• No results found

Information Governance: How to Prevent Uncontrolled or Unforeseen Spending

N/A
N/A
Protected

Academic year: 2021

Share "Information Governance: How to Prevent Uncontrolled or Unforeseen Spending"

Copied!
9
0
0

Loading.... (view fulltext now)

Full text

(1)

INTRODUCTION

Organizations today are faced with a myriad of challenges, risks and threats related to the data they are storing. Such costly

vulnerabilities are magnified for organizations that are heavily regulated or face persistent litigation, particularly when looming audits and investigations so often require large amounts of electronically stored information to be extracted, analyzed and reviewed. Although it has become critical for many organizations to proactively invest in Information governance products, available

Information Governance: How to Prevent

Uncontrolled or Unforeseen Spending

The key to gaining control of internal

unstructured data is

to achieve governance at the lowest possible cost.

“More information to manage means bigger challenges.

CIOs, legal and compliance officers, and lines-of-business

leaders must discard the disorganized practice of

independent management of business data silos, and

strategically focus on information growth, especially for

unstructured data,”

notes Gartner, Inc. in “Use These

Unstructured Data Management Best Practices to Manage Based on the Time Value of Data”, Sheila Childs, Alan Dayley, November 2012.

(2)

In 2012, the RAND Institute for

Civil Justice published findings on

their research to understand

litigant expenditures in eDiscovery.

They reported that the total cost

to review a gigabyte of data in an

eDiscovery process was $18,000.

On the high end, one company had

to pay $358,000 for each gigabyte

of data reviewed.

This is just one example of how

organizations can suffer

uncontrolled spending from their

data.

The referenced RAND document can be found here.

MODERN-DAY CHALLENGES

As today’s Information Age continues to evolve at the speed of thought, a proactive focus on information governance is not just for organizations saddled with compliance and eDiscovery. Across a variety of industries, more and more CIOs are looking for ways to reduce their storage footprint. Organizations are even starting to create dedicated

Information Governance Director and Chief Data/Digital Office positions to manage what is becoming a substantial commitment. Without a doubt, the financial impact of storing and protecting large volumes of data—and also responding to requirements for file analysis—is increasingly becoming a top-level concern and bottom-line priority. At the same time, internal legal departments are shifting their stances on data retention strategies. With the high cost to review data in an eDiscovery process, along with the unknown risks lurking in old data, in-house legal teams have become more motivated to revise old policies in support of regular storage housekeeping.

Companies are also responding to increased government scrutiny of their information management practices. Detailed investigations and audits to verify whether corporate practices comply with documented policies and security controls are exposing large gaps in how well data is effectively being controlled.

CHANGING DYNAMICS OF THE

INFORMATION STORAGE LANDSCAPE

The technology landscape for modern-day businesses is experiencing fundamental shifts. For example:

»

IT teams are managing larger and larger portions

of data on-premise and in the cloud;

» Organizations are insisting on managing data in place rather than archiving records and digital information off-site or in remote storage systems.

» Users expect easier collaboration across multiple devices. To prevent data from proliferating outside an organization’s control, IT is adopting enterprise file synchronization/sharing solutions;

(3)

Dark Data Defined:

The information assets generated

through regular business activities

that organizations retain, but

mostly overlook, to manage or

use for other purposes.

» In-house legal teams want to reduce eDiscovery spending and realize the best way to achieve this is by removing junk data and by being more precise about the data that gets preserved and ultimately extracted from the live environment, thus requiring confrontation of dark data;

» As the traditional focus on securing the perimeter fades, security and compliance teams are forced outside the perimeter and now have to think about data proliferation/spillage, least-privileged access, awareness of sensitive data, adoption of metadata-based access controls, and file analysis; and,

» In order to have policies that work, information governance stakeholders and policy experts are looking to maintain a better awareness and insights into their organization’s overall data assets.

Information management requirements have indeed changed. Organizations are progressively revisiting their overall information management strategy as well as the viability of their legacy technology

investments as they settle into this new data landscape. IT, legal and security teams need to make sure this new landscape is supported without a loss of visibility or control over the data; otherwise, the organization is severely at risk—including and especially financially.

To be successful, the tools and approaches used to analyze, control and protect data must be applied in a manner that is well-aligned with the new data landscape. This requires a focus on finding “smarter” solutions that are less costly, less complex, and far more responsive to modern-day, internal Big Data storage needs.

OF STRATEGIC IMPORTANCE: KNOW YOUR DATA

Despite investing in search, classification, archiving and eDiscovery software, organizations continue to experience data management and governance challenges. At the root of the problem: organizations lack a comprehensive, actionable understanding of their information. In other words, they do not have an always-on intelligence over what they are storing, an understanding of who has access to what, and an awareness of the status of their most important or sensitive data.

“Most organizations don't implement data content/information governance

initiatives because they think it will be hard to understand the data.”

notes Gartner, Inc. in “Best Practices for Storage Administrators: Staying Relevant in an Information-Centric Data Center”, Sheila Childs, Alan Dayley, March 2013.

(4)

In response, companies have been purchasing separate solutions or duplicating the same tools in different divisions and departments for search, classification, archiving, e-discovery and governance. As a result, policies are not adequately defined; information is over-retained and becomes cluttered. The accumulating costs make any new investment increasingly more difficult to secure.

In order for information governance to be successful in an organization, IT, security and information governance leaders need to easily and quickly understand the holistic picture of unstructured data for a variety of circumstances—both for regular operations as well as unplanned circumstances like audits or litigation.

The lack of an actionable understanding of stored data is not just true for file systems, but it is also true for other “mega-repositories” of enterprise data such as: Microsoft SharePoint, Exchange Server mailboxes and public folders, Microsoft Office 365, enterprise file sharing and virtual storage repositories. What’s common amongst them all is this: they are primary storage repositories of valuable, sensitive, dark and junk information in the form of unstructured data. Managing the critical, sensitive and valuable data apart from all the rest is a challenge.

Organizations that are successful with their information governance have figured out how to uniformly manage and govern these data sources in an intelligent and defensible manner so that the value and risk data can be handled more prudently—something that won’t be achieved using tools from last decade’s data management strategies.

“Most enterprises do not have a comprehensive, actionable understanding of the

unstructured data held in data stores such as Windows and Unix file shares, and

therefore cannot ensure adequate security. This is becoming a particularly serious

problem because auditors are increasingly shifting their focus to the security of such

data, in part because the security posture of relational databases has improved.”

notes Gartner, Inc. in “Don’t Make the Mistake of Assuming Your Unstructured Data is Secure”, Jeffrey Wheatman, June 2012.

“Gartner considers FA [File Analysis] to be a high-impact technology, and estimates

that it will take two to five years before it reaches mainstream adoption. Adoption

rates will differ according to use cases. FA for storage management purposes, namely

for migrations or technology refreshes, may evolve more quickly as organizations

view massive amounts of data stored on file shares as cumbersome to move in

totality.”

notes Gartner, Inc. in “Innovation Insight: File Analysis Innovation Delivers an Understanding of Unstructured Dark Data”, Alan Dayley, March 2013.

(5)

UNDERSTANDING THE

COMPETENCY GAP

As we consider the concept of an organization maintaining an actionable understanding of its data, the following nexus of forces should be considered:

IT, legal and security teams typically maintain little awareness of their unstructured data’s volume, composition, risk and business value. This includes having a lack of actionable intelligence over things like: data access and ownership, storage, content, file analysis, and metadata.

While enterprise search, classification, archiving and eDiscovery products are great building blocks that can help an organization identify, tag, preserve and review data, they do not individually or collectively

Budget

The new

data

landscape

(e.g. cloud)

Increasing

demand for better

information governance

and file analysis

Available

tools and

resources

“Storage teams should proactively create views into metadata and content, and work

with all business units to create policies and plans for the data based on this

information.”

notes Gartner, Inc. in “Best Practices for Storage Administrators: Staying Relevant in an Information-Centric Data Center”, Sheila Childs, Alan Dayley, March 2013.

(6)

provide an efficient, holistic and ongoing picture of the data situation and activity inside key

applications. What is needed is a modern-day, intelligent solution—one that provides ongoing access to a clear and accurate bigger picture and bridges the gaps between the various priorities of information governance, downstream life cycle management, risk management, as well as budgetary planning and control.

RISE OF THE INFORMATION SERVER

How does an organization effectively achieve an actionable understanding of hundreds of terabytes or petabytes of data? How can it analyze countless files, when needed, more quickly and effectively? With data stored in a variety of places, in a multitude of different applications, and sometimes mixed

between on-premise and the cloud, it might at first seem far-fetched to expect a unified understanding and control panel for large, distributed enterprise data repositories. Fortunately, there is a next-generation solution entering the market that combines intelligence and controls to deliver an ongoing, actionable understanding over an ever-increasing amount of internal enterprise data—and it can do so in comprehensive, non-invasive and inexpensive ways.

Leveraging concepts from Big Data, an information server becomes the fabric by which an organization efficiently and defensibly understands and governs data. Like many existing technologies, an

information server performs a routine crawl of unstructured data stores. Whereas traditional

information management products crawl for one specific action to be performed, the information server crawls efficiently to maintain an interactive, actionable inventory of all data that is then leveraged for ad hoc analysis, audit and a powerful rules engine that drives precision automation of various information governance tasks like

preservation, alerts and defensible deletion, to name a few.

This solution is distinctly different from traditional enterprise information

management products because it efficiently interacts with data at its source in a completely

transparent manner instead of moving or taking ownership of the data. A more intelligent information server completely avoids vendor lock-in and is purely agentless. Perhaps most importantly, given the new data landscape, an intelligent information server is complementary to the existing investment in the native applications and repositories of the data because it federates through approved APIs and leverages existing functionality for things like keyword search. Data can reside where users need to interact with it and organizations get the visibility and control that is needed—data does not have to be moved, re-indexed and exposed through an otherwise cumbersome and risky client mechanism.

(7)

As more and more data resides in the cloud, and collaboration applications become more scalable along with the addition of their own in-place archiving and legal hold features, an intelligent information server highly complements the future direction of an organization’s information storage landscape.

MORE INTELLIGENCE LEADS TO

BETTER GOVERNANCE

In addition to an actionable understanding of live data, an intelligent information server enables better management and governance actions to be executed in a precise and defensible manner. Standing policies can be automated across data stores with efficient tracking and measurement. It’s that simple: with a smarter information server capability, an organization can successfully implement smarter information governance.

Following are some of the common use case areas where an intelligent information server offers greater value and more powerful capabilities:

» Greater cost savings: Reduced spending on piecemeal or duplicated solutions.

» More control: Improved responsiveness, at a lower cost, to regulatory audits, litigation demands or transactional reporting.

» Better security: Identity and access governance (entitlements analysis and permissions

management), audit of data classifications and dynamic access control policies, and tracking of sensitive data assets or locations.

» More effective storage management: Fast identification of excess or stale data, rules-based data migrations between on-premise and cloud-based data stores, and reduction of storage through defensible deletion.

» More efficient eDiscovery: Early data assessment, custodian data maps, federated searches, and dynamic, automated preservation and collection.

KEY CONSIDERATIONS

The following is a list of key requirements to consider when looking at an intelligent information server technology—one that is specifically designed to achieve an actionable understanding of unstructured data:

» Big Data foundation – Regardless if there is great variety in the data or if the data is widely dispersed (i.e. across multiple servers, data centers or a combination of on-premise and in the

(8)

cloud applications), the intelligent information server should be able to scale horizontally and vertically while maintaining a central point for insights and policy controls.

» Agentless – The approach for all interactions with target data sources should not require you to install any software on production systems. Many governance technologies are designed exclusively for an agent-based approach. Agents are really only necessary if your needs stem from extreme security or compliance requirements, in which case a Data Leak Protection product is likely more appropriate (real-time content analysis and activity blocking).

» Federated search – The intelligent information server should not require full-text indexing of your data when it is already indexed by the source application. Instead, the existing full-text index should be leveraged and the results merged with results from other search providers, along with intersection of additional metadata-based filter criteria.

» Flexible metadata – The intelligent information server should be able to easily leverage any item-level metadata for insights, tracking and rules-based automation. As well, it should be able to leverage identity attributes from Active Directory for interrogating unstructured data and for rules.

» Defensible – The intelligent information server should facilitate the documentation of compliance for sensitive actions such as defensible deletion or eDiscovery collection through an audit trail, along with areas to easily capture decision logic and activities.

» Multiple actions – The solution should have interactive and actionable intelligence. The following should also be available: a comprehensive rules engine with an optional built-in workflow as well as transparent rules automation capabilities for actions like migration, alerts, deletion, collection, production, etc.

CONCLUSION

Organizations that are motivated to reduce risks, threats and uncontrolled costs associated with their data recognize the need for better data visibility and intelligence. They are taking an interest in finding more effective information governance solutions because doing so will benefit multiple key areas, including:

» Tangible savings from a defensible reduction in storage costs—i.e. identification of junk or legacy data and either disposing of it or moving it to cheaper (possibly cloud) storage; » Improved governance from setting better policies;

» Improved security from visibility and intelligence on important and sensitive data assets; » Improved compliance from an ability to routinely self-audit data classifications, file analysis,

(9)

9 » Reduced risk and spending compared with earlier eDiscovery tools that lack capabilities for

identifying, preserving and collecting data from the active environment; and, » Improved business productivity from a reduction of data clutter.

Today’s bleeding edge reality is that a next-generation solution—a more intelligent information server— is now on the market. It automatically and effectively analyzes an organization’s largest volumes of unstructured information, active data used in daily business, and high volumes of dark data so that governance rules can be applied with greater precision and at a dramatically lower cost.

ReSoft International is an authorized reseller for Acaveo.

About Acaveo

Acaveo develops transformational information governance software that delivers cutting edge insights and controls for large, diverse volumes of live, unstructured data dispersed across servers, data centers and the cloud. Acaveo’s solutions provide a highly effective and low cost approach for IT, Legal Counsel and Compliance teams to holistically analyze enterprise data, conduct defensible deletion, streamline eDiscovery, perform intelligent data migrations, and identify and classify sensitive data.

Acaveo Inc.

World Exchange Plaza 45 O’Connor St., Suite 1150 Ottawa, ON K1P 1A4 Canada

References

Related documents

Like the human eye, the relative sensitivity of a photoconductive cell is dependent on the wavelength (color) of the incident light. Each photoconductor material

Seasonal cycle of precipitation (mm month 21 ) during years with high (blue) and low (red) crop yield (according to yields exceeding +/ 220% of average, as in option 2 in Fig. 12 )

The forces acting on the powdered material stored in a hopper tend to (1) compact the powder (i.e., reduce its bulk density), and (2) the shear stresses in the material tend to

The court will always consider the quality of your relationship with your child one of the most important factors in deciding your child’s best interests.. What kind of

15,16 According to the Medical Advisory Board of the National Multiple Sclerosis Society, treatment with disease-modifying agents should continue indefinitely, as indicated,

 Hire and manage information systems personnel and contractors to design, develop, implement, operate and administer computer and telecommunications software, networks and

Information governance (IG) is the control of information to meet your legal, regulatory, and business risk objectives. The primary focus of IG is to protect an organization

The results of a deterministic knowledge production function at the district level and at the level of the planning regions (table 2) show a strong impact of the number of