What is our primary use case?
For OneTrust, we [and the clients] use it not just for governance, but for GRC (Governance, Risk, and Compliance) purposes.
OneTrust has materials for compliance that can be selected or built into packages. They offer pre-built packages for compliance with HIPAA and other requirements. They also provide standard plans that make it easy to send reports with the necessary parameters.
The customers prefer OneTrust GRC for compliance, not just for Data Governance. In an enterprise, they have compliance teams, risk teams, and government teams. So, Information Axon and Collibra are targeted toward data governance teams, but GRC and compliance teams prefer to use OneTrust or Archer.
How has it helped my organization?
What is most valuable?
The business glossary is good. Workflows are also really good. But, for lineage and data classification, customers prefer to use Informatica or Collibra. These tools are more powerful and cover many data sources like databases, DLP, AI, and cloud environments.
Inventory management mainly stores information about all data sources in one place. Tools like Collibra, Axon, and OneTrust all provide a way to save a business glossary or inventory.
This allows anyone in the enterprise to easily find information about specific products or data elements. The relationship between business and technical terms is also saved within the inventory.
What needs improvement?
I believe the relationship between business and technical terms could be improved, as well as the focus on data discovery.
If we leverage the power of AI, we could provide more user-friendly outputs with relational insights between data. This is a core area for success. Any tool that focuses on data insights will add value. It's not just about linking clear data with clear business terms, but gaining insights is power and the key to success.
So, I would like to improve the business and technical relations within OneTrust Data Governance.
Customers mainly use OneTrust for compliance. For example, in Saudi Arabia, which is the top-selling country in 2023, there is a boom in data management investments due to digital transformation and government initiatives. They are heavily investing in data enrichment and data management.
To succeed in this market, OneTrust needs to invest more and check the requirements from Saudi Arabian regulations. There are around 200 specifications to comply with. Once OneTrust meets those specifications, it will be able to sell more products.
If OneTrust adapts well, OneTrust will see significant sales growth until 2030 in Saudi Arabia. An important thing to consider is to offer both on-premises and cloud deployment options. Currently, cloud-only solutions, especially on Azure, are not widely accepted. So, I would like to have an on-premises version as well.
On-premises is crucial. If OneTrust can offer Google Cloud within Saudi Arabia, that would be good, but outside the country, Azure is acceptable for HIPAA compliance.
So, in future, there should be both on-premises and Google Cloud options for cloud deployment.
For how long have I used the solution?
We have OneTrust products, mainly in Saudi Arabia, and I've been working with them for about a year or ten months.
It is used at enterprise level, so it must be the latest version.
What do I think about the stability of the solution?
The stability is average. I would rate it a five out of ten. It is average. I've had some issues with tickets, CRs (Change Requests), service requests, and the like.
Like other tools, there are always some issues that need to be fixed. It's normal for most tools to have occasional issues, and the operations team is usually working on resolving them.
What do I think about the scalability of the solution?
It has high scalability, but the limitations are the pricing and the lack of an on-premises option within Azure cloud. This limitation prevents us from selling to some teams. The team at OneTrust may not be aware of the cultural and regulatory landscape in Saudi Arabia. It's important to be able to offer on-premises deployment. I'm sure that in any sales presentation, customers will ask if there's an on-premises version, and the answer will be no. This will disqualify OneTrust, even if the system is technically qualified and the sales representatives are experts.
I would rate the scalability a seven out of ten. We have two enterprise-sized businesses as customers. We work with enterprise clients and sell other products. We are not tied to specific infrastructure providers like IBM or Microsoft, but we are guided by customer needs.
If customers specifically request OneTrust and are open to using the cloud outside of Saudi Arabia for HIPAA compliance, we can work with them. Regulations are starting to be enforced, so it's important to be able to offer solutions that meet compliance requirements, especially for enterprise clients.
How are customer service and support?
The main issue is with the first line of support. They don't seem to understand the tool very well and often need to escalate to the experts.
So, I would like them to have more knowledge and qualifications. They should be prepared very well. I like the second-line support team; they are knowledgeable. But sometimes, they ask repetitive questions, which can be frustrating for customers. Perhaps they could customize the questions or use a process to avoid repeating the same questions.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
My focus is on data management, aspects like quality, integration, open data, data sharing, and more. The market recognizes around 14 data management domains, including different environments and data configuration capabilities.
As for OneTrust implementation, my educational level and experience as a data expert in the Middle East have been valuable. I've engaged with Aetna on various projects, starting as a developer and progressing to senior project manager. Currently, I'm an account manager and business developer for my company in Saudi Arabia.
I've had two projects involving Axon and OneTrust. We're a system integrator specializing in different management projects.
How was the initial setup?
The initial setup was difficult.
I was leading a project for one of our big customers in the telecom industry. I remember my team got stuck during setup, and we had to engage the OneTrust team. Even their experts took a long time to install it, and there were many prerequisites. It was complicated.
So, I would rate my experience with the setup process a two out of ten, where one is difficult, and ten is easy.
For OneTrust, we work at this client's site, STC (Saudi Telecom Company). So, the deployment took more than one month, as I remember. One of the OneTrust modules and STC had many prerequisites and issues.
In general, the installation process is as follows:
If you have a product and you need to speed up the setup, maybe you could have an automated setup with a bundled database. It's a confidential solution, so you don't need to ask for the database location; bring your database inside your product and install it. Don't ask about the database repository or schema; you can make it reside beside your product, whether it's MySQL, PostgreSQL, or others.
When you include a database for metadata beside your product, you eliminate the need to ask for database and network size requirements, disk space, and other details. You don't have to do all these things. OneTrust, bring your packaged database to record metadata and collect data. For any support team inquiries, you can minimize the prerequisites. Just ask for the installed OS and server access, and install your product there to work.
What about the implementation team?
We integrate. Our company is a system integrator, so we integrate our clients with technology vendors like OneTrust, Informatica, IBM, Microsoft, and others.
For security reasons, we provide solutions for our clients based on zero trust and their needs.
What's my experience with pricing, setup cost, and licensing?
It is expensive. I would rate the pricing a seven out of ten, with one being cheap and ten being expensive.
The licensing is itemized. If you ask about specific features, OneTrust will tell you that they're an additional feature, and you have two versions. It's not a one-box solution like some other tools I've worked with. OneTrust has many features, and you have to pay for each one individually.
Which other solutions did I evaluate?
My customers mainly use OneTrust for compliance. For data classification, they use Informatica and Collibra. They prefer a hybrid approach and don't want to rely on just one solution. They use different tools for different purposes, such as OneTrust for governance and Collibra for compliance. They are open to adopting a new solution if it offers better capabilities.
But, if they've already purchased OneTrust and want to add features like data discovery and lineage, OneTrust can provide these features. But, if they already have ETL and BI tools in place, it might be more efficient to stick with those tools as long as they can cover all the requirements. Adding another tool means additional costs, resources, and integration efforts. It's better to have a comprehensive solution that meets all their needs.
What other advice do I have?
My advice depends on the country and its regulations. In Saudi Arabia, you have to check if the setup is on-premises or in the cloud. Cloud security and compliance with local regulations are crucial. You need to consider the installation process, schedules, and legalization for specifications related to the National Data Management Office (NDMO).
Once you ensure compliance with the tool and local regulations, it will be easier to proceed with purchasing, implementation, and adoption. If the tool is not compliant, you may face issues later on, potentially leading to disqualification by security teams and the need to stop using the tool.
Overall, I would rate it a six out of ten.
For users who need to comply with regulations, I would recommend using this product. But for my colleagues, my clients, and myself, we don't usually consider OneTrust due to setup issues and pricing concerns.
However, if OneTrust wants to gain more market share, OneTrust Data Governance needs to offer competitive pricing and consider providing a package specifically for Saudi Arabia that includes key compliance services, active directory integration, data quality tools, and other important features. This type of package could be very appealing and lead to increased sales.
*Disclosure: My company has a business relationship with this vendor other than being a customer. integrator
