A CIO should therefore be expected to be completely acquainted with his or her organization’s knowledge requirements and data handling activities to help develop, implement, and enforce measures that are best suitable to that unique business organization
By Anshuman Singh, Director, Product Management of Application Security, Barracuda Networks
In the current days and times information is the life force for the survival of an organization. Unprecedented growth in business-critical data is pushing the envelope on data management. Expanding global, round-the-clock operations call for higher availability of statistics and these increasingly important and dispersed records must be processed to yield business critical information.
As organizations march towards exploiting information-driven digital opportunities, information security and protection within budgets are now topping the priority list of CIO’s . However, these enterprises fail to take notice of a primary issue which is poor quality of data along with data governance problems, which are beginning to go worse by the day. Gartner estimates that poor quality of data is costing an average organization US$13.5 million per year. This dismal prognosis is based on reasons such as data not being managed and defined as an asset consistently across an organization.
The race to drive competitive advantage and improved efficiency through better use of information assets is leading to a sharp rise in the number of chief information officers (CIOs). Gartner predicts that 90 percent of large companies will have a CIO role by the end of 2019. According to a recent Association for Information and Image Management report, organizations are also turning to tools such as content analytics for process automation, information governance, contextual search or business insight, and to help address risks such as security breaches, sensitive or offensive content, and compliance issues.
That means information has to be analyzed and valued so it can be effectively and efficiently protected and secured based on information governance policy.
Enterprise content management to information Governance
Before strategizing on the administration of data, it is integral that a CIO must know, understand and be able to distinguish between different types of data accessed in the organization. To achieve this objective, organizations are recommended to engage in enterprise content management to administer digital content from creation through permanent storage or deletion. The process involves overseeing how data is accessed by different users and managing updates and version control.
To alleviate the chances of conflicts in content management, it is always a good idea to hold on to some external provision or backing to be able to run an exhaustive data assessment to completely understand the organization’s information handling and governing activities, identify the most pressing IG risks associated with those activities, and evaluate the most effective and efficient way to mitigate those risks.
Holistic Process; Not an End Solution
It is a human tendency to be short sighted, aim at short term benefits and channelize all efforts into that direction. However, what CIOs must not overlook is that information will enter and leave the organization constantly through an employee, terminal or interaction. It’s a process that will have its ups and downs and not a software patch upgrade.
And therefore, the Information Governance program has to be a constant process. It cannot be taken up as an upgrade program in times of crisis or data breach. Rather, it should be kept in mind while implementing an Information Governance program that it will be a holistic process involving all levels of employees and administering data consistently.
Participation of All Key Stakeholders
People dealing with information and administration generally have a tendency to look forward to technology upgrades for solving organizational problems or enhancing performance. Relying on technology, is after all, what has been taught to tech leaders. Information Governance, however, does not work like a software patch upgrade. This means that as much as technology would help solve some information governance issues like sharing content and user permissions, the process would still not come handy till the time the personnel in the organization are not adept at that particular technology or software.
An important objective of information governance is to establish a consistent and reliable framework for employees to manage information. It is a holistic process, and therefore needs to include all appropriate stakeholders. It is imperative hence that the CIO includes all stakeholders and ensures that each one understands the purpose and advantages of Information Governance and its impacts on the organization practices. An inconsistently implemented Information Governance program will leave the organization vulnerable and prone wherein the smallest of data breach can have an organization-wide impact.
Monitoring of Access to Information
One of the ways to mitigate risks of data breaches is to develop an unswerving information governance infrastructure. It will clearly define access permissions and suggest the best practices for sharing documents and files with third parties. This practice would also ensure that only the people who absolutely need access to sensitive and critical data like social security numbers, tax returns, etc. have access to those files.
So if and when a breach occurs, the CIO would know whom to point to.
Unique to Every Organization; No One-Size-Fits-All
Information Governance infrastructures take time to develop and there is no one-size-fits-all solution. The process of developing and implementing an Information Governance program is multi-layered and multi-phased. At the time of development of a complete IG program, CIOs must consider the needs of all stakeholders involved and cover legal/regulatory concerns, business operations, and technology.
A CIO should therefore be expected to be completely acquainted with his or her organization’s knowledge requirements and data handling activities to help develop, implement, and enforce measures that are best suitable to that unique business organization. Overcoming the information overload through employing IG best practices maximizes the value of an organization’s data. In doing so, today’s CIO plays a key role in achieving the organization’s business goals.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]