Current Affairs

December 21, 2011

2011 in Review – Pop Culture Meets Information Governance

Wow, it’s already the end of December. It’s been an exciting, busy, and fun year at RSD as we continue to work with our customers on addressing their information governance challenges. I know there are going to be dozens of articles on reviewing 2011 and predicting the next big trends, I thought it would be fun to combine 2011 pop culture with trends we will most likely see information governance in 2012. Also included at no charge are ten recommendations for 2012.

Album of the Year: 21 from Adele

“Here's a fire starting in my heart, reaching a fever pitch, it's bringing me out the dark”

Historically, records management was a corporate function buried in the basement or locked away in the dark somewhere in some offsite storage facility. Records mangers were focused on paper records, ensuring records were retained in a reliable and authentic manner and are ultimately disposed of in accordance with a retention schedule. Today, things are much different. Management of corporate information is becoming a topic of discussion at the executive level because of the consequences of information mismanagement  – brand damage, stock price, fines, and revenue. This is precisely why the records management function is beginning to report to general counsel and getting a seat at the table where strategic decisions are being made.

2012 Prediction: I don’t want to be the hundredth person to tell you to get executive buy-in for your records management program. This is going to be a slow process. I suggest starting to create awareness in your organization, starting with your peers (in other functions) and making this part of the department/corporate objectives.

Book of the Year: Unbroken from Laura Hillenbrand

“Though all three men faced the same hardship, their differing perceptions of it appeared to be shaping their fates”

Information management applies to everyone in the organization – regardless role, level, or jurisdiction. One of the top challenges facing companies is determining who owns this problem. Some say it’s legal, others claim IT, and a few maintain the business owns it. This is just one of the reasons why the current process is broken. Organizations must develop an overall governance strategy that includes a closed-loop records management program – from policy creation time through policy enforcement over the decades-long lifecycle of corporate records. These strategies must be also aligned with IT reality and cost constraints with a well-defined set of stakeholders, policies and procedures. The program’s objectives are to advance the corporate compliance agenda, mitigate risks and improve value of information. The tactics of the program consist of applying “legally defensible” governance controls over corporate information throughout its entire lifecycle.

2012 Prediction: IT is going be driving more and more projects to support the information governance program. According to a December Gartner report (G00227336), by 2016, 20% of CIOs in regulated industries will lose their jobs for failing to implement the discipline of information governance successfully.

Movie of the Year: Transformers 3

“You simply fail to understand, that the needs of the many outweigh the needs of the few...”

Information governance policies and objectives cannot and should not be developed in a vacuum. You must get consensus throughout company on policy, then add local stipulations. Policies should also incorporate attributes associated with the business, IT, legal, and compliance:

  • Retention/disposition (i.e. when can we safely delete information)
  • E-discovery (i.e. legal hold, data map)
  • Data privacy (i.e. Personally Identifiable Information)
  • Storage lifecycle (i.e. automatic tier migration)
  • Metadata lifecycle management (i.e. keeping full text index for the life of the record)
  • Laws and regulations (i.e. justification around the policy)

2012 Prediction: Expanding existing policies to include all of these elements will take time; certainly beyond 2012. However, in the near-term (that’s 2012), many more multinational organizations will consider jurisdiction-specific rules and include the business owners in the policy development process. According to a recent Forrester Report; 53% are not satisfied with their records management solution’s support for international requirements.

App of the Year: Words with Friends

“Word building, triple score seeking, chat bubble sending goodness with simple and familiar gameplay you know and love”

SharePoint 2010. Enough said, right? Well, sort of. Take it from me, SharePoint has certainly dominated the market this last couple of years. One of the reasons is because it’s simple to use and integrates well into the Office environment. The big question on the table is the impact SharePoint has on an information governance program. As usual, some companies have addressed this pretty well. If you haven’t, here’s a hint: start with your policies.

2012 Prediction: SharePoint 2010 came along way in terms of records management functionality and you will hear more and more case studies on how (and why) organizations are standardizing on SharePoint.

Final Words

Based on what I am reading and hearing from our customers, 2012 will be an exciting year for information management professionals. Top ten 2011 takeaways and suggestions for 2012:

  1. Why not, boil the ocean at once.
  2. Don’t forget about “Small Data”.
  3. Understand the impact of records management on social media (this blog is a record, so there!)
  4. I personally prefer “reactive” e-Discovery, don’t you?
  5. Use the cloud for everything…and yes, I mean everything.
  6. Job security: everything you do should not be repeatable or defensible.
  7. eDiscovery, records management, information governance are not the same sides of the same coin. I am sorry, that’s just not possible.
  8. Information governance means what you want it to mean.
  9. Explain SharePoint 2010 governance to users. They will appreciate it.
  10. Have fun and to quote the late Steve Jobs, “Think Different”.

Happy Holidays and New Year.

Posted by Tamir Sigal at 07:18 AM in Current Affairs, English language, Information Governance, Records Management, Web/Tech, Weblogs | | Comments (2) | TrackBack (0)

Technorati Tags: , , , , , , , ,

October 19, 2011

Thoughts from ARMA 2011 Conference – My Three Takeaways

I just returned from the ARMA 2011 conference, held at the Gaylord Resort at the National Harbor in Maryland. I have been to ARMA several times in the past (more times that I would like to admit) and happy to see Gaylord_national_harborARMA is pushing the envelope with the program and content. This is certainly required to keep the records management function relevant in today’s organization.

Going up, 17th floor please

The first time I attended ARMA, most of the attendees were either in the basement or locked away somewhere in some offsite storage facility. Records mangers were focused on paper records, ensuring records were retained in reliable and authentic manner and are ultimately disposed of in accordance with a retention schedule. Today, things are much different:

  • Explosion in electronic content (formats, storage)
  • Defined and stringent eDiscovery requirements
  • Laws and regulations across multiple jurisdictions
  • IT systems (often times with cryptic names)
  • Privacy and security concerns

I am not going to bore you (again) on the consequences of information mismanagement – brand damage, stock price, fines, and revenue. This is precisely why the management of corporate information is becoming a topic of discussion at the executive level. Records management is beginning to report into legal and getting a seat at the table where strategic decisions are being made. I do warn you this trend is a little slow according to the latest Forrester survey, but it is changing. Galina Datskovsky, the president of ARMA suggested inserting yourself into these conversations about better ways of managing information.

Oh no, this blog is a record

It just occurred to me, “managing information” is just so broad and I hate when vendors use this term (oh wait, sorry). The term “information” means different things to different people. For some, this means paper records stored in some warehouse off the NJ Turnpike. For others in marketing, it may be the twitter feed on their products. Very different – for obvious reasons. I recall six years ago at ARMA, the big thing people were talking about was email. This year, ARMA decided to make the Tuesday morning general session around social media and records management. Wow, talking about pushing the envelope. This is from the same organization that not long ago was touting "electronic records were the future of records management."

The session (in the format of a vendor panel), talked about the many steps a company needs to integrate records management program with their social media strategy. The best takeaways from this session include:

  • It all starts with policies – I have been saying this for years. Regardless of the source, format, location of the information, you need to define and validate the policies.
  • Policies include more than retention – Everyone on the panel agreed policies should include data privacy, address metadata concerns, and address security concerns.
  • All jurisdictions are not treated equal – This is a no brainer but should be mentioned. Each geographic region has its own set of laws, regulations, and requirements. This is especially around data privacy.

My favorite part of the session was when one of the panelists claimed their technology can determine if my tweets and blogs are sarcastic. Now, that’s awesome!

So, the second take away from ARMA is more practical advice on how to best govern all corporate records, which is currently outside the records management function. According to statistics, records management only deals with 10%-15% of the information within the organization – file shares, C drives, ERP systems, and social media content (blogs, tweets, etc). No surprise, SharePoint was a big discussion point. But that’s a different topic for another day.

Finally, information governance means something

Information governance is being used more and more –and not only by the vendors. At several customer meetings in our beautiful private suite, I asked the question. Does your company use the term information governance? The resounding answer was “yes”. We have customers leveraging the GARP maturity model to assess their information governance needs across departments and jurisdictions. Barclay Blair was walking around the expo floor asking people how they defined information governance. Can’t wait to see the results.

RSD defines information governance as the means of enforcing the desirable behavior in creating, using, managing, and deleting of all corporate information. Information governance is not search. Information governance is not a mechanism to justify increasing storage costs. Information governance does not mean you need to roll out hundreds of crawlers on your users desktops. Finally, information governance does not mean auto classification (which by the way does require some discussion).

At this year’s ARMA, RSD decided to declare itself as “the official sponsor of information governance”. This is for a reason. In addition to delivering a proven and patent-pending solution to market, RSD’s Bassam Zarkout was the only person at ARMA 2008 talking about information governance before information governance even was discussed by anyone. Now that’s cool.

Final words

Even though I think the show was a little slower this year, the event was excellent. I would like to personally thank ARMA for a great event and for all the attendees who took part in our contest. Who knew, the letter “A” was the most valuable button. RSD gave away five iPads - go Apple stock price. I would also like to thank Bob Williams from the Cohasset Group for organizing the MER Experience. The feedback from this track was extremely positive and I am proud RSD was part of this program.

Comments, questions, concerns?  I would love to hear from you. See you in Chicago.

Posted by Tamir Sigal at 12:18 PM in Current Affairs, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management, Weblogs | | Comments (5) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , ,

September 30, 2011

Governing Cloud-Based Content – Both Easier and Harder than it Seems

Once in awhile, as we did this past Wednesday, we’ll talk to a forward-thinking customer who realizes that the question is inevitable, whether they are creating cloud-based content or not: how to govern it?

First the Good News

On its face, the question is simple enough. With RSD GLASS, customers can govern records of any format, regardless of where they reside and how they are stored. And we allow in-place governance, which means that our customers don’t have to migrate content from the existing repository / archive / email server / storage system / physical inventory / etc. to our system. If we can do this, can we not also govern cloud-based content? The answer is the same as for any other repository: it depends.

First, it depends on what kind of governance you wish to employ. Are we talking just simple retention and disposition? E-discovery activities and litigation holds? Or are there additional lifecycles you’d like to automatically enforce, such as storage, metadata, and security lifecycles?

Second, once the governance controls are understood, we then need to determine if the repository supports those controls. If so, and if there is a means for accessing those controls via an API or similar technical interface, then the answer is yes, we can govern that content.

And that is true for cloud-based content as well. Re-read the previous paragraph, substituting “repository” for “cloud provider”, and our position is clear: if the cloud provider supports the governance control, and if they provide a means for leveraging it, then yes, we can govern that content. Intuitively, this makes sense: the nebulous (heh, you see what I did there?) nature of cloud-based content refers mainly to how it is accessed: usually via hyperlink, if not through an application that hides the access from the user. In the back-end, the a cloud-based record still resides somewhere… perhaps in a SharePoint repository, or perhaps on a proprietary repository specific to the cloud provider. All the provider has to do is expose the services offered by the repository, and we’ve got ourselves governance.

Mind you, not all service providers support these types of controls; many did not take governance into account when architecting their offerings. If you are in the market for a Repository-As-A-Service type offering, and if you want the option of governing cloud content in place, these are important questions to ask before you sign.

 

Location, Location, Location

 

But hold on there, Sparky, there is an important consideration that is usually forgotten. But ignoring it can put your company at serious risk of violating important data privacy statutes. We know, despite how the information is accessed, that at the end of the day, it’s sitting there somewhere. Where? No really, WHERE? One of the key benefits of adopting an information governance approach such as the one enabled by RSD GLASS is the ability to demonstrate that you are managing your company information in accordance with applicable laws and regulations. Cloud providers may move data around their infrastructure to maximize internal resource utilization, and minimize cost. They have the ability to move information from, say, a server in France to another in India. From the user’s perspective, this migration is transparent. The same http or https still returns the requested record. From a compliance perspective, however, this could represent a specific violation of European data privacy laws. And no governance technology would be aware of the violation, nor would it be able to prevent it.

 

The Trend: More of This

I won’t lie to you: this doesn’t come up much. Of the customers and prospects I visit, maybe 1 in 5 currently keeps records (mostly email) on a cloud-based infrastructure. But the trend is clear: this issue looms on the horizon. Asking the right questions now will enable you to govern this content with the same confidence as content on traditional repositories and storage systems.

Posted by James Amsler at 10:53 AM in Archiving solution, Current Affairs, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management, Web/Tech | | Comments (3) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , ,

June 24, 2011

Review of the Gartner Risk and Security Summit 2011

I just returned from the Gartner Risk and Security Summit held @ the National Harbor in Maryland. While I have been to several Gartner summits before, this was my first time attending the Risk and Security summit and truthfully didn’t know what to expect. I wanted to learn what the burning issues were for risk, security, and compliance officers so I focused on the Risk Management & Compliance program. I was happy to see a session dedicated to Information Governance and several eDiscovery sessions at this event.

The Information Governance Imperative

Debra Logan gave a talk about the importance of Information Governance in the enterprise. Gartner defines Information Governance as the means to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information.  

Over the last six months, I participated in over fifty meetings with customers, prospects, and partners regarding Information Governance. More and more of the meetings I attend include someone from risk and/or security. Certainly makes sense when it comes to better management of corporate information. In many cases, security and risk are not decision makers of such a solution, however in all cases they are an enabler and benefactor of such a program. I strongly reccomend you to read Debra's blog on What is Information Governance? And Why is it So Hard?

Four key takeaways from Debra’s session:

  1. Information Governance is about improving the value of information. Some people within the organization may rely on the FUD message, however for most organizations information is a valuable asset.
  2. Information Governance is about “role discipline” across the entire organization. This includes legal, IT, records management, line of business, and of course executive management. Debra warned to be careful of "death by committee".
  3. Information Governance is about central management of information. Companies must be prepared to hire new roles and change existing responsibilities. It’s all about defining roles and making sure people acknowledge their roles.
  4. Information governance is not always about technology. There is no single vendor for Information Governance however technology is the underpinning for Information Governance. It’s about behavior.

Regulations are Not Overrated

French Caldwell gave a great presentation on the different regulations with pragmatic advice on determining which regulations apply to an organization and integrating the regulations into a governance program. A few main takeaways from French’s presentation:

  • Are you including multiple jurisdictions in your program? French explained the necessity of considering all the regulations across the different jurisdictions where a company conducts business. Remember, jurisdictions can be local governments, states, and countries.
  • How effective are the GRC vendors at updating their regulatory content? It’s too early to measure the success of this and customers must determine the cost and risk of relying on their GRC vendor for this content as this may not be their core business.
  • Is Legal involved in your GRC program?  If not, they should be.

GRC must support Record and Content Lifecycle

During the same session, I was happy to hear French bring up the importance of regulations and the impact they have on records management however in his other session, “The Future of GRC”, he made no mention of it. I thought this was a little odd since many customers are beginning to consider information management as part of their GRC strategy. Many companies are simply not there yet – which I really think is part of the future of GRC.

eDiscovery Meet Risk; Risk Meet eDiscovery

Finally, I was pleasantly surprised to see a few eDiscovery sessions at this event. Initially, I didn’t expect the IT risk/security audience to be remotely interested in eDiscovery. However the process of eDiscovery is moving in-house for obvious reasons (i.e. reduce costs). Debra gave a great overview of the EDRM model and explained IT’s involvement in the eDiscovery process. I was hoping she would focus on the data privacy and security issues around eDiscovery.

Thank you again to Gartner for putting on an excellent and quality event. See you next year.

Posted by Tamir Sigal at 10:45 AM in Current Affairs, English language, Information Governance, Records Management | | Comments (14) | TrackBack (0)

Technorati Tags: , , , , , , , , , , ,

April 08, 2011

What a Week in Information Governance

It’s been awhile since I posted a new blog. Things have been quite busy for me – traveling around the globe to talk with customers and partners about the information governance imperative. It’s a very exciting time @ RSD. There are two incidents that occurred this week regarding information governance.

Social Security Statements Goes Electronic

Not only am I the vendor, I am also a user. I have been using electronic bill presentment and payment for years – saving postage and print costs while making my life much easier. This week, the Social Security Administration made a big announcement indicating they were going to stop printing and mailing annual statements. It's an ongoing effort to reduce costs and drive more people to their website. Information governance challenges/concerns:

  • Retention/disposition – Without mailing the annual statements out, the preservation duty has shifted to the agency. These are the statements that show how much we get when we retire @ 62, 66, and 70. How long is the agency planning to keep these statements around? The Associated Press estimate about 150 million statements are mailed out each year. Agency needs an information governance program to ensure proper retention/disposition is being applied across these 150 million annual statements.
  • Security, security, security – Information governance is ensuring 360 degree protection. I am confident with the right controls, processes, and technologies, the agency will be able to securely deliver the statements over the Web.
  • Accessibility – Not sure how many people in the senior community have access to a computer or an iPad. Information governance ensures the right people get the right information in the right format. I am sure there are plenty of advocates handing this issue.

Popular E-mail Service Gets Hacked

In the last 7 days, I received six separate e-mails from credit card companies and vendors I have done business with alerting me there was a data breach which may have exposed my e-mail address to unauthorized third parties. Phishing It appears a company called Epsilon had a massive data breach as a result of a phishing attack. It’s good to know this incident did not involve other account or personally identifiable information.

There are tons of statistics from the Ponemon Institute on the costs of data breaches. An information governance program includes the business processes and information lifecycle practices which include more than just retention and disposition. It incorporates data privacy rules and attributes.

Let the spam begin!

{photo courtesy of Flickr ToastyKen}

Posted by Tamir Sigal at 10:53 AM in Archiving solution, Current Affairs, English language, Information Governance, Records Management | | Comments (9) | TrackBack (0)

Technorati Tags: , , , , , , , ,

December 20, 2010

Information Governance: Three Things to Look for in 2011

It’s the time of the year where experts and critics provide a “top 10” list. I promise not to bore you with exhaustive list of predictions; lessons learned, or industry trends. When it comes to information governance, here are three things to look for in 2011.

More companies will integrate and enforce their policies and retention schedules into their infrastructure

Historically, the records management department was responsible and accountable for defining and managing the corporate retention schedule. This “3 ring binder” simply listed cryptic categories with a defined retention period. Slowly, companies have been taking the retention schedule into the IT infrastructure and manually enforcing the schedule within the information management infrastructure. The most common repositories include email and selected ECM systems. However, most of the time what’s being enforced is simply retention and legal hold. What about data privacy? How about metadata lifecycle management? 

What to look for in 2011: Policies will be expanded to include other facets of information lifecycle and will be deployed more and more across structured and non-structured repositories.

Industry standards need to be embraced and enhanced

Industry standards are great – only when it solves a business problem, and both vendors and customers embrace them. Information governance requires different and disparate systems to talk with each other. This includes software coming from competing vendors, such as ECM and RM systems.  CMIS and JSR-170 promised to address this but only did to a certain level. The current CMIS design does not include basic ILM functionality which is a little disconcerting.

What to look for in 2011: Updated specification to CMIS. 

New vendors will claim to have an information governance solution

A couple of years ago, there were only a couple of vendors touting an information governance solution with RSD being one of them giving a Podcast at the ARMA 2008 conference. Today, things look awfully different. Just do a search for information governance solutions in Google - and go through the 8 millions results. These solutions come from so many different angles – records retention management, ECM products, search tools, infrastructure giants, storage vendors and eDiscovery players (who are now telling people to be proactive when it comes to litigation).

What to look for in 2011: More and more companies will be repositioning their existing products as an information governance solution.

Posted by Tamir Sigal at 11:05 AM in Current Affairs, English language, Information Governance, Records Management | | Comments (11) | TrackBack (0)

November 10, 2010

Lights Off – Thoughts and Observations from ARMA 2010

I just got back from attending ARMA 2010 in San Francisco. I have been to hundreds of conferences before including past ARMA events and have to say this was one of the most exciting events in recent years. This year, RSD was a silver sponsor and created a huge buzz on the tradeshow floor for a number of reasons.

Matchmaker, Matchmake, Make me a Match

First, RSD would like to thank all the supporters of the button-matching campaign. This was the most talked about contest on a tradeshow floor that I have ever seen.. The objective of the contest was for people to find a matching RSD button which had the same text and color. Everyone was walking around the conference, networking events, chapter parties, expo floor, and even in bars/restaurants looking for their match. People sent tweets and posted notes on the ARMA message board. This created a whole new networking opportunity for attendees. All the attendees seemed to have fun with this contest. At 4:30, we had close to 300 people at the RSD booth. We know people were let down when the matching buttons weren’t found and RSD certainly shares that disappointment. Due to the high demand, we ran out of buttons so we also ended up raffling off an iPad. If you think this year’s contest was a hit, wait until next year.

Records Managers are Acknowledging Information Governance

The RSD button contest wasn’t the only thing people were talking about at ARMA 2010. As predicted, information governance was the theme this year – from the preconference session on Sharepoint governance to the technology spotlight in the opening session, other various sessions, and the expo hall. Many people in the records management industry understand the challenge companies are facing today. They know they need to have better controls in place for not only managing the retention schedule but also enforcing it across the complex IT infrastructure. At this year’s conference, people were talking at a higher level and expanding their scope on information management. 

I attended the Technology in the Spotlight and was disappointed since the keynote vendor panel was nothing but a plugfest.

  • Automation – Vendor panel discussed importance of automation. This is not new.
  • eDiscovery – The costs are really high. This is not new.
  • Social media – This was the only interesting topic. The concern of social media can be compared with what happened to email about 5-6 years ago. Companies need to get a better handle on the impact of social media in the enterprise. The best line of the session “'cloudy with a chance of governance”

Without a doubt, Apple’s iPad and Microsoft’s SharePoint got best placement. 

Some Records Managers Still Don’t Get Information Governance

A woman was looking at the RSD signs and came into our booth. We had the following conversation:

Attendee: Hi, I am looking for a records management solution and not for information governance.

Tamir: How do you define the difference between information governance and records management?

Attendee: I am not sure.

Tamir: Records management primarily deals with the management of the retention/disposition of corporate records where information governance includes other facets of the information lifecycle such as laws/regulations, multiple jurisdictions, metadata, storage lifecycle, and data privacy rules.

Attendee: I am not sure if this applies to my role.

Tamir: How do you currently enforce your retention schedule?

Attendee: We really don’t need to do that right now.

Tamir: Isn’t that a concern for you?

Attendee: I am only interested in managing my records.

This is a concern simply because as you heard during the opening session, it’s imperative for records managers to deliver more value to an organization. Don't worry, we are getting there and will be making the information governance journey together.

RSD Announces RSD GLASS 2.0

RSD GLASS enables companies to better manage corporate risk and improve operational efficiency as they work to achieve compliance with regulations and laws governing enterprise information and records management. During the conference, we announced RSD GLASS 2.0 which is the first in the industry to demonstrate technological breakthroughs for enabling organizations to seamlessly go from policy to control to enforcement. We had a few people stop by our booth to validate if the PSS repacement announcement was true. It is true. We showed the ability to centrally manage policies, manage and enforce all lifecycle actions across all repositories -- Open Text, IBM, Oracle, and HP. 

That's information governance. Seeing was believing.

Posted by Tamir Sigal at 11:48 AM in Current Affairs, English language, Information Governance, Records Management, Weblogs | | Comments (1) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , , ,

October 14, 2010

Thoughts about IBM’s Acquisition of PSS Systems

I have been in the information management industry for 14 years and proud to say that I wouldn’t give it up for anything. I have seen this market evolve from output management to imaging/workflow, document management, web content management, records management, email archiving, ECM vendor consolidation, open source ECM, Microsoft dominating (again) with SharePoint, and now information governance. For the last 12 months, I have been focusing on information governance – talking to countless customers and watching how the traditional ECM vendors are responding to information governance. Yesterday (and to no surprise), IBM announced their acquisition of California-based PSS Systems.

I admire IBM’s move to acquire PSS as it closes a very much needed gap for providing companies with a policy engine for information governance and eDiscovery. Companies are struggling to create, validate, and manage the policies that define how corporate information should be managed across the organization. Companies must be cognizant of their ongoing legal and regulatory obligations since non-compliance leads to substantial fines, serious revenue loss, significant reputational damage, and possibly jail sentences for C-level executives.

While this acquisition is commendable, there is an open question which hardly gets mentioned during a merger/acquisition announcement. How exactly is IBM planning to integrate PSS ATLAS with their multiple repositories – FileNet, IBM Content Manager, IBM OnDemand, ImagePlus, etc, etc? Naturally, these systems have different flavors with multiple versions. The integration is not going to be straightforward. I am certain IBM global services team can make the integration work – question is at what cost to the customer.

You may ask why is this important?

We all recognize large companies have multiple repositories. The repositories are typically spread across jurisdictions, business units, and platform technologies. It is difficult to deploy corporate retention policies in a stove-piped manner and it’s also not feasible to migrate all content into a single content repository. Each repository needs to have dedicated policy administration and controls to ensure content is archived to corporate defined rules. Not only is this is an administrative headache, but it also creates a huge risk for the entire organization. As a result, policies must be centralized and the content should remain federated.

However, this only gets you 25% there – organizations must be able to demonstrate their policies are enforceable and auditable. Companies must take these policies and (what I call) put them to work in the field. The policies have to be properly published and drive the various lifecycle actions so they are performed correctly by the business units, jurisdictions, records management divisions, and ECM administrators. These actions must be (properly) managed and enforced. This should be done in an automated fashion without requiring extreme changes to the repository infrastructure or costly upgrades. By the way, these actions are not limited to just retention/disposition and eDiscovery. Actions also include metadata management, storage ILM, data privacy rules, and so much more. Money The integration of the PSS policy engine must be integrated with the records management applications and the various IBM repositories for a true information governance platform. At the end of the day, companies need a single records management dashboard which works across all IBM and non-IBM repositories that’s tightly integrated with the policy engine.

In the next 6-12 months, it will be interesting to see how PSS and IBM customers react. In the meantime, please hand me some popcorn as I wait to see how EMC responds.

Is the Archer acquisition enough?

Photo courtesy by Jake Wasdin on Flickr

Posted by Tamir Sigal at 07:26 AM in Current Affairs, Information Governance, Records Management, Web/Tech, Weblogs | | Comments (2) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , , ,

June 22, 2010

Sécurité des systèmes d'information

Le CLUSIF a publié la semaine dernière son rapport biennal quant aux entreprises et à la sécurisation de leur système d'information.
S'appuyant sur les réponses de 350 sociétés de plus de 200 salariés, et sur l'analyse des 11 thèmes de la norme ISO 27002 (relative à la sécurité des SI), ce rapport souligne les failles actuelles ainsi que les améliorations mises en œuvre par les entreprises.

Restons optimistes

Nous retiendrons que les entreprises, reconnaissant leur dépendance vis à vis de informatique, sont de plus en plus nombreuses (73%, soit +14% par rapport à 2008)à formaliser leur politique en la matière (67 % confirment l'existence d'une charte Sécurité SI, + 17 % par rapport à 2008.

Une évolution qui s'explique sans doute par l'implication de plus en plus forte de la direction générale dans la politique de sécurité IT de l'entreprise. "La politique de sécurité de l'information des entreprises est massivement soutenue par la direction générale, qui a contribué pour plus de la moitié à son élaboration", constate le CLUSIF.

Il est également intéressant de relever que chez 47% des répondants, la fonction RSSI (responsable de la sécurité du système d'information) existe même si ces responsables sont un peu isolés dans l'entreprise.

Cette fonction est plus souvent liée à la DSI (36%) ainsi qu'à la direction générale (34%). Un second rattachement qui s'inscrit néanmoins en recul comparé à 2008 (45%).
Pour le CLUSIF, "ceci peut s'expliquer par l'arrivée plus nombreuse de RSSI au sein d'entreprises de tailles moyennes ayant un niveau de maturité en sécurité IT encore faible".

Des budgets épargnés

Les budgets restent très serrés, mais par rapport à 2008, la sécurité apparaît comme  une catégorie de dépenses plutôt épargnée.
Poutant le CLUSIF constate des disparités selon les secteurs d'activité. "61% des entreprises du secteur BTP et 43% des Transport et Télécoms ont augmenté leur budget en 2010 parfois de manière très importante : 15% des entreprises du BTP ont noté une augmentation de plus de 10% de leur budget"

Peut mieux faire

Le CLUSIF a ajouté dans son enquête le thème ISO 27002 numéro 9 (sécurité physique), et les résultats montrent pour 41% des entreprises, le responsable des « données papier » n’est pas clairement identifié.

33% (-7% vs 2008) des entreprises ne disposent toujours pas d’un plan de continuité d’activité pour traiter les crises majeures !…
Enfin, les aspects « conformité », pour lesquels des progrès restent à faire, au travers :

  • des « obligations CNIL » : en légère progression (68% « conforment », 20% « conforment pour leurs traitements sensibles », respectivement +4% et +1% vs 2008),
  • des audits de sécurité : 25% des entreprises n’en font toujours pas !…,
  • du tableau de bord de la sécurité informatique : 34% seulement en dispose (malgré les +11%).

A noter également, le sentiment de danger concernant la protection de la vie privée qui augmente (73% « mise en danger de la vie privée - fortement ou un peu », vs 60% en 2008).

Téléchargez l'intégralité des présentations faites par le CLUSIF autour du rapport 2010 sur les Menaces Informatiques et Pratiques de Sécurité en France.


Posted by Claude Super at 02:30 AM in Archiving solution, Current Affairs, Datacenter Solutions, French language, Information Governance, Management and Administration, Ouput Management, Records Management, Web/Tech | | Comments (4) | TrackBack (0)

May 07, 2010

Thoughts from IBM Impact 2010

I just got back from the IBM Impact conference in Las Vegas. I really didn’t know what to expect as this was my first time attending Impact. IBM invited me to present on information governance and explain how companies can better manage their risk around corporate information. Before departing to Las Vegas, I reached out to my network to learn this conference was primarily a technical conference. Historically, this conference may have focused on technology however it seems that IBM has done a great job introducing business topics to this event. 

During the conference, I heard great customer case studies about cloud computing, service oriented architecture, and business process management. I learned that the mainframe is not going anywhere anytime soon and how cloud computing is for real. I have to say the theme on Wednesday was my favorite – technology changing as fast as the business changes. We are all aware business strategies are forced to change in this economic climate and how quickly IT reacts will make or break an organization.  

However, companies also need to respond to external conditions such as new regulations and laws as well as litigation and competitive threats. Impact_2010_2 I was somewhat surprised there were limited conversations about the impact legal and compliance have on technology deployments and business processes. I certainly understand this may not be the primary audience for this type of discussion – but there is a very strong connection.

Enterprise systems exist to manage processes, line of business applications, and corporate information. There are hundreds, if not thousands, of different laws and regulations for managing corporate information. Exactly how does a company:

1) Capture these laws and regulations?

2) Understand the impact these regulations have on the business and IT organization?

3) Map the laws and regulations to their corporate information repositories?

4) Enforce the laws and regulations across the enterprise complex infrastructure?

This is where information governance comes in and why I attended Impact 2010. Information governance is an accountability program to enforce desirable behavior in the creation, use, archiving, and deletion of corporate information. Information governance enables companies to not only align IT with business – but also with the other corporate functions such as legal, finance, compliance, and records management.

An information retention schedule sets out the periods for which an organization’s corporate records should be retained to meet its operational and business needs and to comply with legal and other requirements. The retention schedule is just one component of information governance that protects the interests of the company and its stakeholders.

After my session and throughout the conference, I had fruitful discussions around the challenges of getting all the stakeholders (IT, business, compliance, and legal) on the same page to create the retention schedule. It’s quite difficult and there is no silver bullet. At the end of the day, each function needs to recognize the benefits of deploying an information governance framework and each function will need to give in order to receive.

The question I leave you with:

What if technology can change as fast as your information retention schedule?

See you next year in Las Vegas.

Posted by Tamir Sigal at 10:33 AM in Current Affairs, English language, Information Governance, Records Management, Web/Tech, Weblogs | | Comments (5) | TrackBack (0)

Technorati Tags: , , , , , , , , , ,

Next »

Categories

Twitter Updates

    follow me on Twitter