Many enterprises have embraced the rapid pace of technology, staying on the cutting edge. In adopting these hot new technologies from different vendors as they become available, they have benefited from process automation, workflow efficiencies and improved knowledge worker productivity. For many, however, information management has been an afterthought and addressed in an ad hoc manner. This results in increased data privacy risks, high costs of storing and managing information, and information liability due to poor compliance and discovery readiness.
Good information management combines technological innovation and intelligent processes around that information. This marriage of technology and processes delivers cost savings, compliance and data protection. Similar to Maslow’s famous hierarchy of needs, you start with basic needs – storage and protection – and progress to the stage where information becomes actionable and drives revenue growth. Following this methodical approach up to the pinnacle of information management nirvana calls for a step-by-step approach. And just as Maslow suggested in his hierarchy, organizations can meet higher-level needs only after they’ve satisfied the more foundational ones. Failure to follow these steps will result in, at best, only short-term gains and leave those larger goals unrealized.
The following is an overview of those needs – starting with the most basic (storage) and progressing to the aspirational (value) – to help organizations articulate their path to information management nirvana.
Storage
An enterprise should first focus on building a strong base of secure storage. Building a secure storage foundation with easy and reliable access to information when and where it is needed is a cornerstone of any successful information management strategy.
This foundation should be secure, scalable, available and provide distributed coverage for today’s global enterprises. The key capabilities that the foundation has to provide are: capture, transport, retention, access and disposition. Information security and privacy must be assured by this foundation. Not just the storage of data but also the movement of data has to be secure. Secure transport of data is essential for verifiable and reportable chain-of-custody for both physical and electronic information – key metrics for demonstrating compliance.
In building the foundation, one must also consider scale. The explosion of information means the need for storage will always be bigger than what an organization can dream of. So the challenge becomes how to build for scale without needing to make a large investment in capacity that will go unused in the immediate future. Cost-effective scalability can be achieved by leveraging storage services that scale as the business needs grow. In addition to being cost-effective and scalable, storage should also be protected to reduce the risk of loss. Information has to be available and recoverable in the midst of various human and system errors, failures and catastrophic situations.
Storage may be on-premise or off-premise (cloud storage or offsite record centers) depending on the needs, maturity and size of the organization, as well as the type of storage application and the nature of information being stored. It should also address the storage of information across different media and formats, including tape and paper.
Efficiencies
Once enterprises have a solid foundation of storage, the focus can shift to how it can be managed by a more efficient, system-driven process. A process approach is essential for the repeatability and consistency needed to realize gains – lower costs, quicker access – over the long term. Processes should be system-driven to enable the automation that is necessary when dealing with large volumes of data, helping to reduce operational risks.
Information management in this step is “operationalized” to deliver on the business goals of improved efficiencies and reduced cost. The focus in this step is on processes that leverage both technology and the people.
Major efficiency improvements come once you understand what information you have, how it is utilized and how best to invest in the infrastructure to support it. When it comes to its value to the business, not all information is created equal; cost and risk play a central role in how information should be managed. Understanding the inherent types and categories of information will go a long way in reducing the cost of managing that information.
Governance
At this point, it becomes tempting to start focusing on the top line value of information. Without the appropriate controls, however, information can become a liability and not an asset. Leveraging the aforementioned secure foundation and cost efficiencies, an enterprise can now address the risks associated with their information. The risk of information is managed through the development of policies.
Policy control delivers information governance and helps organizations proactively manage information liability. When delivered at the global level, across the organization and the systems within, policy control can help pave the way toward realizing the value inherent in information while eliminating any risk factors.
All information in an organization should not be kept forever; doing so can put the business at risk. Proper classification of information – by format, by use, etc. – enables the development of granular policies for access, retention and destruction. Many organizations do not have defensible policies for unstructured information in place because of the complexity of classification and unrealistic policies that are impractical to enforce due to the sheer volume and speed of this information. Broader classification by application, department or user is easier to develop and automate than finer-grain classification that can be difficult to develop and implement. Relying on user-driven classification is unrealistic in most cases, given the large data volumes that users are dealing with. Developing policies prior to the introduction of a new class of information ensures that business risk can be proactively managed.
Be the first to comment on this post using the section below.