1. /
  2. Confident Insights Newsletter/
  3. Information Risk Management: The Next Generation

Information Risk Management: The Next Generation

October 28, 2008

Summary

Companies are under increasing pressure to deal with the massive growth of unstructured information, such as email, files, and SharePoint content. Symantec Information Risk Management enables companies to secure and manage such information with confidence.
The results of a recent survey of 202 IT managers sheds interesting light on how organizations are dealing with the massive growth of unstructured information, such as email, files, and SharePoint content.
  • Asked how important it was to protect information in motion and at rest, 85% ranked it “important” to “very important.”
  • Seventy-five percent ranked reducing the storage required for unstructured information “important” to “very important.”
  • Asked how confident they were of being able to quickly find all required information for legal discovery or disclosure, only 15% of the managers said they would “bet their paycheck” on it.
  • Asked where they see the biggest risk for data loss, 61% of the managers said laptops and desktops, 51% cited email and IM, while 50% indicated portable storage devices.
The survey, fielded by Applied Research-West Inc. in July, underscores the ongoing challenge of how to secure and manage unstructured information.
This article looks at the immediate challenges posed by the sweeping rise of such information. It then shows what organizations can do to protect unstructured information, cut storage and server costs, and quickly find what they need for business, legal, and regulatory needs.

It’s raining data

For IT departments large and small, the last few years have been brutal: Gartner estimates data volumes are rising at an estimated annual rate of 65%; at the same time, the pressure to retain and find information for business, legal, regulatory, and HR purposes has increased tremendously.
In the United States, recent changes to the Federal Rules of Civil Procedures, which dictate the processes and evidence requirements of parties in federal civil suits, have also had a significant impact on the kinds of information companies are expected to find and produce in litigation.
In Europe, existing laws require companies to retain information about the conduct of their business (such as contracts), and regulations concerning information retention, protection, and disclosure are increasing.
The upshot is that regulators and judges demand timely production of documents and do not consider information “inaccessible” simply because an organization lacks a system for prompt retrieval. Earlier this year, Qualcomm was hit with an $8.5 million penalty for mishandling the discovery process and failing to produce email relevant to a lawsuit with Broadcom. In the U.K., a large retailer was mandated by the Information Commissioner to install laptop encryption company-wide as a result of a data breach – a failure to protect confidential information.
Generally speaking, companies grappling with the rising tide of unstructured information face three key challenges:
  • Security The volume and distributed nature of the information make it hard to protect – both in motion and at rest.
  • Storage Greater volume means not just soaring storage and server purchases, but also soaring energy and cooling costs.
  • Search More information makes it harder to find what is needed (i.e., the proverbial “needle in a haystack”).
For U.S. companies, there are also the rising costs of discovery to consider. Legal review must be conducted by skilled staff. To review 1 gigabyte of email costs more than $100,000, according to a Fulbright & Jaworski litigation survey, yet it costs 15 cents per month to store it on Amazon’s Web-based Simple Storage Service. Thus, review is 1,400 times more expensive than storage.

Symantec Information Risk Management

Symantec is uniquely positioned to help companies secure and manage their unstructured information. Symantec Information Risk Management (IRM) protects unstructured information such as email, files and SharePoint content everywhere – both in motion and at rest. It cuts the cost of storage, servers, and energy consumption. And it reduces the cost and risk of finding information for business, legal, and regulatory purposes. Specifically, it enables companies to:
  • Protect information everywhere Symantec Information Risk Management protects unstructured information on all endpoints, in transit, in storage, and in collaborative applications. It protects data from external attack through key loggers and data extrusion. It also prevents inadvertent or malicious data loss through network activity, such as emails, Web postings, or IM. In addition, it monitors and prevents sensitive information from being copied and pasted to a local drive and stops such information from being electronically printed or faxed.
  • Reduce storage costs Symantec Information Risk Management makes storage more efficient by eliminating duplicates and by compressing files. Unstructured data presents an additional challenge because it must be indexed so it can be easily searched. Keeping the index size small is vital to avoid squandering storage reductions on a bloated index. IRM allows companies to retain only what is necessary through intelligent archiving; reduce server count (less storage means there is less to serve); and achieve “greener” IT by cutting energy and cooling requirements.
  • Automate high-cost workflows Symantec Information Risk Management simplifies and automates information workflows that are of high cost and low value to an organization. U.S. legal discovery is just one example, but it applies to any workflow that requires review of information by expensive experts – such as regulatory audit, human resource, or information security investigations. Symantec’s self-service model avoids making IT the bottleneck and allows companies to scale back their dependency on experts. Being able to automatically search across one centralized and intelligently classified archive using simple tools can significantly lower the cost of collecting this data. Applying automated data retention and expiry policies to keep the archive size in check also makes the review and analysis of archived items much quicker and easier, giving lawyers less to request and review.

Conclusion

Companies are under increasing pressure to deal with the massive growth of unstructured information. Specifically, they must find a way to secure, store, and search unstructured information throughout its useful life. In the U.S. – and, increasingly, worldwide – companies also face the rapidly rising cost and risk of electronic discovery for business, legal, and regulatory information.
Also, information today is at risk on an ever-increasing number of endpoint devices. Portable technologies like mobile phones, laptops, and USB memory sticks are particularly vulnerable. In addition, the growing trend toward outsourcing and contracting puts more and more endpoints outside the direct control of IT departments, making it even harder to protect against the copying and printing of high-risk information.
Symantec Information Risk Management provides an infrastructure to protect unstructured information wherever it flows, at motion and at rest. It also cuts the cost of storage, servers, and energy consumption, and reduces the cost and risk of search and e-discovery. Ultimately, Symantec Information Risk Management enables companies to secure, store, and search their unstructured information with confidence.

Back to Newsletter