Archive Data Protection

    Why Information Management Strategies of the Past are Failing

    Yesterday’s archive is old news. Here’s what you need to know now.

    by Mark Diamond

    The information management landscape is changing. New and stricter legal and regulatory requirements coupled with ongoing accumulation of electronic information are creating new risks and challenges for companies. These changes are occurring globally.

    If your information management and archiving strategy has stayed the same during the past five years, it’s likely out of date and you may—or will—be non-compliant. Traditional archiving strategies fall short of meeting these new requirements, and this is driving many companies to re-examine how they manage information.

    Some of the major factors driving this change include:

    Increasing Compliance Requirements

    While more information is being retained, the legal and regulatory requirements are getting stricter. According to ARMA International, the average global corporation faces more than 30,000 legal and regulatory record keeping requirements. The past decade has seen a spate of new requirements at the federal, state, and industry-specific levels.

    E-discovery is Getting Harder 

    The ongoing accumulation of both paper and electronic information creates very acute challenges when organizations face discovery in litigation or from regulatory inquiry. First, the sheer volume and expanse of electronic information increases the risks of being non-responsive to a discovery request. Not knowing what a company has often forces them to look through everything. Second, the increasing volume and lack of controls significantly increase discovery costs and impact litigation strategies.

    New Privacy Requirements 

    Global privacy rules are changing the information landscape. Historically many organizations have approached electronic records retention with a de facto “save everything, forever” approach thinking that in doing so they would at least be meeting regulatory retention minimums. Both the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act require companies to be able identify privacy information for a resident or consumer, and delete that information upon request.

    Need to Protect Sensitive Information from Data Breaches

    Many organizations know their information landscape contains significant intellectual property, trade secrets and other types of sensitive information. They mistakenly believe this information is stored on corporate file shares or content management systems they are protected. Since unsecured repositories have an lack of access control, it still represents a potential risk of a data breach or data leak.

    Impacting Employee Productivity

    Employees who have adopted a “save everything just in case I need it” approach for email and files (documents) soon find it difficult to find their own information among the clutter. Gartner estimates that the average employee wastes more than 3.5 hours per week locating emails or the correct version of files.

    Many of the information management processes in place today are based on either a paper-centric paradigm of dumping email and files in an archive or on an outdated, vaulted solution where information goes to die.

    This “dumping” strategy creates risks and increases costs:

    Not Managing Email and Electronic Information as a Record

    Many programs do not recognize that records exist in email and other electronic media. These records are not properly classified or managed. Retrieving these records in a timely manner can be difficult, and often no effort is made to dispose of them once their unacknowledged retention period has expired.

    Over-reliance on Detailed, Manual Processes

    Programs that do recognize requirements of managing electronic information often make employees walk through detailed and time-intensive record keeping processes to comply. Employees need to search through overly-detailed records retention policies, classify and retain these records through a series of time-consuming steps.

    No Defensible Disposition Processes

    Unmanaged electronic information accumulates. New information and documents are continually created, received and saved, but little effort is made to dispose of older, unneeded information. Every year the storage of this unneeded information grows, driving up risks and costs.

    Need for Greater Employee Productivity

    These old-fashioned approaches decrease employee productivity. Current business information is lost among the clutter of unneeded information. Every employee has his or her own “silo” of information making it difficult to share or collaborate. Poor information management makes organizations less agile and responsive.

    Continuing with these old-fashioned strategy increases costs and risk, drives non-compliance and lowers employee productivity. A more modern approach is needed.

    First, organizations are implementing for effective data security classification. Protecting sensitive information from breaches requires two important elements. First, files and emails and other documents containing sensitive information should be stored and managed in appropriately secured repositories. This often means moving them from desktops and files shares to more secure archives.

    Second, organizations need to implement controls within the archive to defensible destroy sensitive information when it is no longer need.  This can include when records have reached their expiration data, or the information no longer has business value.

    Next, many organizations are moving from reactive e-discovery to proactive litigation readiness programs. To do so, they must take a step back, get away from their lawsuit-specific activities and look at what can be done to improve their litigation readiness profile. These programs include updating legal hold policies to incorporate e-discovery response processes as well as developing processes to map electronic information. This approach includes creating repeatable, defensible processes for how the organization manages and responds to requests for information regardless of location or format.

    Perhaps the biggest “win” from a modern program comes from better employee productivity and enhanced collaboration. Modern processes and technologies allow employees to search and locate what they need to improve their job performance by reducing the time they spend in personal information management (saving and searching for email, files and other information). In addition, when a project is finished, an employee leaves, or a group is disbanded, information that may otherwise be isolated on desktops or in personal repositories can still be leveraged for future business value.

    A key component of a modern strategy is implementing ongoing, routine disposition. This disposition is being divided into two separate processes. First, organizations are deploying targeted disposition to, for example, delete personal information from a GDPR “Right to Erasure” request by a European citizen. Once these requests are received, organizations first need to identify any privacy information across all media, including files and email.

    Second, modern strategies have routine, ongoing processes to delete expired records along with unneeded or low business value information. This is again for email, files, paper and other types of media. Disposition should be targeted both at active data including email in servers and files on file shares, and at inactive data on backup tapes.

    Modern strategies engage many drivers including legal and regulatory record keeping requirements, stricter privacy rules, increasing threat of breaches and decreasing employee productivity, and disposition. A modern strategy not only incorporates all these drivers, but increasingly transforms stand-alone records, privacy and discovery programs into an integrated information governance program.

    Companies are realizing that a single common workstream under an information governance program can provide benefits in several areas. In the end, these modern approaches not only increase compliance, but markedly reduce costs, reduce risks and drive productivity.

    For more information on Information Management Strategy and enterprise archiving, we invite you to join us for a webinar: Preparing for Tomorrow’s Archive featuring Mark Diamond from Contoural and Garth Landers from Mimecast on Wednesday, Nov. 14, 2018 at 11 a.m. EST. Register here.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page