Striking a Balance Between Data Defense and Data Offense

Business Intelligence, data visualization, Software Development

What do you feel is most important for your business? Finding and exploiting information opportunities, or identifying and mitigating information problems? Data offense and data defense are relatively new concepts, brought into the limelight by the explosion of big data. Businesses are recognizing the many perks that come with almost limitless information, but prioritizing what your organization does with that information can prove to be a difficult task. Close your eyes and think of your favorite sports team. Don’t really get into sports? Just pretend you like your local football team for a second. While it’s true that a professional sports team can’t get by without both good defense and good offense, your favorite team probably has a reputation for being better at one than the other. It might have made a name for itself as a particularly high scoring side, or a miserly defensive unit might allow it to win despite not scoring a spectacular amount. In the same way, there’s no one road map to success for your organization when it comes to data strategy. Some businesses will lend themselves to building from a strong defense, others will do best to focus on offensive measures. Identifying where your business sits on the data defense/offense spectrum will guide your data strategy, ensuring that it provides the greatest amount of value possible. So what do you need to consider when striking a balance between the two?

Before we go too far, let’s have a look at what it is exactly that we’re striking a balance between.


Defining Data Defense and Data Offense

If we continue to allow ourselves lavish use of sporting parlance, data offense aims to put points on the board. It’s the use of data with the aim to grow your revenue; to support activities which aim to expand the company, to make it profitable and to increase customer satisfaction. Analytics, customer sales data, digital transformation and e-commerce information can all contribute to this end. Data defense, on the other hand, focuses on solving data problems or neutralizing data threats, and aims to reduce downside risk. Data security, quality, privacy, governance and compliance are all of paramount importance to any good data defense strategy. Ensuring that your business is compliant with regulations, detecting and limiting fraud, and building attack-proof systems are the order of the day. While there’s less of a focus on pushing your business forwards, data defense does ensure that your organization doesn’t go backwards. For a more in-depth look at the concepts of data defense and data offense, take a look at "What's Your Data Strategy?" by Leandro DalleMule and Thomas H. Davenport in the May-June 2017 issue of Harvard Business Review.


The temptation to attack

When data defense and data offense are discussed it’s likely that the conversation will quickly turn towards offense. The job of any company’s C-suite is to grow the business, and a strong focus on data offense allows for that. But pure offense is an incredibly high risk strategy. It shifts the focus away from things like good governance and security, meaning that your business could go backwards just as quickly as your offensive strategy allows it to go forwards. It’s important to realize that ‘offense sells tickets, but defense wins championships’, as University of Alabama coach Bear Bryant once said. Bear would tell you that in terms of football, good defense means that you’re not losing ground, allowing your offensive efforts to be far more effective. In much the same way, a solid data defense strategy will seriously lighten the strain on your offensive efforts. If data is well controlled and defined it is far easier to exploit. If it’s messy and disparate then your offensive efforts will be hamstrung. While it may not be the more fashionable of the two, data defense is no less important.


Finding the right balance for your organization

While every company needs both a data defense and a data offense strategy to succeed, the two will be competing for finite resources. While many companies will be best served by utilizing a strategy with a perfect 50/50 offensive/defensive split, many others will be better served by putting more focus on one than the other. Your organization’s data strategy may be dictated by your industry. Those that are heavily regulated will need to take a more defensive tack in the interests of self-preservation; not doing so could result in breaches of compliance that could cripple the business. The healthcare and financial industries are good examples of this. For organizations in ultra-competitive industries with less regulation, the focus will shift to offense. The only way to survive in such a climate is to continually find new customers and test new markets or to provide new products and services. The smart use of data allows these new opportunities to be identified and acted upon.

But most organizations aren’t so clearly demarcated, and herein lies the problem for those endeavoring to develop an effective data strategy. In fact, even in organizations that seem built for one type of strategy, the reality could be different. The Chief Data Officer (CDO) of Wells Fargo, Charles Thomas, actually aims to devote equal attention to both data defense and offense, despite operating in the heavily regulated world of banking (from What's Your Data Strategy?, HBR May-June 2017). The Canadian Imperial Bank of Commerce (CIBC) has a similar story. Establishing a Chief Data Officer role just a few short years ago, the first 18 months saw the company’s data strategy as a 90% defensive/10% offensive split. By the time Jose Ribau took over as CDO in 2015 he found that CIBC’s defense capabilities were sufficient, and has since moved to a 50/50 balance (from What's Your Data Strategy?, HBR May-June 2017). The C-suite of any organization must analyze the trade-offs between defensive and offensive strategy; they must carefully scrutinize the pros and cons of both, and form a hybrid strategy that best suits the needs of the business.


The realities of a hybrid strategy

In a perfect world your organization could simply choose between defense and offense and be done with it, because combining defense and offense brings up some unfortunate trade-offs when it comes to the management of your data. A dichotomy exists between the requirements of data within a defensive strategy and an offensive strategy; a defensive data strategy is best served by uniform, standardized data, while an offensive strategy is far more suited to dynamic, flexible data from a wide range of sources. The more uniform the data is, the easier it is to comply with regulations and control the security of the information. The more flexible the data is, the easier it is to identify and then capitalize on new opportunities as they come up. The creation of your hybrid strategy relies on input from those with expertise in both defensive and offensive strategy. A ‘complete’ C-suite data strategy team might look something like this:

  • Chief Analytics Officer (traditionally focused on offense)

  • Chief Data Officer (defense)

  • Chief Information Officer (defense)

  • Chief Executive Officer (neutral)

While their job descriptions will inevitably push them in certain directions, a balanced approach from each member of the C-suite is paramount in the successful development of a hybrid strategy. Rather than simply trumpeting their own cause, each officer should bring a hybrid mindset when offering their '2 cents' regarding strategy. While CAOs will quite rightly focus on the growth opportunities identified by their work, they shouldn’t forget that analytics plays an important role in detecting sources of data errors or security threats - things that are vital to a solid defensive strategy. While CDOs will always have a focus on regulatory compliance, there’s no reason why they can’t simultaneously search for something that benefits customers too. And while it’s a CIO’s job to ensure that a business doesn’t mismanage their information, they should also be looking to add value to that information wherever possible. As captain of the data strategy ship, a CEO must herd the C-suite cattle in the same direction. While the specific balance of defense and offense will change from organization to organization, the key word here is balance, whatever that may mean for your particular company.


Moving forward with your strategy

Whether you tend towards the Bear Bryant ‘defense wins championships’ school of thought, or the Vince Lombardi ‘the best defense is a good offense’ camp, the more focus you put on data strategy, the more obvious your organization’s particular formula for success will become. But this formula for success won’t be set in stone; it’ll change as your organization’s needs and circumstances change. Adaptability and pragmatism are the order of the day. The main point of all this is that you’ll need to execute both defense and offense at least well enough. Swinging too far one way will either stymie your organization’s growth, or open it up to (entirely avoidable) disaster. Like any professional sports team, it’s wise to first focus on developing your offensive and defensive fundamentals, and then building your greater data strategy from there.


Where does your organization sit on the data strategy spectrum?

Learn more about building a strategy for growing your organization.

Let's Talk