While on another long flight, stuffed in a middle seat (yes, the glamour of travel), I reflected back on the presentations that I had recently done covering compliance (Gartner PCC, AIIM, MER (Managing Electronic Records), and EMC’s Momentum User Group Conferences). Given the positive feedback and requests for the content, I thought it might be helpful to discuss the key requirements that make Pervasive Governance possible. To better understand the macro trends shaping our compliance landscape, see my previous blog (Rethinking ECM – Part 1), but in essence it comes down to the 3D growth of information, increased regulation and the combined effect of creating substantial complexities for IT. It’s because of these forces that a new approach to information compliance and governance is required. We need to go far beyond the fundamentals and traditions of Records Management and the corresponding focus on the repository. We in fact need to take a broader and holistic view to information management that enables organizations to understand, track and control and protect information, regardless of its location – within the Enterprise, across Extended Enterprise (including partners, suppliers, remote employees and associated devices) and eventually out into the cloud. This is what Pervasive Governance is all about.
The New Requirements
There are four essential ingredients for enabling Pervasive Governance:
- Understand your information: Getting an understanding of your content is like the old, late night public service announcements – “Do you know where your children are?” Because information is literally scattered across the organization and has a habit of finding its way on to various devices, you need to actively go out and identify where your information is located – across fileshares, SharePoint Servers, Exchange Servers and devices (desktops, laptops, portable media, tablets, smartphones). Using technologies like File and Content Intelligence you can identify and index information that’s “in the wild” and immediately gain visibility on the value and risk associated with your information. Then you can start to classify your content on what is business related and non-business related, what is sensitive and non-sensitive – all down to specific document and/or information types. Once you have this level of visibility, you can start to set actions on specific content – e.g. document retention periods, moving to more secure storage, and defensible decommissioning, or for you Records Management purists out there, formal record disposition (archive, holds, deletion, conversion).
- Automate & Enforce Policies: Most organizations place all the burden of document classification and indexing on the knowledge worker. In fact, in some situations I’ve seen where business users are expected to fill-out as many as 99-fields (attributes) of information for a single document! The reality is that business-users see this as a tremendous drag on their productivity and simply don’t want to do it. Furthermore, this manual indexing is highly prone to error and inconsistency. So how can IT protect the business while not impacting worker productivity? The answer is automation. By already understanding the value and risk of information (as mentioned earlier), you’ve established the framework to index/classify information. This can readily be applied to content that already exists (across all repositories and devices), is being created and/or enters the organization. This effectively allows you to “stitch” compliance into the fabric of business processes – automatically and transparently, without any human intervention. This substantially reduces errors and delivers much needed consistency in how information is organized and ultimately managed.
- Protect & Control Information, On and Off-Premise: Much of the ECM and Records Management technology today provides the basic facets to protect information within the enterprise – encryption, dynamic access control, digital shredding, electronic signatures, audit trails and reporting, etc. However, how do you extend these same capabilities to information sitting outside the four-walls of the enterprise? This is where Information Rights Management (IRM) technology comes in. It ensures that only the intended recipient can view the information and govern certain actions (copy, view, edit, print, move, etc.). More importantly it effectively provides a “remote control” for content (for a guy like me, anything that acts like a remote has to be cool). It allows organizations to do such things as revoke access, remote destruction and changing permissions across all devices – including mobile devices. This is extremely important when you consider how often employees leave the company and relationships with partners and suppliers change.
- Discover and Produce Information for Early Case Assessment: Like the Sesame Street game, you might think that this piece is not like the others. However, it is an absolute imperative when you consider the cost and risk associated with eDiscovery in response to a litigation event. The costs associated with an eDiscovery effort can easily exceed $3 million. The goal is to support the Early Case Assessment (supplying legal-council with the proper information to determine the merits of case) as quickly and cost effectively as possible. By leveraging the foundation you built for automated indexing and applying content discovery tools, you can literally cut the time and cost of eDiscovery in half. What’s more, these savings multiply with every case you encounter (because you don’t have to re-invent the wheel every time litigation arises).
Putting it all Together
The landscape has definitely changed in how we create, access, store and ultimately control information. In a world where almost everything matters (e.g. is discoverable), it’s more important than ever to widen our perspective and think more holistically. Hopefully what I’ve outlined to meet today’s governance challenges is logical, realistic and most importantly, doable. Now the challenge is to take the next step to put this into action…It’s actually easier than you think.
What challenges or opportunities do you see making Pervasive Governance a reality?