Data governance is the type of complex, time-consuming topic IT organizations historically avoid. However, with daily reports of data breaches spanning retail, banking, healthcare and other areas, there’s a lot at stake for companies who continue to avoid tackling the problem.

Last year, more unstructured content was generated by humans than structured content generated by machines. Between 38 percent to 59 percent of data loss and breaches are due to mostly avoidable human error that could be prevented with the right set of policies and enforced by software tools and employee training.

These errors and breaches will cost companies $25 billion this coming year. It’s a problem that is increasing exponentially. Up to 80 percent of storage capacity worldwide is used for bits and pieces of information that are generated and shared by humans.

In corporation, this unstructured data is often stored across multiple repositories and consumed through a variety of business apps. But employees don’t care where it’s stored – they just care about being productive. Even with sophisticated tools and expert teams, data governance remains messy at best and unmanaged at worst.

Over time, organizations, regardless of industry, end up dealing with as many content silos as there are applications — think about your emails, instant message, social media, desktop presentations, mobile photos etc. Employees create their own digital workplace with a patchwork of highly specialized productivity tools that each do one thing well (in theory, at least). But then they become increasingly frustrated with the time spent looking for information across all these solutions.

On average, a knowledge worker spends 36 percent of their time looking for information. If content creators can’t keep up with the amount of data across apps, how could we expect IT to protect it?

This is the paradox of shadow IT: corporate intellectual property stored in many repositories must be secured and protected by IT professionals not consulted by users as they select the apps to work and collaborate on this content.

The conversation needs to shift from blocking unsanctioned productivity apps manipulating this content, to intelligently protecting the content at the source (i.e. repository) itself so users who should be able to leverage their favorite apps – even when not approved by IT - but only for the content they are allowed to access to. Information governance is the industry term for having clear processes for users and IT on the secure handling of content. Where and when can content be shared? How should it be shared? By whom? With whom?

But information governance doesn’t prescribe tools to enforce the process so policies are respected at all time. A comprehensive content governance should follow corporate content end-to-end, enforcing policies set up by IT, legal, or compliance no matter where the content resides (in the cloud or on-premises) or by which apps it is accessed. If rules are infringed, alerts should be issued in real time allowing IT and users to take immediate action.

The first 24 hours are critical when a breach occurs and this is when most of the information is stolen. Say an accountant has access to the Finance folder in Sharepoint but not Egnyte Connect. There are two explanations: access was wrongly granted to him on SharePoint, and it should be removed; or the employee should be granted access on Egnyte as well to perform his job.

Either way, the key is to make sure the right people see the right content at the right time regardless of where the content is and application the accountant is using. Some confidential information, for instance, should never be shared externally unless protected by a password or encrypted.

Information governance programs train employees on this, but mistakes are human. Instead of sanctioning errors, systems should be set up to correct mistakes as soon as they happen and alert IT and users so they can fix it on the spot. Where are the Social Security Numbers, earnings data, and other confidential files stored? Who has access to them?

IT should be able to answer these questions at any point in time and define specific rules for sensitive content access, as well as additional encryption, data residency policies and partner with legal, HR or compliance on who should access and modify it.

Content governance solutions that help define and enforce policies without limiting user productivity or generating overhead for IT will be the winners of our new information age.

(About the author: Isabelle Guis is the chief strategy officer at Egnyte)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access