Data 101: Understanding the information that drives your business

By Lazar Radenovic, Head of Technology, Obsidian Solutions

Published: 14 October 2016

Imagine walking into an investor meeting armed only with an iPad and the confidence that no matter what happens you are ready.   Imagine that regardless of what portfolio or account question you are asked the information you need is at your fingertips. Then imagine if you didn’t have to worry about what would happen if you lost or misplaced a client file with private information, or if a compliance officer comes knocking.

In this perfect world scenario, you would not only get the wow factor from your investors, but more importantly, you would confidently and consistently present accurate information while significantly cutting operational and opportunity costs.

So what’s stopping all organizations, large and small, from achieving this data efficiency Nirvana? The truth is that it isn’t only the lack of adequate solutions.  There is that, but the bigger problem is that we, as an industry, have failed to keep up with best practices in terms of data architectures and rarely do we see asset managers build the types of foundations required for excellent security and high levels of efficiency.

Having spent most of my career running teams that deal with complex data problems across a variety of industries, I can say with a certain degree of confidence that there is no silver bullet solution to this problem, no magic wand that makes everything click.  On the other hand, there are a set of best practices that you as an investment manager can follow, and by asking the right question you can lead your organization in the right direction.  After all, with today’s technology advancements, if you are standing still you are actually moving backwards and becoming less competitive by the day.  So if at times this article feels too techy, that’s a good thing, as the goal of this article is to bridge the gap between key tech concepts and sound business decisions.

The first thing we have to cover off is what most of you already know.  Not all is data is equal, and shouldn’t be treated equally.  For example, having your organization invest a lot of time and money on making irrelevant accounting data rapidly accessible by mobile applications is not an effective utilization of your resources, neither is installing a high grade cyber security protocol to protect relatively risk free data.  The challenge is that there isn’t a set of guidelines that help non technical managers make quick decisions, and at times going to IT vendors can feel like a trip to the mechanic. 

Having said that, if we break the decisions down into four fundamental categories of Security, Accuracy, Accessibility, and Longevity, you will be far better equipped to identify what is important to you and what course of action is appropriate.

To do so all you need to do is ask yourself the following four questions when evaluating a particular data set:

1) “What will happen if this data falls into the wrong hands?”

If the answer to this question makes you shiver, then security should trump all else.  Not to say that security should prevent any of the other three categories from being implemented properly, but it should definitely influence how each problem is solved.

For smaller organizations, data security is as much about common sense as it is about company policies and security procedures.  After all, most security breaches happen as a result of simple human errors, and sharing information with third parties who will make those errors.

“Encrypt everything!” That’s my moto.  Today’s encryption is cheap, easy to use, and difficult to crack.

With a simple encryption policy, you can alleviate a lot of your concerns, and focus on protecting your systems, and by extension your encryption keys instead of worrying about leaks at every step.

It is important to understand that your data is at risk both at rest, i.e. while on your computer or phone, and in transmission, i.e. when you are sending it by email, webpage, or file sharing applications.

At rest:

Consider this; if your laptop was stolen today or your offices infiltrated, the thieves would likely have access to a wealth of data that would either compromise your investors immediately or provide them with enough ammo to penetrate your secure servers soon after.

Surprisingly this very real risk generally gets overlooked more often than not, and it’s by far the easiest one to address.

Instead of relying on outdated policies like “employees shall not copy sensitive files to their computers” that aren’t enforceable and more to do with blame allocation than risk reduction, try and find out if all of your co-workers have enabled BitLocker (Windows), or FileValut (Mac).

These are very simple to use tools that encrypt your entire drive, and if your computer was to be stolen or your office broken into, you net loss would be the cost of the hardware! For the thieves looking at your data would only see a random blob of information.

The best part; it’s free, it takes very little time to setup, and costs almost nothing to maintain.

In transmission:

The only things that you need to know about the TLS 1.2 encryption algorithm is that it would take a super computer years to crack and that it’s the standard for encrypting communication.  Make sure that your email provider and any site you are about to share data with is using TLS 1.2. 

Steer clear of unencrypted FTPs when sharing secure files. When it comes to FTP transmission, always look for the magic “S” either at the front or the end of the connection type (SFTP, or FTPS).

Aside from encryption and protecting your systems, to minimize risk further you need to know that your counterparties are playing by the same rules.

2) “What will happen if I get the numbers wrong?”

Naturally it depends what kind of information you are working with.  If it’s a back of the napkin model, then your exposure is not very high, on the other hand if you are striking a NAV, well, let’s hope you know the answer to that question! The number one source for inaccuracies are mistakes caused by manual data entry, and logically by reducing steps at which humans retype data, we can significantly improve data quality (and lower long term costs!)

Tools like Excel are so extremely powerful that they often lead to overuse and overreliance.  Essentially Excel makes us all into programmers.  Each sheet allows us to weave cells with complex formulas and generate results way beyond the point where we can spot inaccuracies by eye.  Every time a cell is updated we essentially launch a new program with very little or no actual quality assurance procedures.  Something unheard of in software development. 

While I’m a huge fan of the speed at which Excel can accomplish almost anything and often times argue against transforming flexible Excel worksheets into ridged computer systems, I’m also wary of how error prone data sets in Excel can be.  It’s always good to ask yourself; is the data set calculation repeatable, consistent, and does accuracy matter?  If the answer is yes, then you should perhaps look at automating the model with stricter software controls.

3) “What will it cost me to make this data rapidly accessible?”

Effective data accessibility is the key to the future competitiveness in this industry, as it will both; drive costs down by commoditizing and automating manual processes, and increase business intelligence and competitiveness through data mining.  For pure business efficiency reasons, we should naturally want all data as rapidly automated and accessible as possible, so long as the cost, which includes the cost of security compromises, is acceptable. 

For example, something simple like advisor codes for subscriptions and redemptions that you may think should live in some archive in a back office system, could very much give your business a new way of improving sales.  Imagine if there was a business intelligence dashboard that could plug into those numbers, show you visually which advisors are selling or buying your funds, cross reference against postal codes and your outbound efforts, and surface phone numbers for inactive advisors that your sales reps can call and prod along.  The competitive edge becomes clear; the only factor is at what cost can this be done? 

One of my projects many years ago was leading a team that helped The Home Depot structure their data set, normalizing information from thousands of suppliers, with hundreds of thousands of products, and millions of seemingly unrelated attributes, while making all of this accessible in a split second to the consumer on the web or in the store!  We had huge budgets for this, but the point is that everything is doable, and the good news is that the investment industry by comparison has a relatively constrained data sets which makes data strategies far more accessible to fund managers today.

In this context you should look at prioritizing maximum benefit for minimal cost and start from the top.  Depending on the size of your organization and technical expertize, there are a number of free databases that can be implemented internally, with the key to data access being a layer of web services, essentially tools that securely and efficiently distribute your data to any program that needs them, even your Excel sheets!

4) “What will happen if I lose this data?”

With storage space costing what it does today (virtually nothing), it may seem like an obvious choice to keep backups of almost everything, but remember, with every new backup location you have a new security concern! The basic “offsite” backup strategy can consist of something like Microsoft’s OneDrive, DropBox, or Box, while more complex strategies will ensure that even file changes and deletions can be reversed. The key is to understand what is acceptable in terms of data loss, are people allowed to permanently destroy information, and what are your procedures for retrieval when you have an emergency.

The number one recommendation I give companies regarding their backup strategies is to find out if they work before they need to use them! Simulate an emergency where you need to recover files, and see if your backup system can deliver. Hopefully by asking yourself some of these questions you will have answers to a few more of your day to day and long term challenges.  As one of our clients put it, the thing every asset manager wants most is more hours in a day.  Making your data work for you may just help you get that, and more.

lazar@obsidiansi.com
www.obsidiansi.com