Governing Governance: Not An Easy Thing To Do
So, I ask, how common is that attitude among CEOs you know, or customers you have?
"To be completely candid, not that much," admits Tamir. "I think the reason is that when companies develop these plans via a steering committee, which is typical, they bring in the usual suspects: the CIO, the general counsel, a compliance officer... but they miss the business, nearly every time. The number-one thing we tell customers is they have to include the business side. They're the ones driving revenue, they're paying the paychecks. The other stakeholders are important, of course, but they're just there to police. It's like the internal affairs officers in a police force—you need to have them, they're necessary evils, but they aren't generating revenue."
He continues on this thought. "When you include business early in the process, when it comes time to roll it out, it's much easier to implement." Sure, I say, but that's a difficult argument to make, because the business needs a "what's in it for me?" proposition, and they think implementing governance policies will just slow them down and get in the way. So rather than adhere to the governance policies, they will think of a way to game around it. "Exactly. They take out the company credit card and get a new service from the cloud, or something. I do not know of a silver bullet for this problem, except to get the business on board from the beginning. If they're not on board, it will be very difficult to enforce governance," says Tamir.
The Value Prop
Somewhere during our chat, we started talking about the various levels of governance we thought companies need to apply. "You DO have to rank the value of information," he says. "You can't treat the information created by the VP of sales the same as information from a marketing intern. But people do! No offense to marketing interns; they're very nice people and very valuable. But the value of information coming from the VP of sales is greater. So the governance of it is more important." Tamir does not want to create a value judgment, but has a good point about the hierarchy of value. You just don't have to make a big fuss about it. "Those policies don't have to be apparent. They can happen in the background. But they should be maintained in some way. It's a new of looking at information, and making sure you classify it properly and protect it properly."
Which leads to an obvious question: To what degree is it a policy matter, compared to a technology matter? "The easy answer is 50/50!" he laughs. "I don't really know. The technology has certainly improved in the last 24 months, through things such as auto-classification and semantic tools within the search engines. But at the same time, technology has sort of complicated the process. The same things that have helped business people be more mobile and agile—tablets and so forth—have complicated matters in the backend for technology providers. The cloud is another example—all these new technologies have thrown a curve ball into the process."
There's absolutely been an uptake in the demand for technology solutions for information governance. "And it's not just us; more and more vendors are talking about information governance. And the analysts—Gartner, Forrester—are using the term. So more and more interest is generated when that happens. When we talked about "information governance" in 2008, everyone looked at us like we were crazy. Today, not so much!"