Information Governance Benchmark 2016 - Risks & Recommendations for CIOs

Jon Tilbury,CEO,Preservica
575
968
203

If your organization is like most, you have digital records and information that you need to—or want to—keep for long periods of time. In fact, new research conducted in by Information Governance Initiative (IGI) found that 98 percent of information professionals they recently surveyed had records that needed to be kept for 10 years or more.

The Survey Says…

The leading finding in The Governance of Long-Term Digital Information: IGI 2016 Benchmark was this: while 97 percent understood the need for a specialized approach to critical assets, only 11 percent are storing them in systems specifically designed to ensure long-term protection and access. It’s plain to see that for the majority of companies, information governance strategies and systems are not where they need to be.

We’re Experiencing Technical Difficulties, Please Stand By

When asked what digital preservation efforts were in place, only 11 percent of all surveyed could say they were using a purpose-built digital preservation system. Digital preservation goes beyond simply storing a piece of information, to ensuring that the information also remains accessible, trustworthy, secure, and authentic over the long-term, in particular protecting against technology and file format obsolescence.

  ‚ÄčAs technology refresh rates continue to accelerate, business information owners need to be aware of the unique challenges of accessing and relying on digital files over the long-term   

An alarming number of respondents’ answers were limited to identifying storage technologies with no associated specialized approach to ensure long-term protection and access. To give you a bit of insight, here are some of the technologies they identified:

• 68 percent are keeping information on shared network drives
• 52 percent use Line of Business applications (CRM, HR System, ERP etc.)
• 44 percent use disk or tape backup
• 33 percent use application specific archiving (i.e. through email)
• 22 percent are using removable media like USBs

These storage methods expose the organization to the risk of not being able to read and use these digital information assets in the future. As a CIO, with responsibility for the information assets of your company, this should be a primary concern.

In fact, the top method for storing long-term information is shared network drives. This option (like ECM and EDRMS), even with additional backup or archiving strategies, do not provide inherent capabilities to address the unique requirements of safeguarding long-term digital content.

With shared network drives, additional dangers are present: they are easy to access and multiple owners can move, amend or even delete files with little obvious audit trail.

Digital Preservation: Business as Usual

Museums, state archives and universities were the early adopters of digital preservation systems because of the emphasis on critical historical assets, but today many businesses and government organizations are waking up to the need to protect vital long-term digital information for compliance with information governance requirements.

In fact, a massive 98 percent of survey respondents said they must ensure the protection and access of business records for longer than ten years. There is no better example of this than Associated Press’ approach to digital preservation, which assessed the level of governance appropriate for different information and therefore prioritized the digital preservation of the information essential to documenting its business records in the event of a system failure or other event.

The report found a variety of reasons identified by respondents as what can be classified as business reasons for wanting to retain information:

• 89 percent need this information to be retained for statutory, regulation, or legal needs
• 58 percent need this information for HR and personnel requirements
• 55 percent need this information for contracts
• 53 percent need this information for Corporate or Institutional Governance

As technology refresh rates continue to accelerate, business information owners need to be aware of the unique challenges of accessing and relying on digital files over the long-term.

Legally Speaking

As per the statistics above, legal and compliance requirements surrounding information are by far the top reason currently driving respondents to keep and preserve records. Today’s statutory, regulatory and other legal obligations are expanding information retention requirements.

CIOs are acutely aware of the current trend moving towards greater regulation of information, more guidelines surrounding retention and, at times, longer retention periods. Organizations are putting purpose-built digital preservation systems in place to ensure that as retention times increase they are still able to find and produce, when required, digital records that can be read, used and trusted.

Imagine, for instance, the retention schedule of a large multinational corporation we know, which incorporates over 8,000 individual legal recordkeeping requirements. While smaller organizations will have decidedly less hectic retention schedules, even adhering to more than a couple of requirements can be a daunting task to consider when the information at hand begins to reach terabyte levels.

The Time is Now

The vast majority of information professionals understand the risks they are dealing with—in fact, 97 percent of information professionals surveyed said they were aware that technology obsolescence could be a risk to their digital information.

As with any problem, awareness is the key, but in this instance, it was a bit unsettling to learn that relatively little is being done to address the problem. 44 percent of respondents said that they were “considering their approach,” with a further 31 percent stating they had no specific strategy, and an alarming 16 percent indicating that they would “postpone action until required.”

What should be clear to CIOs is that action is required, and it’s required now. When a file becomes obsolete, it may be too late, or the time, money and technical resources required to access and read it become prohibitively high.

Read Also

Plotting the Path to a Mature Cyber Security Program

Plotting the Path to a Mature Cyber Security Program

Brett Wahlin, VP and CISO, Hewlett Packard Enterprise [NYSE: HPE]
Restoration through Technologies

Restoration through Technologies

Vern Boyle, VP for Cyber and Advanced Processing, Northrop Grumman Mission Systems
Complexity and a Lack of Strategic Planning Undermine Our Government's Cybersecurity

Complexity and a Lack of Strategic Planning Undermine Our Government's Cybersecurity

Maj Gen Earl D Matthews, (USAF, Retired), VP-Enterprise Security Systems, U.S. Public Sector, Hewlett Packard Enterprise [NYSE: HPE]
Smart City Cyber Security & Resilience: Architecture and Best Practices

Smart City Cyber Security & Resilience: Architecture and Best Practices

Erfan Ibrahim, Ph.D., Center Director, Cyber-Physical Systems Security & Resilience, NREL