What We Learned at ARMA Live! 2018
In the past month or so, I have attended a few conferences and trade shows, including the PCI Community Meeting in Las Vegas and the ARMA Live! 2018 conference in Anaheim. They were two very different crowds: at the PCI conference, I met QSA (Qualified Security Auditors), PCIPs (PCI Professionals), and got to speak with the International Director and the Executive Director of the PCI Security Standards Council; at the ARMA show, we met mostly Records Managers and Information Governance professionals.
It’s always interesting to meet and speak with people from various organizations all over the world. As a software vendor, I question them, trying to learn from them and – of course – determine if there is a pain they are dealing with that we could help resolve. As I talk with people, there are several undeniable similarities between so many of them:
We are referring here to the data found in email systems and file repositories, whether they be on premises or in the cloud. It is those millions and millions of files on network servers, in SharePoint, OneDrive, etc. Almost everyone I talk to admits that their organization has no clue what lurks in those systems, fully aware that there could be data hiding in there that could put them at risk.
Not only are they not sure what is in that data, but they also can’t even clearly tell who has access to it!
Which leads to my second point:
This is evidenced – anecdotal evidence, to be certain, but still brought up enough to warrant calling it as such – by the number of times people will tell me that IT isn’t sure how to deal with the problem, or that the tools they want to use will do nothing to help the IG folks. Also, in many organizations, there is still the sentiment that “IT owns the data”; this viewpoint is not shared by most IG/RIM people, but they realize it will take quite a paradigm shift to change those perceptions at all levels.
So, there is a massive amount of unstructured data out there, and people are not sure what to do about it, how to identify and sort out all the ROT (Redundant, Outdated, and Trivial data). The approach we suggest at NetGovern is three-pronged:
Analyze what data you have, who has access to it, and what is inside it.
Discover any non-compliant information that shouldn’t be where it is.
Enforce automated storage tasks based on the organization’s policies and protect sensitive files.
If you’d like to learn more about how we can help make sense of it all, ask us for a quick demo!