The Marriage of IT and Information Governance: Rocky Romance or Wedded Bliss?

Posted 04/07/2014 by Commvault

Posted in

Sometimes the marriage of Information Technology and Information Governance seems like an arranged one, where two parties go kicking and screaming to the altar to satisfy traditional rules. Other times, it can be a true partnership that is equally rewarding to both and ultimately to the business. The fact remains…collaboration is necessary and inevitable with new governance trends having a great impact on IT. What were once isolated and occasional requests on IT to recover or discover data, now need to be a fully integrated part of an overall plan to support the business and derive the most value from information.

Recently, we blogged about the security breaches experienced by household brands. These headlines served as a door opener to create a dialogue about marrying the needs of the business to an information management strategy that supports it. True, there are never-ending dependencies on data and yet far too many companies put too much critical data in harm’s way. The recent blog explained that the silver lining of exponential data growth is that it’s forcing early conversations on overall strategy. Because understanding what’s behind that data growth is a critical part of solving the problem, we wanted to keep that discussion going.

The proliferation of BYOD, USB/thumb drives and other endpoint data 'at the Edge' is a big contributor to the data growth problem and it’s a compliance nightmare. Some companies don’t separate sensitive data like SSNs or credit card information from regular data. As in the examples above, when one thing is hacked, it all goes. Another problem is that companies 'keep everything forever.' This strategy has become a default for many because it is difficult to figure out what data has relevance to the business and what does not. Strategies like this not only drive up storage costs, but can be a smoking gun for companies that don’t know what’s in that data. Last, security and compliance policies for many organizations, while often well-founded, are delegated to employees to perform manually instead of automated enforcement through technology.

So what can you about these challenges? They say good communication is the key to a successful marriage. But let’s be honest, some conversations are just tough to have. A great journey starts with a single step though, and you too can get the conversation started to extract business value with speed and scale in the face of the 21st century enterprise.

Some considerations for opening the lines of communication:

  1. Define compliance. Many companies do not have crisp definitions of compliance. What does this mean in your organization with regard to legal, corporate, regulatory and security? Think about enterprise-wide compliance under the umbrella of an information governance strategy that unifies the way data is managed, protected and retained.
  2. Define your company risk profile. What do you view as worst case scenarios? This will help uncover products that suit your needs. Are compliance and legal teams on board with the strategy? What are you willing to 'suffer through' as the result of a data management misstep? What is the cost of discovery versus settling? How much would you pay to 'make it go away?' What about brand degradation?
  3. Think of information as your asset. Your information is the lifeblood of your organization; it can get you closer to your clients, differentiate you from your competition and help you understand your opportunities better. According to Info-Tech, in the modern regulatory and legal landscape, information must be:
    • Findable – confidently find or prove that a document doesn’t exist anywhere in your storage
    • Immutable – not corrupted by human error
    • Traceable – know who has accessed each file

By thinking cross-functionally through some of these issues, you’ll be able to start to cross the line from rocky romance to wedded bliss when it comes to a holistic information management strategy. No one wants to become the next headline or poster child for data management missteps. We’re teaming up with InfoTech in an upcoming webinar to keep the discussion going on some of these issues, with an emphasis on email. Both IT teams and governance stakeholders will benefit from attending by gaining the tools to develop an understanding of what drives your organization’s overall compliance strategy.