Asia's Source for Enterprise Network Knowledge

Friday, March 31st, 2017

Security

What CIOs need to know about information governance

As enterprises rally to exploit information-driven digital opportunities, most CIOs would prioritize data security and protection in their budgets given the criticality of information as a business asset for growth. 

However, organizations are overlooking a primary issue. Gartner estimates that poor quality of data is costing an average organization US$13.5 million per year, and data governance problems – which all organizations suffer from – are worsening. This grim forecast is based on reasons such as data not being managed and defined as an asset consistently across an organization.

That’s why many organizations are turning to tools such as content analytics for process automation, information governance, contextual search or business insight, and to help address risks such as security breaches, sensitive or offensive content, and compliance issues, according to a recent Association for Information and Image Management report.

That means information has to be analyzed and valued so it can be effectively and efficiently protected and secured based on information governance policy.

From ECM to IG

For years, organizations have developed and implemented enterprise content management (ECM) strategies based on the principle that each document is unique, serves a defined purpose, and is therefore managed. The ECM approach assumes a one-to-one relationship; it is hierarchical and how a document and any item related to it are managed depends on what’s in the document.

However, information in email systems is inherently repetitive when moved outside the organization or commented upon; and embedded in conversations or threads. Even with single-instance storage where copies sent to multiple recipients point back to a central document, hierarchical ECM solution is unable to handle such one-to-many relationships easily.

At the same time, the majority of IT projects typically entail some aspect of information management, which are the activities and tasks to organize, retrieve, acquire, secure and maintain information within the business.

But organizations have to identify, understand and establish the value of both structured and unstructured data from multiple sources before they can apply appropriate policies, processes, strategies and metrics to manage the data.

Valuing information is a big challenge, but think tanks like the Information Governance Initiative have started studying how companies have succeeded in this area. The value of information as a business asset can simply be measured, for instance, by its age.

Again, the most common form of unstructured data that organizations are likely to manage is email. The value of an email is transient and typically decreases with age. Unless they refer to a critical business subject or their retention is bound by regulations, companies can decide to delete them after a defined period.

Here, information governance (IG) offers a strategic guide for determining why the information should be retained and managed, and the value of what needs to be managed. Organizations can implement IG using either a ‘top-down’ approach or a ‘bottom-up’ approach.

In the top-down approach, stakeholders understand how the value of data changes and determine the lifetime value of that data. In contrast, the bottom-up approach simply considers a point-in-time present value of data. These approaches prevent a ‘save-everything’ strategy that hinders productivity and heightens risk.

The key success factor in IG is consistency in the rules and procedures of managing data based on its value throughout its lifecycle. Sound IG underpins strategies for mining potential insights from information while mitigating risks.

Longer-term view

Expanding information management with an Advanced Discovery application, Barracuda Networks’ ArchiveOne version 7.0 solution enables business users to locate and archive, copy, delete and retain pertinent information quickly and efficiently regardless of where it is saved in an organization.

The information management plus e-discovery solution is an extension of Barracuda’s Data Protection Plus cloud-connected, mobile-enabled solutions that also combine data protection and disaster recovery; file sync-and-share and data protection; and archiving and mobile access.

When attorneys at US law firm Gray, Reed & McGraw began saving every email from clients in Exchange, some dating back two or three years, the company’s IT team had to constantly reboot the server and compress the fast-growing volume of emails that was slowing the server down.

Instead of upgrading the server, the company implemented ArchiveOne in its offices. This results in “no more running utilities to compress data; no more asking secretaries to delete emails,” says Jason Rodriguez, IT and facilities manager at the law firm. “One of the two policies we use is the archiving of all folders in Outlook, with the exception of Deleted and Sent Items, that are over 90 days old.”

With the email server running smoothly, Rodriguez began focusing on long-term email management projects such as archiving PSTs and mailboxes to storage media.

For companies like Gray, Reed & McGraw, ArchiveOne with Advanced Discovery would also allow users to manage data in the context of business need and according to a defined process without the involvement of IT. Further, enterprises’ legal and audit departments can locate information easily without having to know whether the data is stored in mailboxes, message archives or file servers.

“Previously the IT department was tasked with discovery requests because only they knew where data resided and how to find it,” says Rod Mathews, general manager for Storage at Barracuda. “Our ArchiveOne platform changes this by enabling business owners such as legal and human resource departments to perform their own queries. As a result, e-discovery is simplified, better results can be obtained, and costs can be reduced – all while freeing up IT to handle other mission-critical tasks within the data center.”

This is a QuestexAsia feature commissioned by Barracuda Networks.