The Information Governance Balancing Act: A Firm Hand, or a Light Touch?
All around us we see examples of the balance between control and freedom. Too much governmental control means you have little say in your life, but too little results in anarchy. Children need structure to keep from running wild, but provide too much and they fail to develop key social and other life skills.
This same tug-of-war plays out when it comes to managing corporate information. Employees usually want to be able to access information anywhere, on any device, with infinite retention. The business typically wants to keep that information locked down to prevent loss of customer data and resulting brand damage. Legal in many cases wants to minimize information retention to reduce long term liability. Complicating this situation is that all three groups look at “the information” in different ways, and in many cases have poor visibility to the information altogether.
Striking the right balance between freedom and control, between retention and expiry, and between visibility and cost is information governance in a nutshell. It is not a nebulous concept; it is doing what we must – retaining, securing, and analyzing data – in a way that aligns the different pillars of the organization and solves specific problems today. That last piece is where many information governance projects fail – a committee approach that tries to satisfy the needs of each member, which results in an enormous project with a three year payoff. I talk to very few organizations willing to invest in projects with both high complexity and such a long time to value.
The most pointed drivers of information governance I see today are data loss prevention and eDiscovery. The former requires strong alignment between the business owners and IT organization (especially the security team) to define what data is critical and implement systems and processes to both find and protect it. The latter requires alignment between the business owners and legal teams to define retention policies that balance employee access needs and the legal risk that an older information repository represents. The opportunity is to link the two – share the classification schemes used to define critical and confidential information (first done for security reasons) with the retention polices being created (to reduce legal risk and cost), so organizations can treat their critical information differently. As one customer put it, “I know I only need 15% of my data … I just don’t know which 15%.” Examples like this are how information governance will expand successfully: by incrementally solving concrete problems with real ROI. Retain, secure, and analyze in a way that aligns the different pillars of the organization.
A major force already driving us along the information governance path is the c-word: cloud. As organizations adopt (willingly or otherwise!) hosted mail, Dropbox, Box.net, Chatter, LinkedIn, Facebook, etc. we need to retain, secure, and analyze that data as well. To enable that move of enterprise data to the cloud, the archive needs to as well. That is one of the reasons that Symantec is pleased to announce the acquisition of LiveOffice, as part of our commitment to help customers support intelligent information governance in a form factor that makes sense for them.
LiveOffice, with its talented team and cloud archiving technology, will improve our ability to connect people to information, wherever it resides, for two key reasons. First, we see a tremendous opportunity to leverage the resources of Symantec to better reach, support and deliver integrated solutions to our customers. Those integrations can be not only supporting information governance as discussed here, but also providing a complete cloud mail protection solution. Second, we have come to know the LiveOffice organization well through our OEM relationship and see a strong cultural fit between our teams’ DNA, standard of excellence, and customer focus. I firmly believe that this cultural fit is a critical element in bringing two organizations together. There is much more to come here – stay tuned!
In summary, information governance isn’t a three year committee project: it is the ability to retain, secure, and analyze data with a common perspective across the business owners, legal, and IT. I see data loss prevention and eDiscovery as the most pressing information governance issues today, and Symantec is uniquely positioned to help customers by leveraging technology across those two problems. Finally, the move of enterprise data to the cloud drives the archive to the cloud as well, which is one key driver of our acquisition of LiveOffice. As the old adage goes, “Change is the only constant!” Information governance will continue to evolve over time, and I am looking forward to taking that journey with you.
For more information about Symantec’s acquisition of LiveOffice, visit: http://go.symantec.com/liveoffice.