Taking back control of your information
Data growth remains one of the most common topics of conversation I have with organisations. Pick any research study, and it will show you that data growth is relentless—more than 40 percent per annum most argue—and that pace of growth shows no sign of stopping. The largest growth area is in unstructured data: the data that resides outside structured databases.
The rapid adoption of mobile and cloud service’s extends where information resides beyond the traditional data centre boundaries. This creates new challenges around the management and protection of an organisation’s information.
From my conversation organisations are no longer solely focused on how to tame this growth. Techniques like de-duplication, space-optimised snapshots, compression and archiving are all essential tools and commonly used to better manage this growth. Now, the conversation is turning to other related matters, such as how to get better control and leverage of information through information governance programmes.
Indeed, the 2012 Symantec State of the Data Centre Survey found that more than 90 percent of organisations are actively discussing information governance projects, or have trialled or implemented a governance program.
In this blog, I will discuss my thoughts based on conversations with organisations about their motivation for these information governance projects.
The first driver for organisations is to obtain a clear view on the value of their information. Creating an information governance policy kick-starts the journey of classifying data based on its importance and value to the organisation. Data classification policies can simply be based on the perceived value and importance an organisation puts on their information. Alternatively, it might be legislation that directs this categorisation. Either way, this initial classification is essential as it underpins how an organisation implements information governance policies. “Create once and harness many times” is a reliable mantra to keep in mind to avoid these programmes spiralling out of control.
Security of key information assets is the second key driver. By doing part one (data classification) the organisation now understands what its most valuable and sensitive information assets are. It can now focus on ensuring this information is secure and not vulnerable to compromise. Often this classification knowledge can stimulate data loss prevention projects or a re-review of existing projects to ensure they meet the now defined data classification policies.
The third driver for adopting an information governance programme is to derive increased competitive advantage. In the conversations I have with companies, this has commonly materialised as mobility projects. Prior to the arrival of mobile and tablet devices, sensitive information was generally only accessed within the traditional firewall perimeter. As demand for tablets increased, so has the demand for accessing important corporate information on the devices.
Many IT departments I have worked with have gone through a transition period. The initial response was to deny access to this information via mobile devices as it was considered too insecure to allow such as thing. What if the device is lost or compromised, for example, owing to immature protection methods? However, when it became clear advantage could be derived through smarter working, the question turned to, “how do we enable it but at the same time maintain control?”
Once this mind set was established conversations began around issues such as encryption, user authentication and remote device, application and data management. These tools allow an organisation to put in place stronger controls that ensure policies are maintained whilst meeting the changing demands of the business.
The fourth and final driver I see is around cost savings for e-discovery. Unstructured information often spans many different data repositories across a variety of applications. Courts and regulatory bodies, for instance, have strict requirements about how organisations should respond to a request for information. The cost of sorting, analysing, processing and producing reports for internal investigations, compliance audits and legal requests for information is significant. Organisations can face multi-million pound fines if they fail to provide the required evidence on time.
Techniques that reduce the amount of data to review, coupled with a robust engine that indexes information, are the basis for automated e-discovery.
Stopping information growth is like the aspiration to remove all risk from an organisation: it simply can’t be done. However, governing the information in your organisation and making it work for you—rather than against you—is the domain of information governance.
Symantec provides solutions to address the above and more challenges with in this area. If you would like to know more, please contact the author of this blog or your local Symantec representative.