Blogs HomeI just returned from the Gartner Risk and Security Summit held @ the National Harbor in Maryland. While I have been to several Gartner summits before, this was my first time attending the Risk and Security summit and truthfully didn’t know what to expect. I wanted to learn what the burning issues were for risk, security, and compliance officers so I focused on the Risk Management & Compliance program. I was happy to see a session dedicated to Information Governance and several eDiscovery sessions at this event.
The Information Governance Imperative
Debra Logan gave a talk about the importance of Information Governance in the enterprise. Gartner defines Information Governance as the means to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information.
Over the last six months, I participated in over fifty meetings with customers, prospects, and partners regarding Information Governance. More and more of the meetings I attend include someone from risk and/or security. Certainly makes sense when it comes to better management of corporate information. In many cases, security and risk are not decision makers of such a solution, however in all cases they are an enabler and benefactor of such a program. I strongly reccomend you to read Debra's blog on What is Information Governance? And Why is it So Hard?
Four key takeaways from Debra’s session:
- Information Governance is about improving the value of information. Some people within the organization may rely on the FUD message, however for most organizations information is a valuable asset.
- Information Governance is about “role discipline” across the entire organization. This includes legal, IT, records management, line of business, and of course executive management. Debra warned to be careful of "death by committee".
- Information Governance is about central management of information. Companies must be prepared to hire new roles and change existing responsibilities. It’s all about defining roles and making sure people acknowledge their roles.
- Information governance is not always about technology. There is no single vendor for Information Governance however technology is the underpinning for Information Governance. It’s about behavior.
Regulations are Not Overrated
French Caldwell gave a great presentation on the different regulations with pragmatic advice on determining which regulations apply to an organization and integrating the regulations into a governance program. A few main takeaways from French’s presentation:
- Are you including multiple jurisdictions in your program? French explained the necessity of considering all the regulations across the different jurisdictions where a company conducts business. Remember, jurisdictions can be local governments, states, and countries.
- How effective are the GRC vendors at updating their regulatory content? It’s too early to measure the success of this and customers must determine the cost and risk of relying on their GRC vendor for this content as this may not be their core business.
- Is Legal involved in your GRC program? If not, they should be.
GRC must support Record and Content Lifecycle
During the same session, I was happy to hear French bring up the importance of regulations and the impact they have on records management however in his other session, “The Future of GRC”, he made no mention of it. I thought this was a little odd since many customers are beginning to consider information management as part of their GRC strategy. Many companies are simply not there yet – which I really think is part of the future of GRC.
eDiscovery Meet Risk; Risk Meet eDiscovery
Finally, I was pleasantly surprised to see a few eDiscovery sessions at this event. Initially, I didn’t expect the IT risk/security audience to be remotely interested in eDiscovery. However the process of eDiscovery is moving in-house for obvious reasons (i.e. reduce costs). Debra gave a great overview of the EDRM model and explained IT’s involvement in the eDiscovery process. I was hoping she would focus on the data privacy and security issues around eDiscovery.
Thank you again to Gartner for putting on an excellent and quality event. See you next year.
RSD on Facebook
Follow RSD on Twitter
RSD on YouTube
RSD on LinkedIn
RSD Web Site
Subscribe
About RSD
Thanks for summarizing the sessions you attended (none of which overlapped with mine). If you or others are interested, I provided a similar narrative style coverage of the sessions I attended each day start with day 1 here: http://bit.ly/jxbmFG
Posted by: Jfbauer | June 27, 2011 at 09:11 AM
Do you have an recommended sources of data to suggest what makes sense to out-source versus in-source for eDiscovery services? You mentioned a move to in-source thus wondering if you can point me at any material that help explain why one would/would not out-source eDiscovery services today.
Thanks again for taking the time to share your perspective on the Gartner event.
Posted by: Jfbauer | June 28, 2011 at 11:28 AM
Thank you for the comments. Take a look at the following Gartner reports; G00212221 and G00172931. eDiscoveryjournal.com also provides some really good reports and stats. Hope that helps.
Posted by: Tamir Sigal | June 29, 2011 at 04:01 AM
I heard that the ediscovery protocol opens a potential risk for the server. I think they will patch it up with a new security policy and internal protocol.
Posted by: email archiving | October 26, 2011 at 12:46 AM