August 16, 2011
By James D. Shook, Esq., Director, eDiscovery and Compliance Practice
EMC Corporation
Article

Elephants, Clouds and Tablets: A Real-World Problem

We have all heard the parable of a group of blind men being introduced for the first time to an elephant. Each man discovers a different part of the elephant—trunk, leg, tusks, tail—and because none of them can "see" the whole creature, they each have wildly different perspectives on exactly what constitutes an "elephant."

The parable has been used to describe many of our challenges in information governance. Various constituent groups within the company view problems from different vantage points—not seeing the whole of the problem—which makes those problems difficult to solve. Broader issues such as governance, risk and compliance (GRC) can be even more of a challenge, because they often require a synchronization of four different groups: business; IT; legal; and records management.

Nowhere is this challenge clearer than in trying to solve a very real and complex issue that is already hitting the enterprise—tablet computing.

The Issue

In many enterprises, tablet computing is both a highly efficient productivity tool and a corporate problem already spun out of control. This phenomenon is created by the convergence of several factors:

Always on: The business mentality that we want the ability to "do work" no matter where we are, at any time of day, from any device-and the intermingling of our personal and business lives, along with the data that supports each.
Credit card IT: A name for the reality that business units can purchase certain technology tools, infrastructure and services at a low monthly cost, completely bypassing their corporate IT departments.
The cloud: This term actually describes a host of different things, but is commonly used as shorthand for IT services provided by a third party via the Internet. Cloud services can usually be purchased via "credit card IT."
Computing power: The amazing capability of putting almost all of the power of a desktop PC into a small but capable and easy-to-use tablet package.

We now have a model where almost any employee can purchase an iPad; connect that device to the corporate email server (if not, they can just use their own free Gmail or other cloud email account and forward mail to that account as needed); quickly and easily create and edit documents, spreadsheets and presentations on the iPad; then store all of this data to an online, cloud storage service. The model is relatively inexpensive and easy to set up, so it's available to virtually any employee who can get their hands on an iPad.

"Wait. So what's the issue?" The issue is that all of the content being created in this new model—which can include personnel-sensitive email messages, confidential product development presentations, spreadsheets with forecasts, social security numbers, pricing data, etc.—is frequently outside the control and oversight of anyone on the corporate side. There is potentially no security, no retention policy, no backup / disaster recovery plan, no ability to search the "ESI" (electronically stored information) for e-discovery purposes, no compliance oversight—nothing.

Today, a significant part of the tablet computing challenge is determining that there is a problem. Realistically, IT is probably in the best position to realize that there's a real issue.

If IT does not recognize that there is an issue—or sees it as just an IT problem—t will be far worse when it's uncovered by one of the other constituent groups. Maybe it will be in the midst of a lawsuit, when a witness in deposition has just told the other side's attorney where she stored copies of a sensitive document. Imagine the fun that will ensue when attorneys for the company learn that critical information is stored on iPads or in a cloud controlled by a third party!

Elephant in the Room

The elephant parable really kicks in to help in the analysis of what to do. Let's look at how our four major groups are likely to describe the problem:

Business: We have a tremendous productivity tool that is enabling us to get our work done faster and more cheaply. We just need someone to support us when we have questions or if we lose access to our data;
IT: If we are going to support this platform, then we need to have training on and access to these devices. That will take funding. We're also going to need to make sure that access and storage are secure and available, and if anything happens to the data that we are able to recover it and get our users back up and working according to our policies;
Legal: We need to understand what data is being stored and where it's located. We will need to have the ability to directly access this data for ediscovery; and if any of this information is subject to compliance requirements, then we need to understand how to meet those requirements; and
Records management: A good portion of the information created and stored on these devices is subject to records requirements. We need to have those records preserved, stored and maintained in a proper environment.

Trunk or Tail?

The problem appears very complex—but it doesn't have to be that way. If the four constituent groups are acting separately, they will find solutions that solve the issue of the trunk or the tail—but not the "whole elephant." These four groups need to work together, with some give-and-take, to legitimately resolve these issues.

The productivity enhancements of tablet computing simply cannot be ignored—or prevented—so a restrictive policy is not likely to work in most environments. Instead, working together to piece together a complete solution, determining fair trade-offs from all groups, is the key.

For example, a private or hybrid cloud for storage of tablet data might resolve quite a few of the concerns. With a private or hybrid cloud, the business can still have its ease of access, IT can deploy enterprise-level encryption and a backup plan, Legal can maintain e-discovery access and records can have capability for capturing and maintaining record data. True, this infrastructure may be slightly more restrictive, but if the business understands the needs of the other groups and understands that it can still have the productivity and efficiencies that it desires, it's a good start.

Another part of the puzzle will include policies and training on how to use, secure and store information to meet requirements of all of the groups. The business might not be completely happy with the requirements of training, and legal may just have to figure out the best way to mitigate (and not prevent) the risk that the business is willing to assume. But the tradeoffs can be found when there's open discussion and a commitment from these groups.

Visit www.emc.com/informationgovernance or emcsourceoneinsider.wordpress.com for more information.

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Elephants, Clouds and Tablets: A Real-World Problem

The Issue

Elephant in the Room

Trunk or Tail?

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

TRANSFORMING ENTERPRISE KNOWLEDGE: THE JOURNEY TO SAFE, SECURE, AND TRUSTWORTHY AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars