SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE



Similar documents
Information Governance in the Cloud

IBM Policy Assessment and Compliance

Agile enterprise content management and the IBM Information Agenda.

Real World Strategies for Migrating and Decommissioning Legacy Applications

Enforce Governance, Risk, and Compliance Programs for Database Data

Brochure. ECM without borders. HP Enterprise Content Management (ECM)

A 15-Minute Guide to 15-MINUTE GUIDE

5 WAYS STRUCTURED ARCHIVING DELIVERS ENTERPRISE ADVANTAGE

The Smart Archive strategy from IBM

Start Now with Information Governance

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

IBM Unstructured Data Identification and Management

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services

IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Symantec Enterprise Vault for Microsoft Exchange

Optimizing the Data Center for Today s State & Local Government

WHITE PAPER. Deficiencies in Traditional Information Management

Realizing the ROI of Information Governance. Gregory P. Kosinski Director, Product Marketing EMC

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

ARMA: Information Governance: A Revenue Source Potential

IBM ediscovery Identification and Collection

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007

Information Lifecycle Governance. Surabhi Kapoor & Jan Lambrechts

Information Governance, Risk, Compliance

Gain control over all enterprise content

Symantec Enterprise Vault for Microsoft Exchange

Washington State s Use of the IBM Data Governance Unified Process Best Practices

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Managing Storage and Compliance Costs through Archiving and ediscovery

Guide to Information Governance: A Holistic Approach

Archiving A Dell Point of View

Cohasset Associates, Inc. NOTES Managing Electronic Records Conference 1.1. The discipline of analyzing the. Value Costs and Risks

WHITE PAPER Practical Information Governance: Balancing Cost, Risk, and Productivity

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Business white paper Top 10 reasons to choose Cloud-based Archiving

Enterprise Data Protection

How to Manage Your SharePoint Cloud Based Business

Can you afford another day without Managed File Transfer (MFT)?

Unstructured data in the enterprise

Agenda. You are not in the business to manage records

Director, Value Engineering

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

Defensible Disposition Strategies for Disposing of Structured Data - etrash

Data Center Consolidation in the Public Sector

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

Information Governance: How to Prevent Uncontrolled or Unforeseen Spending

From Information Management to Information Governance: The New Paradigm

How To Know If Your Archive Is Ready To Be Used For Business

Optimizing the Data Center for Today s Federal Government

Why Data Management Matters Right Now

Integrated archiving: streamlining compliance and discovery through content and business process management

Veritas Enterprise Vault for Microsoft Exchange Server

Information Archiving

Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

ARMA CENTRAL IOWA APRIL 25, 2013 MAKING THE BUSINESS CASE FOR INFORMATION GOVERNANCE: MORE CARROT, LESS STICK

Information Governance 2.0 A DOCULABS WHITE PAPER

3 MUST-HAVES IN PUBLIC SECTOR INFORMATION GOVERNANCE

Protecting Business Information With A SharePoint Data Governance Model. TITUS White Paper

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Improving Workforce Safety and Productivity. Leverage Asset Information Management to Protect and Optimize Your Workforce

Information Governance comes of age

Generally Accepted Recordkeeping Principles How Does Your Program Measure Up?

Informatica Application Information Lifecycle Management

Business white paper. Lower risk and cost with proactive information governance

Technology Implementation for Law Firms and General Counsel Offices

A Guide to PST Files How Managing PSTs Will Benefit Your Business

Symantec Enterprise Vault

Top 5 reasons to choose HP Information Archiving

CA Records Manager. Benefits. CA Advantage. Overview

Archiving, Backup, and Recovery for Complete the Promise of Virtualization

HiSoftware Policy Sheriff. SP HiSoftware Security Sheriff SP. Content-aware. Compliance and Security Solutions for. Microsoft SharePoint

A Beginner s Guide to Information Governance

SAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT

98% 22% RM-Speedy [03] Sven Hapke IBM Deutschland GmbH. From Records Management to Information Lifecycle Governance

Disclosure of Drug Promotion Expenses: The Importance of Master Data Management and Considerations for Choosing a Reporting Solution

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Symantec Enterprise Vault for Microsoft Exchange Server

When Enterprise Content Goes Mobile

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Using EMC SourceOne Management in IBM Lotus Notes/Domino Environments

Miguel Ortiz, Sr. Systems Engineer. Globanet

Sage HRMS The choice between compliance risk and compliance confidence lies in HR management systems

IBM Software A Journey to Adaptive MDM

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

Fundamentals of Information Governance:

State of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN. January 2010 December 2012 DECEMBER 31, 2009

SMART ARCHIVING. The need for a strategy around archiving. Peter Van Camp

Information Governance: How to Prevent Uncontrolled or Unforeseen Spending

A CommVault Business-Value White Paper Archiving Strategies for Successful ediscovery

IBM CommonStore Archiving Preload Solution

EMC DOCUMENTUM Capital Projects Express. KEEP YOUR PROJECTS ON TRACK Flexible Document Control for Agile Teams

Test Data Management for Security and Compliance

68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via .

archives: no longer fit for purpose?

Content Management for SAP Business Suite powered by SAP HANA

Intelligent Information Management: Archive & ediscovery

Transcription:

Information is an organization s most important strategic asset the lifeblood of the organization s knowledge, processes, transactions, and decisions. With information continuing to grow exponentially, the independent research firm IDC has estimated that the digital universe will grow to more than 40 zettabytes worldwide by 2020, an amount that exceeds previous forecasts by 14%. 1 This ever-growing volume of information, however, is leading organizations to reevaluate traditional approaches to information governance. As the digital universe expands, the processing, storing, managing, securing, and disposal of information become more complex as well. Gaining control and reducing the risks and costs associated with information growth requires that information governance evolve beyond just policies and procedures. This EMC Perspective addresses a business agenda that not only reevaluates and rethinks current approaches to enterprise information governance but, more importantly, results in significantly reduced costs and a dramatically reduced risk profile for the enterprise. 1 IDC, Digital Universe Study, sponsored by EMC, December 2012

SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE More and more organizations require a fundamental shift in their approaches to information governance in order to manage and maintain control over information assets. This strategic shift is necessary for several reasons: THE MANDATE FOR CHANGE Accountability Transparency Integrity Protection Compliance Availability Retention Disposition Source: ARMA International, Information Governance Maturity Model Enterprises do not know what information exists where. With virtually all corporate information now created and retained in an electronic format of one type or another, most of this information exists in unstructured, unmanaged information repositories. Information is scattered across multiple systems, applications, and servers, both internal and external. Add to this the growing proliferation of social media content, as well as mobile devices owned by employees and not fully under your organization s control. Critical information is inherently at risk. As information proliferates, so does the risk of security breaches. Many organizations have seen their critical intellectual property (IP) portfolios compromised by security leaks. Less than 20% of all the information that should be protected is actually being protected. 2 Nearly every week brings a new report of a company that has experienced a critical breach of its information and data. The costs in damage control, intellectual property loss, vulnerability of financial accounts, litigation, and loss of customer confidence, can be crippling. In 2011, the organizational cost of an individual data breach was $5.5 million, with an average cost of $194 per breached record. 3 Information governance applied only to what exists within your physical control is no longer an option. By 2020, 40% of all data will live in, or pass through, the cloud, with an estimated 15% of that maintained in the cloud. 4 As information increasingly moves outside organizational firewalls and into multiple applications, cloud-based storage, and mobile devices, your organization must walk a fine line between control and loss of control. These added information risk factors increasingly challenge organizations and their IT departments to become more diligent, more creative for applying and enforcing consistent policies and other mechanisms for protecting and securing information. The operational costs of limited or ineffective information governance can be significant. With growing volumes of electronic information proliferating and residing both on and off premise, the operational costs of storing, backing up and managing information is not insignificant. With IT departments aiming to maximize current investments and do more with fewer resources, organizations cannot afford to manage, store, backup information that is duplicative, has met its retention obligation or which has no ongoing business value. In addition, utilizing cloud storagewhile reducing overall storage costsisn t a panacea as information that doesn t need to be retained resides in cloud environments as well. Fundamentally, if information is being retained that doesn t need to be, organizations are spending needlessly. And despite growing investments in email archiving, document management, and records retention, these investments have typically been implemented as discrete, 2 Ibid 3 2011 Cost of Data Breach Study: United States, Ponemon Institute, March 2012 4 IDC, Digital Universe Study, sponsored by EMC, December 2012 2

stand-alone solutions to managing information. What s the drawback? Organizations must frequently produce documentation for litigation, regulatory issues, HR cases, customer/supplier disputes, or other external audits. However, manual searching of file shares, emails, and physical records is the prevailing method for e-discovery. As a result, organizations cannot readily identify and efficiently produce the necessary information for an audit or litigation request without incurring significant e-discovery costs. In light of these challenges, the partial governance approach falls short of addressing the proliferation of an organization s information, both within the enterprise and beyond. Well-articulated policies and procedures but without the business processes and technologies to support them rigidly place all information in lockdown and do not provide the flexibility and agility that an organization needs. A more holistic and complete approach, in contrast, effectively mitigates information risks through centralized governance policies and procedures that are embedded with the information asset itself, and pervade the information management processes and technologies throughout your organization and beyond. For today s distributed and mobile enterprise, which expects information to be available at any time, without delay and without restrictions, this approach stands in sharp contrast to rigid, top-down approaches to compliance and governance, which are simply impractical in today s environment. As such, the more comprehensive and federated approach of Pervasive Governance is emerging as a top priority in today s information-intensive enterprise. Information and all the associated costs and risks of managing information in accordance with more and more regulations will only continue to grow, not shrink. Doing nothing is not an option. DEFINING PERVASIVE GOVERNANCE Pervasive Governance is the fundamental ability to identify, secure, protect, and produce critical information wherever it exists whether in a secure repository, in transit, in the cloud, on mobile devices, and any combination thereof. Pervasive Governance is a unified approach to information governance that meets the strategic, operational, and compliance mandates of today s enterprise. Pervasive Governance enables organizations to: Intelligently classify and determine what critical information needs to be retained versus what information can be safely deleted Consistently apply and enforce information governance policies throughout the enterprise Automatically protect and control authorized access, use, distribution, and exchange of valuable information internally, as well as externally with partners, and suppliers Quickly discover and produce the required, relevant information to comply with investigation, audits or litigation requests A PROACTIVE APPROACH TO INFORMATION RISK MANAGEMENT Pervasive Governance proactively closes the gap between strategic enterprise risks and the operational risks inherent in the day-to-day activities of how individual departments and employees create and manage information. An organization that can identify valuable or confidential information across its lifecycle knows 3

fundamentally what it should retain and/or secure and protect for either internal governance mandates or compliance requirements. As such, your organization can govern and protect this information with consistent policies and transparent processes that reduce the information burden on your employees. Any information not requiring this additional protection can be safely and efficiently deleted on a regular basis, thereby reducing data storage costs from the unnecessary hoarding of files and records. By ensuring that your information assets are properly identified, secured, controlled, and protected wherever they exist, Pervasive Governance helps organizations manage and mitigate the risks associated with unauthorized disclosure and the potential loss of competitive advantage. At the same time, it enables your organization to more readily identify and produce information whenever necessary. PERVASIVE, NOT INVASIVE Pervasive Governance harnesses the full capabilities of current technologies to automatically enforce policies with complete transparency. Organizations foster a flexible, trusted business environment for creating, exchanging, and managing information by minimizing the typical burdens of governance and compliance on employees and the organization. With the necessary business processes and IT infrastructure in place, Pervasive Governance enables employees to more easily adhere to information governance standards, best practices, and legal and regulatory requirements. And unlike many current approaches, Pervasive Governance requires true cross-functional responsibility and the shared accountability of your legal, compliance, audit, line of business, and IT teams. IT, however, is the key area where an organization can achieve the most significant cost savings through Pervasive Governance. A CASE STUDY IN REDUCING RISK AND IT COSTS A growing body of regulations requires organizations to secure and manage critical data. Other regulations require that corporate information be readily available to support litigation, investigations, and audits. At the same time, you must be able to defensibly destroy data that is no longer needed. Imagine your organization facing these seemingly contradictory requirements while staring at an ever-expanding pool of information and data. Which information and data should you protect and secure? Which should you keep on hand? Which data should you delete without a trace? Organizations can ill afford to make a decision that turns out to be based on inaccurate, unreliable, or outdated information. Here s how one global high tech company complied with these complex requirements while dramatically cutting its costs and risks. THE CHALLENGE: IP AND LITIGATION RISK The company recognized that a lack of effective governance left its all-important intellectual capital at risk. In addition, it faced a problem familiar to many organizations today: rapid accumulation of both structured and unstructured data, which was dispersed across the enterprise. But even with a wealth of data, the company found that locating information for litigation requests was exceedingly costly and time-consuming. And while the company had implemented content and 4

data management systems, it lacked effective processes for supporting its information governance requirements. THE SOLUTION: PERVASIVE GOVERNANCE In its first attempt, the company initiated a records management system. But with its critical IP still at risk, management quickly realized that a more strategic, comprehensive approach was required. The company found that in broadening its approach to include all structured and unstructured data, including corporate documents, email, video, social media, etc. The company systematically identified and classified valuable information that was subject to specific business or legal retention requirements. Moreover, by embedding governance policies into the very fabric of its IT systems, the company ensured that decisions for retention and disposition would become automatic. That relieved employees from the burden of choosing which data to restrict, while ensuring that valuable data was used productively. At the same time, a single, unified policy across the company helped identify, manage version control and lock vital IP data away from all unauthorized users. And, they helped make critical litigation support information easier to locate when needed. THE RESULT Through its Pervasive Governance approach, the company has systematically eliminated redundant, unnecessary information, helping to slow the growth of its storage requirements. In addition, the company accelerated its e-discovery processes by permanently deleting content with no legal retention requirements, and tagging essential content to reduce the risk of accidental deletion. According to Gartner, By systematically eliminating redundant information, (the company) has retired multiple legacy systems, eliminated shadow IT, reclaimed 1 petabyte of storage space in its data centers and saved $12 million in IT costs. 5 A TIME FOR ACTION Pervasive Governance delivers the real ability to manage the growing complexity of the information management process. It embeds information governance policies, access rights, and permissions within your organizational business processes and IT infrastructure. By automatically classifying data, a Pervasive Governance strategy segregates your confidential, most valuable information and critical business records, while providing rapid access to that information when needed. This approach is not merely technical; it s necessary to mitigate the risks to your entire organization, and it merits the highest level of attention. Executive sponsorship of Pervasive Governance is essential, because senior executives are best positioned to appreciate the need for a holistic solution one that eliminates silos and ensures consistent enforcement of policies. To move forward with setting a pervasive information governance strategy, senior management teams should consider the following: 5 IT Cost Savings with Information Governance, Gartner Inc., Debra Logan, 17 April 2012 5

Review your current information retention and disposition policies for your organization s most valuable business information, including proprietary content such price lists, contracts, and other documents that contain confidential or sensitive information. Assess how these policies are consistently applied or enforced across the organization, not only for files and documents stored in traditional enterprise content management repositories, but also for information proliferating in common collaboration tools such as Microsoft SharePoint or within largely unmanaged file shares. Prioritize implementation of an integrated information retention and records management program that is both automated and transparent. Integrate other best practices into your operational processes for storing, protecting, and accessing critical business records. Investigate new investments in technologies for securing, protecting and discovering information based on value and risk to your organization. Best practices in these areas can help protect revenues and competitive advantage, enable a quick and defensible response to an audit or litigation request without incurring significant costs, and can thereby reduce both financial and reputational risk to your organization. With a Pervasive Governance strategy in place, your organization can harness the full capabilities of advanced information management technologies and processes. The risks of inaction far outweigh the costs of action. And the returns to the organization can quickly justify the investment. CONTACT US To learn how Pervasive Governance can transform your organization, visit the EMC Information Intelligence Group at www.emc.com, or contact your local EMC representative or account manager for more information. EMC2, EMC, the EMC logo, are registered trademarks or trademarks of EMC Corporation in the United States and other countries. Copyright 2012 EMC Corporation. All rights reserved. Published in the USA. 02/13 EMC Perspective H11385. www.emc.com EMC believes the information in this document is accurate as of its publication date. The information is subject to change without notice. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information