The Morphing of Information Governance
“One way to look at it is information lifecycle governance. From the time that electronic information is created till the time it’s destroyed, what are your obligations? What are the risks associated with failing in those obligations? It depends on how you look at it: there are five different stakeholders in the Information Governance Reference model—the CIO, the general counsel, the compliance officer, the information security office and the business. Depending on which of those lenses you see through, it’s slightly different, but it’s the same underlying problem,” Jake explains.
I wondered, to what degree is information governance “on the radar” of corporate executives? Greater than years prior? Not an issue? Somewhere in the middle?
“There’s been a big change in the past couple years,” he answers. “We hit an inflection point, and information governance started showing up in boardroom discussions. Certainly because of the threat, but also because of the costs. Just keeping the lights on and keeping the systems running started taking a larger and larger piece of the pie, leaving a smaller piece of the pie to develop new applications and serve the customers better.
“Those two things happened simultaneously—probably not accidentally—and now it’s a boardroom discussion. And once it hit the board level, and we started seeing executives losing their jobs over not delivering cutting-edge new applications because they had to pay for storage they didn’t need, then we started seeing board-level edicts: ‘no more buying storage; we’re in a freeze,’” Jake recalls.
“Then, the next level down, became cross-functional working groups. Somebody from legal, somebody from information security, somebody from IT.” But is that really happening in general and large scale? “You’ve got early adopters. You also have a hype-cycle. Where there’s a disillusionment stage, admittedly. It depends. In financial services, absolutely—100%. Large financial services organizations have empowered information governance groups at work. And they’re getting more involved in information provisioning, down a rung or two. They are asking about baking in compliance initiatives, and things like functionality for legal hold, expiration of data… these are the tangible examples of how it’s starting to trickle down,” says Jake.
“Storage costs are key. And it looks like there are conflicting pressures: the cost of storage is increasing, and the cost of storage is decreasing.” Huh? “What’s happening is that the price of storage is decreasing, but the cost is increasing. And due to cloud and technology advancements, the raw cost of storage is decreasing about 15% or 20%, but data is increasing at 40% to 50%. We thought that the cloud, or tiering or de-duping was going to save the day… but it hasn’t been the solution.”
The E-Discovery Revolution
I then move on to talk with OpenText’s Stephen Ludlow, director of enterprise product marketing. We get right into it.
“Of all the information we create daily, almost all of it is managed—or unmanaged sometimes—in electronic format,” starts Stephen. “Information governance basically solves being able to find and keep what people need, and get rid of the stuff they don’t need to keep.
“Until what I call the e-discovery revolution, information management was about managing the documents that were truly important to the organization—the stuff you’d grab if the building was on fire. Invoices, intellectual property, trade secrets, tax records, etc. But the discovery revolution changed the story when information became of interest to litigators and compliance agencies who started to scrutinize the conversational documents as well as the ‘official’ documents. We evaluate documents less by the value of that information and more to the risk wrapped in that information. We yelled at the records managers to look at all the information in the organization, not just the ‘official’ information. Which is good; records managers have opened their eyes to information governance,” claims Stephen.
So that’s good. But what else is trending in information governance? “Well, not only the records managers got the message, but so have the software vendors, in particular Microsoft. If you look at email and SharePoint and Office 365, they’re recognizing that a lot of information lives in those repositories. They’ve put retention and search capabilities into Office 365. Companies who recognize the value (and risk) of that conversational content have determined that Office 365 handles that pretty well, and you may not need to do much more than that. The sky did not fall,” says Stephen.
“And the new-new FRCP regulations have helped. I liken spoliation (the destruction of evidence) to smoking pot…as long as you do it in small amounts, you’ll just get a slap on the wrist.”
“Companies are properly taking these matters on a day-forward basis. Don’t let the sins of the past complicate the capabilities of the future,” says Stephen.
We often talk about setting different “levels” of governance… some information requires more, some requires less. How should our readers determine when to apply stricter governance versus less stringent rules?
“The highly regulated industries have it under control. They’re almost on their second round. But outside of those, many companies are willing to live with the risk. As with SharePoint and Office 365, a lot of organizations say, ‘Eh…it’s good enough.’ We’ll get along with what we have. It doesn’t have to be an overarching activity for those organizations. But for many, it’s a critical aspect and there’s a growing industry to support that. We, as vendors, are willing to be there, but there’s a pretty good chunk of companies which are willing to roll the dice,” he says.
“I think we can draw a fairly bright line between the content that needs to be managed for risk and cost, and the content that must be managed for its value to the organization. As it becomes easier to automatically manage the content for risk and cost, I am seeing organizations begin to look for ways to help end-users become more productive in creating, capturing and filing business critical content.
“But the fact is that litigation is driving a lot of this activity. But in a global economy such as ours is now, privacy and security are becoming much higher priorities. We don’t want to have another Sony. Overseas organizations have already focused on privacy; the US will soon pay much more attention to privacy and the loss of intellectual property,” Stephen says.