Information assets must be managed and governed like financial assets, according to an EMC Corp. executive. But new data from the IT infrastructure giant suggests that data governance still isn’t a major concern for high-level business leaders.
Speaking at last week’s EMC Forum 2008 in Toronto, EMC Global Marketing chief technology officer Chuck Hollis presented his case for how businesses should control, access and use their enterprise data. His proposals range from creating a board-level discussion on information governance to deploying a variety of tools to help determine how your information moves through the enterprise.
“Does anybody know where all their information is going?” Hollis asked a crowd of EMC customer and partners during his keynote address. “When I get in front of most CIOs, they only wish they knew.
“We all know where our money is because we can pop our card into an ATM and get it. Our information should be the same way,” he added.
Hollis said the amount of digital information created and replicated is increasing by 60 per cent annually. And while 70 per cent of all that information will be created by individuals, about 85 per cent of all digital information globally will be the responsibility of business organizations.
Still, it doesn’t appear that business leaders are making this an issue, he argued.
In an EMC-sponsored Economist Intelligence Unit (EIU) survey of 192 senior business executives around the world, about two-thirds (62 per cent) of respondents said they lacked a formal information governance strategy.
The problem, according to Hollis, is that enterprise leaders are not working collectively to define proper information policies.
“If the legal department was in charge of setting information policies, they’d just lock away your data,” he said. “You’d also have the business unit who wants to make money off of it and the financial guys who are looking to keep it secure.”
By putting together an information governance board, Hollis argued, enterprise decision-makers can solve these issues and get policies in place.
But according to Brian Babineau, senior analyst with the Enterprise Strategy Group, without an executive directive, companies will have a very hard time putting a cross-functional governance team in place.
“Unfortunately, a lot of companies don’t feel the need to make resources available for information governance,” he said. “These programs almost never start until a company has to go through a painful event like a security breach or a very expensive litigation that involves e-discovery.”
Along with security and litigation concerns, industry regulations and corporate recordkeeping can also play a motivating role for C-level executives. Babineau said that many companies have strategies to individually manage these issues, but the vast majority of companies lack a single, focused point-of-view on information governance.
For Hollis, the reality is that business leaders will have to be sold the hard way on information governance – with cold, hard data.
“Get started, pick an area of your business and begin gathering data,” he said. “One of our customers put a filter on their e-mail gateway and found out they were sending out 35,000 e-mails with the word ‘confidential’ in them.”
By collecting this kind of information and bringing it to the business leaders, CIOs and other IT leaders can push data governance issues to the forefront and make it a corporate objective.
“This is an opportunity for IT people to show some business leadership,” he added.
At EMC, Hollis said the company is using content blades to locate data moving across the enterprise and how it might be important. They can use it to find out everything from how many credit card numbers the company has on record to how many files leave the enterprise in a compressed or encrypted format.
“You have to be constantly biting off small pieces of information at a time,” he said. Only through a constant collection of data, he added, can companies make the case for information governance and effectively strike a balance between costs, risks and value creation.