Getting a Grip on Information Governance

5 minute read
Kelly Bilodeau avatar

Cyberspace is looking a lot like the Wild West these days, with outlaw hackers ready to rob you of your data and the sheriff nearby looking to make sure you’re sticking to the letter of ever-tightening laws.

Are you ready?

A new Forrester Consulting survey report, Governance Takes a Central Role as Enterprises Shift to Mobile, commissioned by Druva, a data protection and governance firm, shows that more and more companies are responding to these pressures by boosting spending on information governance (IG) and adopting new systems to better-manage data.

Greater Focus on IG

But not everyone is moving quickly enough.

“Gartnerpredicts that 20 percent of CIOs will lose their jobs due to a failure togovern,” said Jaspreet Singh, CEO of Druva. Already, high profiledata breaches like those at Target and Nieman Marcushave come at a high cost for many, he added.

Forrester conducted an online survey of 205 IT and litigation professionals in North America and the UK to evaluate trends and attitudes surrounding governance and eDiscovery in a mobile work environment.

Given the fact that Druva is a data protection company, it's not surprising that Singh thinks every company should take steps to guard against mobiledata security threats and to prepare for regulatory pressures.

There are a number of drivers behind the increased attention paid to IG today, including the changingnature of our workforce and how people increasingly mix their personal andcorporate lives, said Singh.

Many people have multiple mobile devices, which means it’s more likely than ever that personally identifiable and confidential information can walk right out the door — literally. “Not only does IT have lesscontrol of what happens with these devices, it also means that there aremore copies of data spread across the endpoints,” said Singh. “Plus,users are relying on consumer tools for file sharing and other uses,removing corporate data from IT’s control.”

The risks: data breach or loss.

Learning Opportunities

Increased Regulatory Scrutiny

“Butsecurity isn’t the only risk. The amount of regulations thatorganizations have to comply with are growing as is the data, whichmeans that a breakdown in governance can result in substantial legal andfinancial risks,” said Singh. This can put your reputation at risk, as well as your bottom line. He added:

More regulations means an increased need to audit andcollect data for compliance and litigation requests. Organizations also are having to comply with increased data retentionrates, requiring them to store data for longer, another corollary effectof more stringent information governance requirements.”

Trying to Keep Up

Many companiesare trying to establish stronger, centralized governanceprograms and to put systems in place to protect against mobile threats. The Forrester survey reveals that:

  • 64 percent of respondents said they are going to put additional focus on tablet devices
  • 89 percent plan to invest more in information governance programs, with 44 percent expecting increases of 10 percent to 20 percent
  • 53 percentexpect to centralize information governance in hopes of securing andprotecting enterprise content on end user devices. This is an increasefrom 25 percent who are currently centralized and only 18 percent who were two yearsago

But these companies see big challenges ahead. Some 44 percent of survey participants believe thattheir current security andgovernance controls still leave endpoint data at risk. Why? It’s hard to control file shares, there’s a lackof coordinating governance and mobile device bring big risks. 

“With therise of the mobile workforce, organizations must establish strategiesto govern not only corporate and employee-owned mobile devices, but alsothe multiple channels that are now required to make data availableanywhere on any device. The increase in complexity is staggering,” Chandar Venkataraman, Chief Product Officer at Druva noted in a statement.

Getting A Grip

So how can companies take to make sure they are prepared for these new challenges? Singh suggests:

Collect endpoint data. Thisallows you to understand what data is out there and how it’s used.“This provides insight into worker habits and helps the organization tobuild a governance structure that meets its needs, while still enablingits workforce,” said Singh. “And just building that structure isn’tenough. Organizations also need to build in checkpoints so that they areable to easily discover data movement and respond if something out ofthe ordinary happens, such as an employee is suddenly accessing acertain piece of data for unusually long periods of time or from anunexpected location.”

Having the right systems. You should have systems in place that allow you to easily respond to legal requests for data or to access itquickly. When planning for these issues it’s important to be proactive.“Put technologies in place that will aid in your governance efforts,even if information governance itself isn’t a priority at thistime--because at some point, it will be critical,” said Singh.