Kimberly Madia, IBM InfoSphere Product Marketing kmadia@us.ibm.com, 412-667-3256 InfoSphere Governance Solutions Maximizing your Information Supply Chain Information Management Version 2010.09.03
What we ll discuss Explosion of Digital Information Changes Business Dynamics Is your organization prepared for these challenges? Leveraging Information Governance IBM s Approach Information Supply Chain Overview Data Quality Management Data Life-Cycle management Security & Privacy IBM Solutions for InfoSphere Information Governance 2
The Digital Data Explosion New Information Insight for a Smarter Planet Volume of Digital Data 57% CAGR for enterprise data through 2010 1 Machine generated data : Sensors, RFID, GPS.. Variety of Information 80% of new data growth is unstructured content 1 Emails, images, audio, video.. Velocity of Decision Making Rapidly changing business climate Need to get ahead of the curve : predict issues and fix them 3 3
A Smarter Planet harnesses today s information explosion for business benefit creating a need for better Information Governance Instrumented Interconnected Intelligent Harness information to drive innovative business opportunities & agility Ensuring compliance with policies, laws and regulations Controlling costs and optimizing infrastructure 4
Challenges around governing the usage, sharing and processing of massive amounts of electronic data Growing infrastructure and resource management costs No policies for management of data growth performance degradation Redundancy of data Disparate, complex applications and more users Lack of common security and privacy requirements Risk of security breaches, compliance, audit failures No ability to assess areas of vulnerability and prevent unauthorized intrusion s Lack of an overall protection strategy (relational / nonrelational data and access controls) Lack of trusted information No alignment of definitions across business and IT No clear understanding of data sources & relationships No standardized quality rules or threshold metrics Lack of control over test data environments 5 [A]n [information management] strategy should incorporate life-cycle information governance practices [to ensure] consistent execution of... business optimization, agility, and transformation [initiatives]. Forrester Research, Inc., Refresh Your Information Management Strategy to Deliver Business Results Rob Karel & James G. Kobielus, August 2009 If you are going to protect your company's most valuable asset your data you will begin to view data security as a component of a more comprehensive information governance strategy. Hurwitz & Associates, Why you need an information governance strategy for 2010 Marcia Kaufman, December 2009 By 2013, 25% of the companies in highly regulated industries will create and staff positions in accounting, human resources, compliance and audit and law that deal explicitly with the management of information via technology. Gartner, Inc., Organizing for Information Governance Debra Logan, November 2009
Our Clients Say Inconsistent data North American Multi-Line Insurer: Our new CEO became the most ardent supporter of Data Governance when he discovered that reports from different parts of the organization had inconsistent data. We have no control over the quality of data United States Government Agency: Our team is responsible for the trustworthiness of data to the field analysts but we have no control over the quality of data that flows into our Financials from SAP R/3 to BW. We need a policy and process to ensure we are protecting our data Healthcare Insurer: My team is responsible for sending data externally to many of our business partners and other entities. The number of these requests has grown significantly over the years and they are becoming increasingly involved and complicated. We need a policy and process to handle these requests to ensure we comply with all privacy/security regulations. We also need appropriate executive-level review and approval to ensure that each request for sharing our data externally is the right thing for us to do from a business perspective. We keep everything forever A large chemical manufacturer fails to destroy content and records in accordance with their corporate retention policy and are now burdened with the high cost of managing storage and ediscovery with no visibility into what to destroy and when. During ediscovery, we spent over $12 million dollars reviewing documents that were already past their retention dates and should have been disposed of and this was on just 4 cases at any point in time we have over 100 cases pending. We need a systematic way to manage this growth. CFO Survey: Current state & future direction, IBM Business Consulting Services. The top challenge for 43% of CFOs is improving governance, controls, and risk management. 6
Current approaches are not working The Result? Overload and Information Chaos Organizations can not afford to ignore the warning signs of information overload and chaos 7 No information visibility: to unlock what, why, where in a trusted accurate manner Runaway storage and infrastructure costs, with power, space and budget challenges Inability to manage and protect critical information results in punitive scenarios
Information Governance Creates Order out of Information Chaos Information Governance is the exercise of decision rights to optimize, secure and leverage data as an enterprise asset. Orchestrate people, process and technology toward a common goal Promotes collaboration Derive maximum value from information Leverage data as an enterprise asset to drive opportunities Safeguards information Ensure highest quality Manage it throughout lifecycle Governing the creation, management and usage of enterprise data is not an option any longer. It is: Expected by your customers Demanded by the executives Enforced by regulators/auditors 8
IBM s History of Thought Leadership in Information Governance Level 1 Initial Level 4 Level 3 Defined Level 2 Managed Level 5 Optimizing Focus on CONTINUOUS process improvement Quantitatively Managed Process QUANTITATIVELY measured and controlled Process characterized for the ORGANISATION and is PROACTIVE Process characterized for PROJECTS and is MANAGEABLE Process unpredictable, poorly controlled and REACTIVE 2005: Data Governance Council founded 2006: Maturity Model developed 2007: 20 council members using Maturity Model 2008: XBRL Risk Taxonomy published 2009: Name changed to Information Governance Council 2010: Maturity Model expanded with content management 9
What Makes the IBM Information Governance Approach Different? Information flows through enterprise systems and divisions, much like goods through a physical supply chain Breakdowns can disrupt business processes and lead to faulty decisions Good information governance optimizes that information supply chain Scaling and sustaining profitable growth Supporting compliance initiatives, reducing cost and risk Enables trusted content for reliable business 10
Information Governance Council Maturity Model Outcomes Requires Enablers Core Disciplines Enhance Supports Supporting Disciplines 11
Managing & Maintaining Data Quality in the Information Supply Chain Define what high quality data means within your business Develop realistic and reusable test data which adheres to privacy policies Standardize and cleanse data to enable strategic initiatives Constantly monitor for data quality issues and understand how to deal with an exception when it occurs Understand the lineage of your data Develop & Test Test/Dev Understand & Define Cleanse & Manage Continuously 12
Requirements to Manage the Quality of Data Discover your data across systems Develop database structures Define Rules & Cleanse Data Define common vocabulary Create & refresh test data Actively Monitor & Manage Data Design your data structures Validate test results Remediate Inconsistencies Understand & Define Develop & Test Cleanse & Manage Continuously Information Governance Core Disciplines Quality Management Lifecycle Security & Privacy 13
Organizational Challenges from Lack of Data Life-cycle Management New application functionality to meet business needs is not deployed on schedule No understanding of relationships between data objects repeatedly delays projects. Greater data volumes take longer to clone, test, validate and deploy which equates to longer test cycles Increased operational and infrastructure costs impact IT budget Cloning databases requires more storage hardware Larger databases impact staff productivity and could mean additional license costs Application defects are discovered after deployment Costs to resolve defects in production can be 10 100 times greater than those caught in the development environment Unintentional disclosure of confidential data kept in test/development environments Forrester estimates that 85% of data stored in databases is inactive Source: Noel Yuhanna, Forrester Research, Database Archiving Remains An Important Part Of Enterprise DBMS Strategy, 8/13/07 14
Managing the Lifecycle of Data in the Information Supply Chain Understanding the what & where of enterprise data Developing models and code to store and access enterprise data including configuration of data for test environments Optimizing the performance of applications through identification of bottlenecks and building the right strategy for managing data growth Implementing a consistent process for retiring or consolidating applications as their usage expires Discover & Define Test/Dev Develop & Test Optimize, Archive & Access Consolidate & Retire 15
Requirements to Manage Data Across its Lifecycle Discover where data resides Develop database structures & code Enhance performance Classify & define data and relationships Create & refresh test data Manage data growth Rationalize application portfolio Define policies Validate test results Report & retrieve archived data Enable compliance with retention & e- discovery Discover & Define Develop & Test Optimize, Archive & Access Consolidate & Retire Information Governance Quality Management Lifecycle Security & Privacy 16
Organizational Challenges from Lack of Data Protection & Security Limited time, lots of regulation, growing costs of compliance Organizations under time pressure to show compliance progress to the business Meeting privacy regulatory requirements in a timely and costeffective manner Requirements for privacy/security by user role add complexity Ensuring access to enterprise data adheres to the various job roles (Billing clerk vs. Doctor) for sensitive data fields Ad-hoc solutions often replicate sub-sets of information to meet role requirements Manual approaches lead to higher risk and inefficiency Ineffective home-grown solutions applied to mask structured and unstructured data Complex, manual processes used to identify sensitive data, perform security audits and track user access 17
Securing and Protecting Data in the Information Supply Chain Understanding the what & where of enterprise data Protecting the data across the enterprise, both internal and external threats Knowing who s accessing your data when, how and why Monitoring and reporting on database access for audit purposes Test/Dev Discover & Define Monitor & Audit Secure & Protect 18
Requirements to Manage the Security and Protection of Data Discover where sensitive data resides Classify & define data types Define policies & metrics Discover & Define Protect enterprise data from both authorized & unauthorized access Safeguard sensitive data in documents De-identify confidential data in non-production environments Secure & Protect Audit and report for compliance Monitor and enforce database access Assess database vulnerabilities Monitor & Audit Information Governance Core Disciplines Quality Management Lifecycle Security & Privacy 19
InfoSphere: Collaborative Information Governance Reusability and consistency Shared metadata and policies Breadth of portfolio Three core information governance disciplines Modular deployment entry points Supports business and IT priorities Flexible support for enterprise environments Open technology for heterogeneous support Single solution provider to Optimize the Information Supply Chain 20
60% productivity increase 3UK: Implemented an information supply chain methodology to deliver timely metrics to business users on over 700 million daily transactions 21
97%+ accuracy Aviva Healthcare Leveraged InfoSphere Guardium Data Redaction for compliance with PCI-DSS (Payment Card Industry Data Security Standard) and DPA (Data Protection Act) regulations for content management of historical information 22
Safeguards 300+ database servers Dell Implemented InfoSphere Guardium to safeguard its globally distributed database servers and streamline compliance processes, establishing a structured monitoring process for tracking changes & database activity, as well as simplifying reporting for regulatory compliance. 23
To succeed in today s digital environment, organizations must adopt and deploy an information governance strategy interlocking software with people and process to manage this growth. Leverage IBM's Experience & Leadership Proven software solution with modular entry points Governance Center of Excellence, 250+ world-wide professionals Market-tested capability maturity model with organizational assessment Information Governance is a business process to do more with less and get benefits from the information assets you already have. At IBM we can help you do it well and deliver real results. - Steve Adler, Program Director, IBM Data Governance (July 2010) Smarter management of enterprise information isn t just because we can we must. 24
25 www.ibm.com/software/data/infosphere
Additional Slides: Information Governance Overview The following slides have been included as additional and may be used at the presenter s discretion as part the main presentation, or simply as additional reference material. Slides 28 provides overview of IBM s Information-Led Transformation and where the governance solutions fit within that framework Slides 30-32 provide an overview of IBM s Smart Archive, Smart Security and Smart Testing capabilities Slide 33 provides overview of most recent solutions introduced as part of IBM s governance offering Slide 34 provides overview of the six steps to an effective governance program 26
Getting started with an information-led transformation Industry Solutions Create Value Plan an information agenda Financial Services Public Distribution Industrial Communications Business Analytics & Optimization Platform Establish a flexible information platform Apply business analytics to optimize decisions Performance Management & Analysis Predictive Analytics Process Optimization Trusted Information Platform Lower Costs Enterprise Content Management Information Integration & Master Data Management Data Warehousing, Information Governance Data Management Workload Optimized Systems & Services 27
IBM Smart Archive Strategy Bringing structured, unstructured and semi-structured information together Reports ERP / CRM (SAP, PeopleSoft ) Content (Documents, Images ) Paper Collaborative (Quickr, SharePoint) Data Email (Notes, Exchange) Optimized and Unified Assessment, Collection and Classification Value Added Services Optimization Services System Services Managed Services Reference Architecture Information Governance On Premise (Custom Config) Flexible and Secure Infrastructure with Unified Retention and Protection Appliance (Pre-Config) As A Service (SaaS, Multiple Options) Cloud Ready Archive Storage with Optional ECM Integrated Compliance, Records Management, Analytics and ediscovery 28
The IBM Smart Security strategy: Make security, by design, an enabler of innovative change. IBM as a trusted partner, delivering secure products and services 15,000 researchers, developers and SMEs on security initiatives Data Security Steering Committee Security Architecture Board Secure Engineering Framework 3,000+ security & risk management patents 200+ security customer references and 50+ published case studies 40+ years of proven success securing the zseries environment Managing more than 7 Billion security events per day for clients IBM as a trusted security vendor, providing key solutions across all security domains 29
IBM Smart Testing with Rational and Optim Your Complete Enterprise Testing Solution For External Use Comprehensive software quality process to minimize cost and shorten development cycles Manage test labs Create realistic test environments from production data Ensure protection of sensitive data Manage developer testing and quality test cases Streamline your test data management processes and deliver your project sooner and with fewer defects 30
Expanding the IBM Information Governance Portfolio Acquired November 09 InfoSphere Guardium Continuous, real-time database access and activity monitoring for compliance and security Released February 10 Global Business Services, Business Analytics & Optimization Information Governance Center of Excellence with Governance Assessment and Implementation Services Released October 09 IBM Smart Archive Strategy Comprehensive set of integrated solutions to ensure all information is properly retained and protected Acquired May 09 Released April 10 InfoSphere Optim Performance Manager Identify, diagnose, solve and prevent performance problems Released March 10 InfoSphere Guardium Data Redaction Protect sensitive unstructured data in documents and forms InfoSphere Discovery Analyze data to discover relationships & identify hidden sensitive data for privacy 31
Six Steps to Governance 1. Set your Goals - the core statements that guide the operation and development of the information supply chain. 2. Define Your Metrics - the set of measurements used to assess the ongoing effectiveness of the program and associated governance processes. 3. Make Decisions - the organizational structure and changing ideological model to analyse and make policy decisions. 4. Communicate Policy - the tools, skills and techniques used to communicate policy decisions to the organization. 5. Measure Outcomes Compare policy results with goals, inputs, decision models, and communication to provide constant feedback on policy effectiveness. 6. Audit results the tool you use to benchmark everything. 32