Willem Koenders is a global leader in data strategy at ZS Associates with 10 years of experience advising leading organizations across all continents on how to leverage data to build and sustain a competitive advantage. He is passionate about data-driven transformations and a strong believer in "data governance by design." His views are his own.
Deliberations about defining your data approach often revolve around an offensive vs defensive data strategy. Here, an offensive strategy is focused on driving positive outcomes through increased revenues and profitability or by providing an enhanced customer experience. The primary objectives of an offensive data strategy are typically tailored to the product or business side of the organization, prioritizing AI and analytics use cases to drive superior commercial or financial outcomes.
On the other hand, a defensive strategy focuses on preventing negative outcomes. Here, the key objectives often stem from legal, accounting, and regulatory considerations. Such a strategy aims to reduce risks by focusing on compliance, governance, and security capabilities.
In their near-seminal article, “What’s Your Data Strategy?,” Leandro DalleMule (Chief Data Officer at AIG) and Thomas H. Davenport (Professor at Babson College and Senior Adviser to Deloitte) outline a framework for companies to decide how to choose between an offensive vs defensive data strategy and how to balance control and flexibility. In DalleMule and Davenport’s work, they describe a data-strategy spectrum, which illustrates how different industries play out their defensive and offensive strategies.
The main implication is clear: you cannot have it both ways.
One must choose between an offensive vs defensive data strategy. DalleMule and Davenport emphasize this by pointing out that “defense and offense often require differing approaches from IT and the data-management organization” and that “determining an organization’s current and desired positions on the spectrum will force executives to make trade-offs between offensive and defensive investments.”
I am afraid I have to disagree—at least to some extent. Although you cannot be fully offensive and fully defensive simultaneously, you can enable offensive and defensive objectives through several foundational approaches involving an intelligent use of technology that enables data products through a data mesh architecture.
With Hevo, you can seamlessly integrate data from multiple sources into any data warehouse, ensuring your organization has a unified view of its data assets.
Why Use Hevo for Data Warehouse Integration?
- No-Code Platform: With Hevo’s user-friendly interface, you can easily set up and manage your data pipeline without any technical expertise.
- Broad Source and Destination Support: Connect to over 150+ sources, including databases, SaaS applications, and more, and load data into your preferred data warehouse.
- Real-Time Data Sync: Keep your data warehouse up-to-date with real-time data flow, ensuring your analytics are always based on the latest information.
Get Started with Hevo for Free
A Different Perspective: Sports Analogy
Before diving into those capabilities, let’s use a sports analogy. We can use a variety of examples, but let me take soccer (or football, sorry!).
As a soccer coach, you have limited time to practice, limited resources to attract players, and a limited number of players you can field for every match. If you include an extra defender in the lineup, it will come at the expense of a more offensively-minded player. If your game plan is to apply pressure high up the field to recover the ball as quickly as possible, you cannot at the same time hang back to rely on your defense.
Yet there are many elements to a soccer strategy that enable you to achieve both offensive and defensive objectives. Ensuring the team has the right, dependable, high-quality equipment (e.g., cleats) will help defenders and attackers alike. Both offense and defense would be supported by a fitness regime that drives expanded stamina, team-building efforts that ensure that individuals act as a tight-knit team, and actionable insights from health analytics and opponent intelligence.
Even from an actual game strategy perspective, you can configure the team in such a way that the team players can be defensive- or offensive-minded depending on what the game asks for (i.e., attackers with defensive duties and defenders with attacking roles). The team can be trained to be able to switch rapidly from attack to defense and vice versa (also dubbed “counterattack”).
Driving Both Offensive and Defensive Data Objectives
- Balanced Risk Management: Combining offensive and defensive strategies ensures that data-driven innovations are pursued while minimizing the risks associated with data breaches, compliance failures, or operational inefficiencies.
- Maximized Value from Data: Offensive strategies focus on using data for growth and innovation, while defensive strategies ensure that data integrity and privacy are protected, allowing companies to confidently leverage insights.
- Regulatory Compliance and Competitive Edge: A defensive approach ensures compliance with regulations, while offensive strategies enable organizations to stay ahead by using compliant data for competitive advantages.
- Improved Decision-Making: The combination of secure, accurate data (defensive) and forward-looking insights (offensive) enhances decision-making and enables smarter business strategies.
- Enhanced Data Governance: A defensive strategy establishes strong governance frameworks to protect data, while offensive strategies use this clean, well-managed data to drive business value.
- Agility and Trust: Offensive strategies can accelerate innovation, but defensive strategies ensure that data-driven initiatives do not compromise trust, providing a secure environment for continuous improvement.
- Long-Term Sustainability: Driving both strategies ensures long-term sustainability by fostering a culture of innovation while maintaining a strong defense against evolving threats.
The Pivotal Role of Data Architecture in Defining an Offensive vs Defensive Data Strategy
It is really the data architecture that needs to be emphasized the most.
In their article, DalleMule and Davenport spend a lot of time and effort outlining the concept of a single source of truth (SSOT) and multiple versions of the truth (MVOTs) and how defensively oriented companies will favor SSOT and offensive ones MVOTs.
The argument goes that SSOTs allow for tight quality and governance controls and, therefore, stability, reliability, and decreased risks, whereas MVOTs “result from the business-specific transformation of data into information” that provide flexibility and drive value for specific business consumers. They conclude that the “CDO must determine the right trade-offs while dynamically adjusting the balance by leveraging the SSOT and MVOTs architectures.”
It appears that this conclusion overlooks the growing body of knowledge surrounding data meshes and data products. As I had previously written, data products specifically emphasize formal, fit-for-purpose quality controls so that a multitude of downstream consumers can use them for their respective use cases.
In fact, it is specifically the defensive-oriented components of data products, such as an accurate and transparent description of the data, its provenance, and quality considerations, that enable offensive-minded consumers to find, trust, and indeed use it.
Data mesh then enables local or domain-based teams to govern the data that they know the best while facilitating access to the rest of the enterprise through a set of interoperability standards. It’s quite literally a defense-enabling offense.
How MDM supports offensive and defensive data governance?
Offensive Data Governance (MDM):
Master Data Management (MDM) helps drive innovation by ensuring accurate, consistent data across the organization, enabling data-driven decision-making and strategic initiatives. It supports offensive strategies by improving data accessibility and insights for new business opportunities.
Defensive Data Governance (MDM):
MDM enforces data quality, security, and compliance, ensuring that data remains accurate, secure, and adheres to regulations. It supports defensive strategies by mitigating risks related to data breaches, inconsistencies, and non-compliance, thus safeguarding the organization’s data assets.
Conclusion
I’ve personally studied (and helped write) data strategies of 50+ leading global companies across banking, insurance, CPG, and retail. Although the tide is changing, it is remarkable that almost none of them call out data architecture as a central, enabling theme.
It is not a zero-sum game—you no longer need to choose between an offensive vs defensive data strategy; that is to say defense doesn’t have to come at the cost of offense or vice versa. An intelligent data architecture can embed foundational data capabilities “by design” into the enterprise infrastructure, which will enable a formidable offensive and defense at the same time. It’s almost as if you’d have some extra players on your soccer team.
FAQ
When should offensive strategies be used versus defensive strategies?
Offensive strategies should be used when an organization aims for growth, innovation, or market expansion. Defensive strategies are used to protect against risks, maintain security, and safeguard assets.
What is the difference between offensive and defensive data strategy?
Offensive data strategy uses data to drive growth, innovation, and competitive advantage. Defensive data strategy focuses on securing data, ensuring compliance, and mitigating risks.
Why is defensive strategy important?
Defensive strategy is crucial for protecting sensitive data, ensuring compliance, and maintaining customer trust. It minimizes risks related to security breaches and regulatory violations.
Willem Koenders is a global leader in data strategy at ZS Associates. He has over 13 years of experience advising leading organizations across all continents on how to leverage data to build and sustain a competitive advantage. He is passionate about data-driven transformations and a strong believer in data governance by design.
