For the majority of today’s enterprises, it appears to be a case of “Do as I say, not as I do” when it comes to information management.
In addition, the survey found that, in many cases, enterprises are saving information indefinitely rather than implementing policies that enable them to confidently delete data or records that are no longer required for legal, regulatory, or business purposes.
Continue reading to learn how this “gap” between information management goals and practice contributes to some common information management mistakes, which in turn have increasingly serious consequences. Then learn what steps organizations can start taking now to gain control of their information.
The survey, conducted in June 2010 by Applied Research and based on responses from 1,680 senior IT and legal executives in 26 countries, found that:
- Enterprises are retaining far too much information. Respondents stated that three-quarters of their backups are configured for infinite retention or are on legal hold. They also stated that 25% of the data they back up isn’t needed for business purposes or shouldn’t otherwise be kept in a backup. One in six files is archived indefinitely. Those statistics become even more troubling given IDC’s estimates that enterprise data will expand by approximately 400% over the next four years. ¹
- Enterprises are misusing backup, recovery, and archiving practices. Nearly half of the enterprises surveyed use their backup software as a means of archiving files and documents—something backup was never designed to do.
- Enterprises have improper legal hold practices in place. The survey found that 70% of respondents are using their backup systems to perform legal holds—again, something backup systems weren’t designed to do effectively. In addition, 45% of backup storage comes from legal holds alone.
Applied Research then analyzed the survey responses and divided them into five tiers, based on the organization’s information management practices. The top tier included those organizations that had formal information management practices and policies in place, while the bottom tier were those organizations that had no formal policies or practices in place. Applied Research characterized the differences between top-tier enterprises and bottom-tier enterprises as “stunning.” For example:
- 71% of top-tier enterprises have a retention plan compared with 27% of bottom-tier enterprises.
- 26% of top-tier enterprises use backup software for archiving purposes compared with 49% of bottom-tier enterprises.
- Top-tier enterprises use 20% of their backup storage for legal holds compared with 60% for bottom-tier enterprises.
Not surprisingly, the consequences of these information management issues are taking their toll on organizations in the form of:
- Rampant storage growth. Studies show that storage costs continue to skyrocket as over-retention has created an environment where it is now 1,500 times more expensive to review data than it is to store it.
- Unsustainable backup windows. Backup windows are bursting at the seams. As the survey observes: “The time it takes to restore such massive backups will bring any disaster recovery program to its knees.”
- Expensive and inefficient discovery processes. Massive amounts of information are stored on difficult-to-access backup tapes, making discovery complex, time-consuming, and expensive.
Enterprises know they need to do a better job of managing their information but often waste their efforts in trying to develop a complete, detailed set of policies. Admittedly, creating an “optimal” plan is difficult. Better to get started with good, basic information governance. Symantec recommends a straightforward five-step action plan:
- Create a formal retention plan. Without a formal plan it is difficult to know when – and what – to delete. This is what drives over-retention. Another reason to get started on this as soon as possible: lawsuits. Nearly every lawsuit today involves electronically stored information, and companies without a formal retention plan in place often have a much more difficult time identifying and preserving relevant information in compliance with federal and state rules. Newspaper headlines now routinely blare the names of organizations that can’t locate and produce relevant information in a timely manner.
- Stop using backup for archiving and legal holds. Backups were not designed for e-discovery. Nevertheless, many organizations still rely on backups for information retrieval – and pay the price in time and money, as an increasing number of court cases demonstrate.
- Deploy deduplication to reduce storage amounts. Enterprises that deploy deduplication as close to the information sources as possible free network, server, and storage resources. Enterprises should also centralize the management of deduplication to reduce complexity.
- Delete according to your information retention plan. Active archiving is the key here. Active archiving works by moving information (out of email and other systems) into a central repository – the archive. Once in the archive, an item can be automatically controlled according to a policy. This is important because, once information is under automated control, basic retention and deletion policies can be implemented that ensure a repeatable process without disrupting the end user.
- Use an archiving system for e-discovery. Once information has been centralized, organizations can then search for specific information more quickly – and with more granularity than they would in a backup environment. This will reduce the time and cost it takes to evaluate litigation risk, resolve internal investigations, and respond to compliance events. Consider how archiving helps with early case assessments. Organizations that are able to assess each case early in its lifecycle are better equipped to make informed decisions about case strategy and can prepare more informed litigation budgets. E-discovery costs can be reduced by giving inside counsel access to the archive with search and review capabilities. Because archived information has already been collected and indexed, an organization can conduct an early case assessment without the expense and disruption of manual data collection and third-party processing.
Too many of today’s enterprises are saving information indefinitely instead of implementing policies that allow them to confidently delete unimportant data and records. Without a formal retention plan in place, they will continue to pay the price in the form of rampant storage growth, unsustainable backup windows, increased litigation risk, and inefficient and costly discovery processes.
Simply put, enterprises need to regain control of their information, the sheer volume of which is growing exponentially. While a complete, detailed set of policies can be developed over time, enterprises should get started with a formal plan as soon as possible. It’s the best insurance there is against some very costly information management mistakes.
For information about solving archiving and discovery challenges, go to Symantec Enterprise Vault
¹ “The Diverse and Exploding Digital Universe,” IDC, 2008