that great insight. And I think you've mentioned that maybe as a final thought, getting to a, such a blueprint for, for integrating that into an overall architecture, that is something that should be aimed at very soon once, you know, the market, once, you know, what functionality and capabilities are there. And that, of course, it's something at least one, one short commercial break here and say, okay, this is something that, where, where we as advisors can support in getting to a bigger picture that integrates more than just one platform, but getting to the right processes, the right blueprint for achieving that. Any, any final ideas from your side, what was striking when creating that?
Well, no, what was well, th the thing that struck me most was how interesting the whole area was. And it's not a, particularly with companies like big ID that have taken this sort of dry and dusty area of data governance and turned it into something which is actually driven by a very easy to use dashboard and confined insights. And it, you know, it's, it's not just, as I said, right at the beginning, it's not just about avoiding fines and GDPR, et cetera. It's actually a business tool that can make your business better and it can make it run better. And it can, you know, potentially help you to innovate new products. You can, you can understand your customers better. You can understand your employees better. And of course your, your partners also, it's a way of just simply managing the, the, you know, we all create data every single day, just by writing emails and, you know, responding to chat, et cetera, you know, and then creating word documents, which we save on our laptops or PCs, or, you know, to give them the technical term, our endpoints.
And, you know, it's, it's a way of managing that so that we can certainly, you know, sift the wheat from the chaff. So we find the nuggets of gold in there and, and don't have to worry about the risks, but to be existing in a kind of blind state where, you know, this is happening and you, you know, that unstructured data is all around you, but you haven't got a clue where it is or what it means. So that, that was the most interesting thing for me was like, you know, this is actually sort of data in action. This is, you know, that cliche data is that is an oil, you know, quite often people say that, but it's not often that you get to see that this is actually true. And so when we Kuppinger talk about our identity fabrics and basing, you know, identity around organizations, it's also identity and data, you know, matching the two.
So identities get access to the right data that they need, and they know where to find it and so on. And the same that those identities or creating data that we keep, we can, we can manage that and, and, and, and organize it better. So, yeah, I, I, I, I'm looking forward to doing hopefully a leadership compass on this. There, there should also be in the pipeline more about creating a blueprint, a data governance blueprint from, from us as well. I'm not sure if we're doing anything at our big conference in September, but perhaps we are, but it's an area that we're, we're, we're definitely going to do more in. Perfect.
So that's really fascinating to hear that, because as you said, we, we, we often talk about technologies, but you've really pointed out the, the actual use of it and the, the, where it really makes sense within organization. And that is obviously the case for these data governance platforms. So thank you again, Paul, for being my guest today for giving that really fascinating insight into these platforms, the document is highly recommended. And as you said, there's more to come. So watch this space for, for more in this area. Any final words from your side?
No, I just, you know, as I say, recommend, take a rate. It's, it's not a huge document, as I said, it's a market compass. So it's, it's a fairly digestible read and then investigate some of these, these vendors. And, and like you said, we're also on hand to help people if they need advisory or any of this stuff, just give us a call. Great.
Thanks again. And looking forward to talking with you about this topic and other topics very soon again. Thank you, Paul, bye-bye.
