What is an EUC?

EUC stands for end user computing, and it’s any non-tangible (that is, not hardware) computing resource that lives, or may live, on the desktop of an end user. And why should you care? The answer to that question depends on your industry.

EUCs & Why You Should Care

If you’re in financial services, pharmaceuticals, healthcare, or if you are subject to regulations such as GDPR or CCPA, you should care because regulators examine these EUCs for regulatory compliance. If you are in a public company, then you will know that EUCs are crucial to auditors. Even if these categories are not directly applicable to your business, EUC management and governance are good practices and will save your company money in the long run.

Let’s Dig a Little Deeper.

The term EUC has been around for a long time.

Where does it come from? 

Originally, it was used to encompass primarily Excel spreadsheets and Access databases. It was then extended to other Microsoft Office products and comparable products from other vendors, such as Adobe Acrobat or Google Sheets. More recently, it has become apparent that the definition of an EUC should be further expanded to include things such as Tableau reports, applications created by “citizen developers” or “citizen data scientists,” and even chatbots.

Why should the definition of EUCs be so all-encompassing?

The short answer is that regulators are increasingly asking companies to prove that only the people
permitted to see relevant data, especially sensitive information, are the only people who view that
data.

EUC Access Rights

If you have a Power BI report on your desktop with that data in it, then your company needs to be able to prove that you didn’t forward that report to someone who doesn’t have access rights to that data. An efficient and effective remedy for this is to prove that the report cannot be forwarded, copied or printed. These actions would demonstrate that the company has a well-structured policy to secure sensitive data and ensure its integrity.

It is important to understand this background on the nature of EUCs because their scope is contested amongst regulators and bankers.

The Definition is Shifting

Regulators have a more fluid definition of what constitutes an EUC, while bankers are more rigid in their definition. To them, an EUC is only synonymous with a spreadsheet. However, their collective understanding is beginning to shift towards the more inclusive view.

A Growing Awareness

While on this topic, it is worth noting that anecdotal evidence suggests that EUC policy is becoming a much higher-level issue in many organizations than before. For example, several banks were approached by central banking authorities such as the Fed and the ECB to discuss precisely this issue. Auditors also take a tougher line, especially in the States, around EUC management and governance.

More EUCs

Leaving aside the actual process of managing EUCs, which is a topic for another day, there are several interesting aspects to this definitional expansion. Firstly, if there are far more EUCs to manage than before, then actually inventorying them will be a significant issue, not just as a onetime project but on an on-going basis.

Secondly, with more senior executives taking an interest in governing EUCs, there is going to be a greater demand for company-wide capabilities rather than simple departmental implementations. Given the growing number of EUCs that need to be inventoried and governed, vendors seeking to address these issues need to be able to scale to handle probably millions of EUCs, and without adversely impacting on the performance of those EUCs.

Executive initiative
EUC vendor subset

And finally, EUCs have implications for spreadsheet management vendors. While spreadsheet governance is and will remain an important sub-component of EUC management it is precisely that: a subset of the overall required functionality.

Spreadsheet Management Vendors

It is fair to say that spreadsheet management vendors, or at least some of them, have been moving to a broader understanding of EUCs over the last few years, while newer entrants have recognized the issues involved from the outset. Needless to say, some suppliers are transitioning more successfully than others, while some have architectures that do not lend themselves to the sort of scalability that is required for large-scale EUC governance. It will be interesting to see how the market evolves in response to EUCs and their rising implications across industries.

Want to learn more?
Learn about spreadsheet risk