The Impact of Social/Mobile/Cloud on Information Governance
Organizations need a platform to manage all of their information, wherever it resides and whatever the format, in compliance ?with growing regulations, often in multiple jurisdictions and demanding business requirements. In recent years, information governance has gained significant attention as the way to manage these multiple requirements. However, new trends constantly emerge, requiring companies to update how an information governance program is deployed—from managing policies to enforcing those policies across the complex corporate infrastructure. Recent trends causing knowledge managers, IT, records managers, compliance officers, and legal professionals to rethink information governance include social media, mobile computing sometimes referred to as “bring your own device” or “BYOD,” and cloud computing. These three trends are typically referred to as “social, mobile, cloud.”
Social Media
Social media provides many benefits, even in a corporate setting. Communication is enabled, distance is irrelevant, and information is shared with ease. But within a company, there are some consequences to this ease of sharing. Different uses of social media must be considered in an information governance program.
Companies often have their own social media accounts, monitored by a team of social media, PR, marketing professionals, and/or legal teams. Sometimes these individuals have personal social media accounts that are used solely for corporate purposes. The content generated from a company account or from a personal account used for business must be treated as corporate information, governed under the same policies. Social media can be used for personal reasons. Employees have personal social media accounts, and it is up to a company if employees can access these while at work. Regardless, there must be clear policies about what employees can and cannot post on social media regarding work.
Enterprise social media tools exist to help share information internally as well. Tools like Yammer and Jive help employees communicate quickly without flooding email inboxes. Even SharePoint has social and mobile features. Presumably, the majority of content generated through these tools is corporate data, and organizations must consider how this information should be governed as well.
Mobile Devices
Bring Your Own Device is a trend that has emerged within the past few years to encompass the idea of using one’s personal device (smartphones, tablets, etc) to conduct business. As smartphone adoption increases, more employers are forced to let employees bring their device of choice to work. Employees enjoy the freedom to choose which device they want to use, and they prefer to keep everything on one phone instead of carrying both a business phone AND personal phone. Organizations find that this fosters employee accessibility, not to mention good will, and potentially lowers costs for the company of having to provide a device for each employee. However, the IT and compliance implications are huge. With input from departments such as legal, compliance, and risk, IT must be responsible for securing multiple types of devices. How can organizations ensure that information contained on mobile devices is compliant with company policies? How can they protect sensitive corporate information? What happens if an employee loses a device, or if it is stolen?
Cloud
Cloud computing entrusts an organization’s data to a remote network where computing resources can be delivered as a service. By using the cloud, there is potential to reduce IT costs since maintenance is effectively outsourced to the cloud provider and applications can be accessed faster and easier. Cloud also enhances mobility since users can access data using a web browser, regardless of location or device. One of the biggest drivers for cloud adoption are file sync and share based repositories such as Google Drive, Microsoft One Drive, Box, and Drop Box. These cloud-based technologies enable sharing of business and personal files from any device. With these significant benefits, the cloud has seen substantial adoption and the momentum shows no sign of slowing down. However, there are many complications with cloud deployments. When organizations operate in multiple jurisdictions, they must manage the various regulations in each jurisdiction. The cloud complicates this further—should content be governed according to regulations where the company operates or according to regulations where the content resides?
Some key steps before implementing information governance in the cloud are:
Prepare: Moving to the cloud will affect your IT infrastructure. How can those responsible for information governance effectively manage information in the cloud? Understanding these issues will help you overcome any challenges with governing content in the cloud.
Map out the consequences: Think about the legal implications. Your policies might be affected when your content is in the cloud. Organizations must decide how to enforce policies and manage regulations in multiple jurisdictions, depending on where their cloud content resides. Some of this may need to be agreed upon in advance with the cloud service provider.
Policy creation and management: Information governance policies are established ?to ensure compliance with laws and regulations and should provide an audit trail. All policies must be enforced uniformly, whether content is in the cloud, in a document repository, on a shared drive, or in paper archives.