4 Signs You May Be Dealing with Information Governance Problems
It's difficult to identify problems relating to Information Governance. It's, in fact, one of the most important challenges for the adoption of an IG strategy. So when searching the web for solutions to your work problems, it's rarely going to come up in the results. But the holistic framework IG provides might be just what you need to shift your organization's data culture and finally take a few items off your to-do list. Read on to find out.
4 key signs you’ve got an information governance problem
Discover 4 key signs that your work problems could be solved through improved Information Governance practices. There are obviously many more but you’d never finish this post if we listed them all.
Want to know more about auditing? Talk to an expert!
Sign #1 - Escalating storage costs
To comply with regulations, you need to keep all email communication related to your business for a specific amount of time. Users never delete anything because of the ‘’just in case’’ mentality. They also regularly send email with attachments to dozens of people at a time, which makes dozens of instances of the same attachments to store. You are also unsure about what you should do with your inactive users. Should their mailboxes be deleted, archived as is, or archived after a data cleanup? You have witnessed the amounts of data become enormous. And no matter how much money you throw at storage capacity it keeps filling up.
Solution - Policies and deduplication
Problem one can be solved by creating retention and disposition policies. An archive could also serve to enforce information lifecycle policies. Email messages can be automatically deleted when their retention period is up unless they are put on legal hold. Email attachments can also be replaced by links all pointing to the same attachment stored only once. Just that one change can have an enormous impact on storage.
Sign #2 - Fear of audits keep you up at night
You have to manage your organization’s data but you don’t own it… And you have no idea what’s in it. As the years went by, many different employees came and went, or got different roles and access to data. Now, it’s unclear who has access to what. You keep wondering what auditors would find if they looked through your organization’s data as there are more and more requirements to comply with from evolving or entirely new regulations like GDPR, HIPAA, or PCI DSS.
Solution - Get visibility
The answer is visibility. Visibility into data and data access. Data access control tools let you identify who has currently access to what and, moving forward, automatically provide or revoke data access per role and department. First step is to perform an audit to understand what kind of data is stored where. Then, do a first sanitization to remove sensitive data from unsecure locations. Using issues identified during the first audit, create content policies. What should be stored where? What kind of information is sensitive and needs more protection? Finally, educate end-users, and enforce the fresh policies. Once this is accomplished, you might realize you won’t need to purchase a new mattress to get a good night of sleep after all.
Sign #3 - You can’t find what’s right under your nose
If you have seen the movie “The Hangover”, you probably remember the protagonists desperately searching a whole city for their missing friend, only to find him on the roof of their hotel. How often have you spent hours looking for information that was in plain sight? When you need to find information quickly for litigation, eDiscovery requests, FOIA requests, GDPR, or simply for daily operations, it’s always a struggle. When, and if, you do find what you’re looking for, and have to submit it, you have to print everything because you can’t produce it to a common readable electronic format. You also don’t have tools to narrow down the results of your search. It’s always annoying, but especially in the case of litigation. You send everything for review to an external law firm charging by the hour. The average email being 75KB, 5TB of them can represent as much as 72 million emails... that can take days or weeks to review!
Solution - eDiscovery
Problem three can be solved by investing in eDiscovery tools. Your team, the legal department, human resources, and most business users will benefit from being able to find information more quickly. For the legal department, the DIY approach saves huge costs. Whatever the purpose of looking for information, it can be found, put under hold if needed, and produced or consulted in time. eDiscovery tools can also be easily used by non-tech employees, freeing scarce IT resources.
Sign #4 - Watching the news make you queasy
You see a lot of companies, like Marriott, making the headlines. Their operations stopped because of ransomware, or they were the victim of phishing attacks and leaked sensitive information. You don’t want to be “that company”. The one everyone is using as an example in their blogs! You also don’t have a budget set aside to recover from a cyber attack… and the loss of customers and brand equity just compound the problem.
Solution - Continuously improve and test security
The key here is to stay one step ahead of hackers. Security measures have to be continuously improved and tested. Get validation from external sources for network security, social engineering, and so on. Risks of being the victim of ransomware or phishing can’t be completely eliminated as even the best software and smartest people can fall for those schemes. But when you combine best-in-class security measures with an Information Governance strategy you minimize the impact of an attack and show regulators you are making your best effort. So in addition to minimizing damage to your organization's reputation, speeding recovery, and reducing recovery costs, regulatory authorities should be more lenient, resulting in lesser fines & penalties.
Four Problems with One Solution: Information Governance
All these solutions have one thing in common, they are part of an integrated Information Governance framework. Traditionally, IT has been charged with hosting the organization’s data, but they don’t necessarily “own” it, nor have the legal knowledge to determine what needs to be kept and for how long. Hence the existence of these common recurring issues across many organizations.
Information Governance is a cross-functional, collaborative endeavor involving the real data owners! Many moving parts and many stakeholders need to get together to develop an effective Information Governance strategy. Information, like any asset, needs to be treated and used strategically. A proactive rather than reactive approach to IG maximizes information value while minimizing cost and risk. Not to mention it can heal chronic nausea and insomnia! Do you think that the solution to your problems could be Information Governance?