Piling On: How Information Governance Rules the World
I hear it all the time: "Our information is out of control! We are flooded by unmanaged content! We are overwhelmed by the overloads of data washing over us!!"
And I don't get it. There is PLENTY of information management. There are records management systems. There are document management systems. There are Web content and electronically stored content systems. There are archives and backups. There are structured data management systems out the wazoo. There are legal case-matter management systems... heck, you can't swing a dead cat in most businesses without hitting some kind of information management system.
So I approached this subject—"information governance"—with a little bit of skepticism. Yet I still lined up a small panel of experts and left my mind open. They filled it.
Bassam Zarkout is the chief technology officer for RSD, Inc., a software vendor with a special focus on information governance. Tamir Sigal is RSD's senior product marketing manager. We started our talk by trying to get some of the terminology out of the way:
"It all goes back to the definition. Large organizations, of course, have massive amounts of information. This needs to be governed. We happen to call it information governance; somebody else might call it something else. But there are necessary controls that need to be applied so that you can be in a position that is defensible... that you are complying with regulations; you are aligned with industry standards; you are auditable, etc., etc., etc." said Bassam.
The "massive" part of Bassam's remark is the second important factor. "The amount of information stored in organizations goes way beyond the capabilities of average content management systems," he said. "Tens of thousands of terabytes, potentially. And because of the various forms and formats, structured and unstructured mixed up together, it cannot be stored in a document-centric content management system."
The third aspect of the problem is that information is scattered in many systems and kept by many different platforms. "Content and document management systems were never designed for that problem," said Bassam. "They were intended to address specific business processes; they cannot cope with the scale and distributed nature of information in today's large organizations." Add to all that the variety of regulations and practices between countries and jurisdictions, and you've got yourself a problem. A big one.
"A great example is email," added Tamir Sigal. "Take us: We have offices all over the world, so we communicate via email a lot. But the rules vary from country to country, and I'm not just talking about, how long do I have to keep that email? For example, emails in France are considered private; you are not allowed to go into an employee's email box. In the US, you are allowed. That's just two jurisdictions; now think about a large financial services organization that has offices in 80 different locations. It is a tremendous challenge to deal with the global aspect while also adhering to local regulations."
"Information management refers to the tools and technologies and systems that automate the lifecycle of data, whether it's structured, unstructured or whatever," explained Bassam. "But information governance refers to the rules and procedures you apply to that information for the sole purpose of staying out of trouble."
There is a common belief that the corporate "content management application" is the single content management application for the enterprise. "That is almost never the case in large corporations," insisted Bassam. "To paraphrase a customer of ours: ‘If it exists on the market, we probably have it somewhere.' So for us, information governance requires taking the lifecycle management away from the individual content management systems. It's better to take the governance function away from the CMS and institute an overall information governance program. It's policy, yes, but you don't want to do it manually, just as you don't want to do records management manually. You want to apply technology."
Which leads me back to my original question. If there's already so much information management in place, why would you want to pile on yet another layer of controls? It's already big enough. You don't want to make it bigger by adding another level of bureaucracy. Do you?
Tamir: "It depends on where you are in terms of the maturity of your information governance. Some customers have already formed committees with stakeholders from legal, compliance, IT and business. And some haven't. And we all know the problem with committees; if everyone is in charge then no one is in charge. But every department needs to be held accountable in some way. It depends on the organization; in some companies it's the legal counsel who takes the lead, because they're the ones who have to have a defensible position. In some groups, it's the IT department. In some companies, it's the records managers. That's the challenge facing your readers—figuring out who's the best equipped to be in charge. There is currently no standard. It's an emerging discipline."
People? Places? Or Things?
The theme of "people versus technology" continued to run through the rest of my conversation. I asked Theresa Kollath, senior director of product management for content management solutions at ASG, to help me define where that intersection meets.
"Information governance means making sure that people do the right thing with the information they're entrusted with," she said. "It presumes there are guidelines, and it presumes there is adherence to those guidelines. It also presumes there is some sort of penalty for not following those guidelines. I would say that it's largely a policy matter... there's a huge people component."
Philip Favro is the discovery attorney for software giant Symantec. He echoed Theresa's interpretation of the "policy" component. With a twist. "Some people consider information governance and information management to be the same thing. That's a matter of semantics, and it's actually incorrect. Governance has to do with corporate strategy and policy. Information management has to do with how a company deals with its content in a pre-litigation context. Governance is the entire umbrella that covers information creation and how it's handled throughout its lifecycle. It's both a policy issue AND a technology issue. It has to do with the overall strategy with which a company addresses its data. There are both policy and technology issues implied there," Phil explained. "It's about a company's strategy regarding its information, from its creation and management all the way through to any litigation or legal response effort."
"There's a distinct difference between what companies are doing and what they should be doing," Theresa pointed out. "It should be about equal parts policy and technology, but sometimes it gets weighted differently. The technology component is necessary simply due to the terrifying amounts of data companies are forced to deal with... and it's growing 20-fold over the next decade, I've read. The days of dealing with this amount of information without technology are gone. If you're trying to do that, I feel very, very sorry for you," she laughed. "But at the same time, if you believe you have a technology solution that can do everything, you've either been handed a magic wand, or you've bought into a really good story."
She further cautioned about overreliance on the technology piece. "When we get to the point that technology supersedes human judgment... I just don't want to imagine that. That's ‘Terminator' stuff. You need the person who uses good judgment to make the best decision."
She sees hope in the marketplace, though. "One good trend among technology analysts is that they have moved from feature-based ‘does it do X, Y and Q?' analysis to a more results-oriented determination. That's been a positive change in the last couple years. People are fatigued with chasing information management trends, yes, but they are more fatigued from dealing with the information. The more help they can get, the better," said Theresa.