An interesting chat with David Horrigan from the 451 Research Group confirmed what I had suspected for a while, that for most companies, large and small, Information Governance, as an IT initiative it still does not feature very highly on their agenda.
Although information governance is a pre-requisite for certain industry vertical such as legal and medical, companies tend to try and solve specific point issues rather than implementing an information governance framework. Examples of these are Bring Your Own Device (BYOD) or Mobile Device Management (MDM) policies that whilst in some cases needed, is only one example of the disciplines around information that is required.
With the rise of Cloud use companies, and the high level of reporting on cloud breaches, companies tend to be much more interested when the term “Cloud Data Governance” is used rather than just plain old “Information Governance” but the reality is that Governance on Cloud should be part of a holistic information governance strategy.
The issue with an Information Governance framework is that it is so all encompassing and it needs to be committed to from senior executives within the business. With competing projects in every business and the ROI of Information Governance hard to quantify it can be difficult to get buy-in and obtain funding for a non-revenue-generating initiative, whilst in-vogue points solutions that form part of such an initiative , like BYOD, are committed to and implemented.
There is little doubt that storing and accessing business data across on-premise and geographically dispersed cloud computing environments are likely to present control challenges, and ever-increasingly, regulatory challenges.
It stands to reason therefore that implanting an Information Governance strategy is a necessary process for any business that has both both physical and digital records, that span on-premise and cloud environments.
An Information Governance strategy should first and foremost be thought of as protecting a companies core asset, it’s data. The ROI or ‘payback’ of such an implementation centres around:
– Risk Mitigation: Protect from breaching existing regulations and be ready for forthcoming regulations.
– Increased Data quality
– Cost Reduction: Why a cost reduction ? An IG policy can reduce Operational Risk Management insurances and can reduce costs due to a reduction in Redundant, Obsolete and Trivial data (ROT).
– Increased Security
Information Governance is not all about technology of course, if anything it is 1 part technology and 2 parts process and this needs to be recognised upfront.
As CEO of Storage Made Easy, Information Governance is something we are keenly aware of. When we set out building our product we took an early decision not to include any storage as part of our Enterprise File Share and Sync solution ? Why ? Because companies already have a wealth of storage systems coupled with a number of other systems that stored and work with data. This is of course exacerbated by Cloud as it opens up the kimono for more data (often duplicative) to be stored in more places.
What we wanted to build, and eventually did, was to provide a system that could interact and work with multiple storage an services and provide a ‘single pane of glass’ or a control point for these data and systems. In doing so we are able to provide, amongst other things:
– Integration into common productivity tools such as Outlook, MS Office, OpenOffice etc that work across all data services and whose use of therefore provide e-discovery and audit information on file sharing / file access.
– A common framework point for logging and auditing that can be used to provide even data that encompass all data services in use within the organization.
– An Audit Watch facility that can monitor events in real time and notify nominated administrators depending on the rule set up.
– Common single sign (SSO) across data services.
– GEO control restrictions on access
– An Audit service that records all file events across all mapped services and all remote access events with logged IP access addresses.
– A policy framework for file sharing
– Archiving rules to Archive ‘old’ data from services in use.
The solution can of course be used a standalone EFSS solution with one back-end data store, often object storage, and we have many companies using it this way also, but it really shines when it is used in the way it was intended which is as a control point across Storage and SaaS data services.
In and of itself the SME solution would form only part of an Information Governance strategy, but its ability to join up data silos and promote visibility of the core company data asset in an obtrusive way enabled it focus specifically on the digital(file) elements specific to Information Governance.