Every governance rebuild I’ve seen starts the same way: a team that over-corrected once, then over-corrected the other way, and is now tired of both.
This client had lived both extremes in the same decade. Central team reviewed every request - compliance perfect, nothing shipped. Then the pendulum swung: every domain does its own thing - fast, until the first duplicate customer table and the first awkward audit.
Hybrid isn’t the compromise between those two. It’s a different design.
Weeks 1-3: Decide what stays central. Security standards, compliance requirements, data quality baselines. Guardrails, not approval gates. Narrow on purpose - if everything is central, nothing is.
Weeks 4-6: Name domain owners inside the guardrails. Marketing owns marketing data. Finance owns finance definitions. The central team sets the boundaries. The domains pick the answers.
Weeks 7-9: One cross-functional working group. Monthly sync. Surface conflicts while they’re still cheap. This is where the “we’ve always done it this way” conversations actually get resolved, instead of festering in Slack.
Weeks 10-12: Document the operating model. Train the domain owners. Two pilot domains. Measure.
One quarter in: access requests processed around 70% faster. No compliance regressions. Shadow spreadsheets started dying on their own - not because anyone banned them, but because nobody needed them.
Balance isn’t the middle of the slider. It’s knowing which decisions belong where.
Is your governance a bottleneck or an enabler? If teams are building workarounds, you already have your answer.