Information Governance: Business Imperative or Technology Asset? Organizations are ratcheting up their investments in governance programs to deal with compliance requirements. But smart IT leaders see the business benefits of these programs beyond legal mandates and want to make sure business executives fully grasp the full range of strategic advantages information governance can bring. Brought to you compliments of: Like most relatively recent IT initiatives, information governance engenders equal amounts of excitement, hype and confusion. Research organizations such as Gartner Inc. and others have painstakingly attempted to define information governance, but even many experienced IT professionals wrestle with what it means for their organization s technology road map, information architecture and key business processes. What is currently known as information governance has its roots in records management, when organizations set out ground rules for how to handle the fast-growing mountains of information residing on their systems. Initially, records management s primary benefit was to comply with legal requests such as electronic discovery. But soon, the need for more utility in handling new types of information went beyond simple retention and disposition to managing information throughout all phases of its life cycle. By now, it is widely agreed that information governance includes a much broader array of issues, including access control, privacy and security, management of metadata and management of the infrastructure-related costs of information growth. The increasingly complex and diverse nature of information governance has necessitated tighter than usual alignment between IT and business leaders in order to leverage the full benefits of proper information handling techniques and processes. 1 TechTarget 2012
But is that much-desired alignment between IT and business proving elusive to achieve? A new research study conducted with 233 IT decision-makers sheds important light on the subject, and suggests that the two disciplines still have a ways to go before a truly synergistic approach to information governance will be the rule rather than the exception. The study, based on responses from registered visitors to SearchCompliance.com and SearchCIO. com, highlights the following: Organizations of all sizes and in all industries are dramatically stepping up their information governance programs. Compliance and regulatory mandates are the primary drivers for these initiatives, although validating the payback on monetary investments remains a big hurdle. The scope of involvement in these programs is evolving according to traditional roles while business executives focus on determining the business need, IT concentrates on program strategy and deployment. But there are signs of some intermingling of the business and technical sides on certain program aspects. Although data protection is the single most-cited focus on information governance programs, survey respondents are often looking for these programs to accomplish multiple goals during a single implementation. IT professionals express some reservations about their business counterparts commitment to IT governance programs, and indicate that they typically don t meet with the business side on a regular basis. Although information governance initiatives are widely viewed as strategic undertakings, organizations generally don t appear to be hesitant about using outsourced resources for at least some scope of these programs. And cloud computing has quickly gained acceptance as an architectural approach for information management requirements. For many organizations, implementing an information governance project is an acknowledgement that information sprawl has become so vast that it has become more difficult and more expensive to manage it all. In late 2011, for instance, President Obama issued a directive for the federal government to overhaul its full collection of records management systems and processes in order to achieve greater responsiveness and simplicity. But, as the new research points out, there often is a single driving force pushing organizations into new governance initiatives: compliance. Whether it s complying with annual audits, proving capabilities for certifications or ensuring privacy and security, compliance is usually on the top of every IT organization s list of reasons to undertake new governance projects. 2 TechTarget 2012
Which three issues are the strongest business drivers for your organization in managing electronic records? Business Driver Percentage Compliance w/statutory records legislation 67% Industry regulation compliance 50% Storage cost reduction 30% Shared use of knowledge resources 30% Quality improvement programs 26% Improvement in litigation performance 22% More personal/accurate customer service 21% Response to outside events and inquiries 20% Compliance with employment regulations 17% Faster/cheaper financial audits 11% Green initiatives 7% Not only are compliance issues related to statutory records legislation and industry regulations heading the list, those two issues are far and away considered the most important business drivers for electronic records management, followed by storage cost reduction and collaboration among knowledge resources. Whatever the driving forces, it is clear that adoption of information governance initiatives has quickly gained critical mass, and momentum for further adoption is quickly building. Already Implemented Currently implementing Plan to implement in next year No current plans to implement 3 TechTarget 2012
Implementation Status for Information Governance Project Nearly two-thirds of respondents (66 percent) said their organizations either already have implemented an information governance initiative, are in the midst of an implementation or are planning to do so in the coming 12 months. Perhaps one reason why information governance is rapidly gaining acceptance among respondents organizations is the ability of those initiatives to address multiple needs in a single deployment. Ask an IT or business executive about what their governance programs need to address, and you re likely to get answers ranging from data protection, data quality and information life-cycle management to master data management and e-discovery. In fact, more and more often, you ll hear talk about the need to embrace all of those capabilities, which indicates why all of the above was the most-cited response to that question in the study. What is the scope of your information governance project? Industry analysts and IT professionals alike agree that the scope of information governance projects transcends traditional technology initiatives in that business benefits, rather than improved infrastructure or related technical benefits, are the overwhelming target. With that focus, one of the necessary by-products has been the tighter integration and alignment between IT and business stakeholders on governance projects. 4 TechTarget 2012
However, survey respondents pointed out that IT organizations still feel there s a ways to go in order to develop stronger support from senior business executives and boards of directors. In fact, only 35 percent of the survey respondents said they strongly agree that those business decisionmakers adequately support IT governance initiatives. Our organization s board of directors and senior executives adequately support IT governance initiatives. Strongly agree Somewhat agree Somewhat disagree Strongly disagree Don t know One important reason why IT respondents feel their business counterparts don t adequately support IT governance initiatives may be the frequency of their interaction with their organization s C-level executives to discuss governance-related issues, such as applications, technology requirements and business processes. Only about one in five respondents said they meet regularly with senior executives on these topics, compared with nearly one-third who said they seldom meet with business leaders on those issues. Frequency of meeting with C-level executives to discuss governance issues Regularly Case-by-case Seldom Unsure This issue is further highlighted by the survey s finding that IT-related executives, such as the chief information officer or the head of information security, are usually not the senior-most members of the organization responsible for intellectual property protection. Slightly more than one-half (55 percent) of the time, a non-it executive oversees the protection of IP-related corporate assets, which presumably would make it even more important that IT leaders regularly meet with top business officials on governance topics. 5 TechTarget 2012
Furthermore, the study noted that, while non-it executives (including the legal department) are deeply involved in determining the business need for information governance projects, they generally cede responsibility for strategy development, solutions evaluation and project implementation to the IT group. This traditional silo approach to strategic project tasks may not be unusual in midsize and large enterprises, but many experts have raised strong concerns about organizations that fail to adequately promote collaboration among business and technical stakeholders for governance projects. Another key finding of the report centers on the degree to which respondents organizations are turning to outsourcing partners for such governance-related programs as records management. As IT budgets have often failed to keep pace with the increased demands for new capabilities that support business goals, organizations increasingly have turned to third-party organizations for such activities as applications development, hosting, managed services, help desk and other tasks. Even though business executives in the past expressed concern about outsourcing vital information management tasks, that hesitancy has melted away in recent years partly because of the reality of IT resource constraints and partly because of the desire to have internal IT organizations focus on driving strategic initiatives that have direct impact on business goals. This trend is reflected in the survey, with more than one-third of respondents saying that their organization outsources at least some aspect of their information/records management services. Does your organization outsource information/records management? Yes, 100% Yes, only certain types No Survey respondents also pointed out that their organizations increasingly are turning to some form of cloud computing as a way to deliver services related to information/records management. In some cases, respondents said they had built an in-house, private cloud that was used for these purposes, but it appears they are moving toward a hybrid public/private cloud model similar to what many in the IT community have been adopting in the past year. Overall, more than four in 10 respondents said they were using cloud computing for information/records management services. 6 TechTarget 2012
Does your organization use cloud computing for information/ records management? Solutions provider Internally managed Hybrid internal / external No Finally, respondents pointed out that the single biggest challenge they face in successfully deploying an information governance initiative centers on cost-related issues. Overwhelmingly, they cited some type of financial constraint as the key impediment to these programs, such as costs to acquire and deploy tools, applications and infrastructure for the project, or the ability to adequately document lower total cost of ownership as a result of the project or to demonstrate a quantifiable return on investment. Information governance perhaps more than almost any other IT-centric project is marked by significant diversity in who is influencing the decision to turn the idea into a reality. Survey respondents were almost equally divided between IT leaders and business leaders as having the most influence over governance investments, but they also noted that the legal department has meaningful influence over those investments as well. IT Business Legal Summary Information governance can best be characterized as a still-evolving discipline in most organizations, but there s little doubt that it s gaining momentum in both importance and as an investment center. With the sheer volume of data exploding at faster rates every year, the significance of developing an overarching, comprehensive strategy for managing all kinds of information for a rapidly expanding suite of purposes is being ratcheted up every day. 7 TechTarget 2012
As a result, organizations are stepping up their investments in tools, infrastructure, applications and services in order to meet these demands which, of course, are being stretched even further by a dizzying array of compliance and other legal mandates across geographies and industries. But even though purchasing cutting-edge technologies and innovative services are important steps toward a successful information governance initiative, it s clear that much more is required when it comes to how IT and business leaders collaborate on everything from the program s goals and strategies to measurable results. Clearly, it s in all organizations best interests to promote greater communication and prudent, shared risk-taking in order to find new ways to make information governance an integral part of how an organization conducts its business, and not just something the business side throws over the wall to IT to execute and take responsibility for. 8 TechTarget 2012