An expert’s guide to data during Workday expansion
Organisations can choose to expand their Workday footprint for a variety reasons. From growth to streamlined operations, adding new modules and the functionality they offer is the natural next step towards business transformation.
Whilst resources, training and long-term planning are all critical considerations, data management and governance is a frequently overlooked but equally vital aspect of any expansion project. With 54% of data migration projects running over-time (Forbes), data is a cornerstone that can easily derail a project if not approached with care. Whether understanding composition or establishing robust data security protocols, let’s look at how you can best manage data to ensure Workday expansion success.
Look before you leap: Workday data migration planning
Workday expansion requires the consolidation of data from legacy systems and physical sources. But Workday requires accurate and valid data to deliver the efficient processes or agile insights that make Workday a powerful business platform.
Before launching any expansion projects, you need to understand the data that is held by your organisation and form a suitable migration plan to build a foundation for success while mitigating potential security risks.
At a high level (and covered in more detail throughout this guide), your data planning during an expansion project should be based upon:
Look before you leap: Workday data migration planning
It’s important to understand the composition of the data held by your organisation. However, with no single source of truth and sources spread across legacy systems, it can be challenging to understand if data contains sensitive personally identifiable, protected health or commercial information.
Failure to profile and classify data removes the ability to track access and oversee the movement of sensitive information.
Without this, data governance and protection is increasingly difficult, opening the door to unauthorised access or transfers and heightening the risk of security incidents. Some actions to ensure a solid understanding of data include:
Profile and classify data: Establish processes to profile and classify data, ensuring sensitive information is properly identified and managed. You should be able to break down exactly how data is composed.
Invest in technology: Use advanced data protection tools including automation to efficiently and effectively manage and safeguard sensitive information.
Partner with experts: During large-scale projects, the volume of data can be overwhelming. Specialists who understand data, regulation and Workday operations will be able to provide expert insight and help you to build a data migration strategy.
Ensure compliance and data residency
With an increasingly strict, varied and dynamic international regulatory landscape, adhering to data privacy and residency rules creates a complex set of restrictions for Workday operational teams.
In a varied and constantly changing regulatory landscape, frameworks like GDPR, CCPA and HIPAA set stringent requirements for the management and security of data. Additionally, 75% of countries have data localisation laws (McKinsey) requiring sensitive information to be stored within a specific geography.
Failure to implement correct data governance and controls during expansion projects increases the chance of damaging non-compliance incidents, and their associated fines, penalties and reputational damage. Some key factors to consider during expansion projects include:
Risk assessment: A thorough assessment will identify potential security threats, vulnerabilities, and compliance gaps. This should assess the risks associated with data exposure, unauthorised access, and regulatory non-compliance during migration.
Regulatory compliance: Align your migration strategy with regulatory requirements, conducting regular checks, and implementing controls helps to maintain compliance with applicable laws and regulations.
Access Controls: Limit access to sensitive data and resources by adhering to the principle of least privilege. Implement role-based access controls (RBAC) and conduct regular reviews and updates of access permissions to prevent unauthorised access.
Migrate to Workday
Organisations hold more information than ever before and as a result, the process of transferring this data can be a significant operational challenge. Unfortunately, pressing ‘copy and paste’ isn’t sufficient to guarantee success.
With Workday’s platform centered on leveraging data, inaccurate or incomplete migration can have a series of knock-on effects. Importing from legacy systems often means disparate data structures, requiring manual checks for consistency, formatting and type.
From broken business processes to inaccurate reports, ineffective data migration means Workday can’t function as the single source of truth, streamline business processes or deliver value for your business. Before and during your expansion project you should:
Plan thoroughly and set clear goals: Define the objectives and scope of your data migration project, aligned with business goals and with realistic timelines to understand desired outcomes and ensure business continuity.
Conduct a detailed data assessment: Evaluate data in legacy systems to identify data structures, identify poor quality information and map data to your Workday platform.
Perform comprehensive validation and reconciliation: Conduct extensive testing to verify the accuracy, completeness, and integrity of migrated data. This includes validating business processes and reports to ensure Workday functions as intended.
Maintaining Workday security integrity
While understanding and managing data is important, ensuring that data is being migrated to a platform with a strong governance and security structure is critical to maintaining data integrity and delivering expansion projects that meet their objectives.
With new modules and processes, more users, and increased change frequency, expansion projects bring heightened risk—even for stable and secure Workday configurations. Careful planning and coordination is key to ensure that expansion projects can be effectively completed without compromising security and compliance.
Managing change securely
Regardless of scale and scope, expansion projects bring volatility and frequent change to your Workday tenant. Despite Workday’s expansive security framework, interacting business processes and intersecting security groups mean relatively small changes can have wide-reaching impacts.
Unchecked configuration changes have the potential to alter privileged access, creating Segregation of Duties (SoD) conflicts. Without oversight, new data migrated in your Workday platform could be subject to unauthorised access and use. For example, workers viewing sensitive C-suite compensation or their peers’ benefits. Examples of best practice include:
Rigorous change management processes: Establish strict protocols for managing configuration changes to prevent unintended impacts on security and business processes. Ensure all changes are thoroughly reviewed and tested before implementation.
Strong access controls and monitoring: Regularly review and update permissions to maintain the principle of least privilege. Implement continuous monitoring to detect and respond to unauthorised access attempts promptly.
Regular security audits: Perform frequent audits to identify and address potential Segregation of Duties (SoD) conflicts and other security vulnerabilities. This helps ensure that privileged access remains appropriately controlled.
Granting access without sacrificing security
Workday configuration changes inherently bring more internal and external access to your tenant and the data within. Whether this is through your operations team, implementation partners or third-party contractors, elevated access is a necessity for testing and quality assurance.
Balancing appropriate access requirements with data security can pose a serious challenge due to the manual, error-prone nature of manual security reviews. However, failure to properly review existing and new users’ access at a supervisory organisation level can lead to incorrect permissions. Conversely, failure to grant access to critical data can reduce the ability of teams to ensure functionality, creating bottlenecks, delaying projects or reducing the operational effectiveness of your new Workday deployments. Some key considerations include:
Regular user access checks: Conduct frequent audits of both existing and new users' access to ensure permissions are correctly assigned and aligned with project needs. This should also include regular reviews of proxy users supporting your projects’ testing phases.
Access management tools: Leveraging technology can help to proactively manage and review user access permissions, reducing the risk of errors associated with manual security assignments and ensuring appropriate access levels are maintained.
Establish an access approval process: Create efficient processes for granting access to critical data, ensuring that teams can maintain operational effectiveness without unnecessary delays or bottlenecks.
Stay secure with automation
Implementing rigorous controls is central to data security and compliance during expansion projects and for your future Workday operations. However, manually monitoring and controlling data access during periods of change creates a constantly moving security target when teams should be focused on ensuring the success of your project.
Using automation during expansion removes the burden of repetitive, manual tasks from project teams and SMEs, allowing them to support this critical stage of your Workday journey.
Cutting through the complexity of new users, greater tenant access, and activity tracking across multiple tenants, automated solutions allow teams to proactively identify and mitigate risk. Additionally, they help you to efficiently balance the conflict between elevated access requirements and stringent data security needs, so you can deliver projects on-time effectively and securely.