Data Strategy – Offense vs Defense

In a recent endeavor to produce a data strategy for my current client, I found myself trying to reconcile the values of the data management function with the C-Level business objectives. How exactly does one produce a data strategy that keeps the data stewards, legal team, and governance authorities happy – while at the same time providing a blueprint to help drive revenue, sales, etc., through the use of data analytics? The answer is – it’s not easy!

Hit with this conundrum, and frantically testing the bottle of Google’s PageRank Algorithm, a particular article in the Harvard Business Review fell in my path. Entitled “What’s Your Data Strategy?”, Leandro DalleMulle and Thomas H. Davenport, two well-respected minds in the data sphere, offered a fascinating approach to taking on this challenge. I will attempt to explain it in my own words and from the standpoint of my own experience.


In their framework for producing an effective data strategy, they conceptualized the notions of Data Defense and Data Offense. The former pertains to minimizing risk through adherence to regulatory mandates, emphasizing data high data quality, provenance and control, as well as a general mindset of robustness over flexibility. The latter describes activities and goals that align with the high-level objectives such as marketing and sales executive dashboard creation, advanced analytics, developing new products using existing data or through new data sources. It also demands more flexibility from the data management capability.

Admittedly, this was an eye opener for me! Why? Because I always strived to achieve an equal balance between the two. After all, why not? Shouldn’t every company have a 50/50 split of data offense and data defense? As Leandro and Thomas pointed out, not necessarily. They referred to constraints and dependencies such as the regulatory environment of the company’s industry, the business strategy, the maturity and capability of the data management practice, and of course – the budget for data-related development. They effectively suggested (and this is where the penny really dropped) – let these dependencies drive where exactly the data strategy should sit on the data defense – data offense spectrum! So far so good. But how exactly does one quantify a company’s position on the spectrum? Read on..

The approach they offered, and I think it’s a very good approach, is to use a questionnaire with yes/no answers. Each question describes an activity which typically leans more towards data offense or data defense. The questionnaire will be structured differently depending on the company, but an equal mix of data offense/defense activities must be present. 16 questions were listed in the one presented, out of which 8 activities that are deemed the most important to the business must be chosen. Of course, some of the questions didn’t really apply to my client, so I changed the wording in some and added more, resulting in a total of 20 questions of which 10 were to be selected. It’s not entirely known how scores were calculated in the original tool, but in my questionnaire each activity was categorized as offensive or defensive and a score of 1 attributed accordingly. Here is the resultant questionnaire post-editing:

    ObjectivesYes / No
    Improve data quality
    Develop analytics and digital capabilities
    Reduce general operating expenses and streamline business processes
    Meet industry data regulatory requirements
    Lock down internal systems with sensitive data to only those who should have access
    Prevent cyber attacks and data breaches
    Monetize the value of the company’s data and/or use internal data as a product or service
    Optimize existing analytics capability
    Improve IT infrastructure and reduce data-related costs (number of databases, etc.)
    Improve revenue through data-driven insights and opportunities
    Use sophisticated, real-time or near real-time analytics for business
    Mitigate operational risks such as data breaks & bugs, fraud, etc.
    Standardize multiple sources of the same data and information
    Leverage new sources of data, internal or external
    Create new products and services
    Ensure master data, e.g. Jobs, is standardized across all systems and databases
    Create scalable auditing, data provenance, alert & notification system
    Respond to internal change in a timely manner – more flexibility
    Ensure and maintain high data quality in the source systems
    Create senior management-level dashboards to quickly analyze high-level operations

    After collaborating with and seeking input from the COO, we obtained scores of Data Offense (3), Data Defense (7). What does this mean? It means that at present, the data strategy should be more aligned to data offense – but only just. This is very useful! There will still be a heavy focus on the more defensive, risk management-based data operations. A graph like below can be easily produced using the results and would work well in any data strategy progress meeting.

    In conclusion, it’s difficult to produce a data strategy without first considering the overall, holistic position of the company. The nature of the business as well as the regulation of same, the data budget, existing data capabilities as well as the company objectives need to be considered first. One way of capturing this information is to collaborate with senior management and use the described questionnaire as a guide. Over time, the business objectives and other factors could change. It’s therefore important to review the data strategy as appropriate, which might mean performing the questionnaire exercise again.

    Huge thanks to Leandro and Thomas for sharing this concept with us. If you enjoyed this post, please leave a comment below and don’t forget to follow me on Twitter and subscribe to my YouTube channel.

    Share this post

    Share on twitter
    Share on linkedin
    Share on email

    Also by Jonathan:

    5 1 vote
    Article Rating
    Notify of
    Newest Most Voted
    Inline Feedbacks
    View all comments
    Would love your thoughts, please comment.x