Welcome

Welcome

Charles Pelton, Contributing Editor

Computerworld & CIO

Data Retention and Liability in the Age of Social and Mobile

Michael Osterman, Principal

Osterman Research, Inc.

Data Retention in the Age

of Social and Mobile

Michael D. Osterman

Principal, Osterman Research, Inc.

©2013 Osterman Research, Inc.

About Osterman Research

• Focused on the messaging, Web and collaboration industries

• Practice areas include archiving, security, encryption, content

management, etc.

• Strong emphasis on primary research

conducted with decision makers and

influencers

• Founded in 2001

• Based near Seattle

©2013 Osterman Research, Inc.

Important Caveats

• In case I say anything today that sounds intelligent:

– It will be purely accidental

– I am not an attorney

– Nothing I say constitutes legal advice

What is Information Governance?

• Gartner “The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information.”

• Wikipedia “An emerging term used to encompass the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.”

• AIIM “Information governance is concerned with defining the accountability for your organization’s information assets – its content and records.”

Risks and Consequences of Poor IG

• Inadequate response to regulatory audits

• An inability to adequately conduct early case

assessments, place holds on data, respond to

eDiscovery requests, retain data or delete data

• Increased likelihood of data breaches, employee

misconduct and general mismanagement of

corporate data resources

• An overall increase in corporate risk

©2013 Osterman Research, Inc.

Examples

•

•

• Human Resources

Some Background

on Social Media

Growing Use of Social Media

The proportion of

users employing

social media tools on

the corporate network

continues to grow at a

rapid pace

©2013 Osterman Research, Inc.

Social Media in the Mix of Other Tools Minutes per workday spent on various communication tools

Email continues to

dominate the time

spent on

communication and

collaboration, but

social media use

continues to climb.

59% have increased

their use of social

media over the past

year; 64% expect it to

increase over the next

year. ©2013 Osterman Research, Inc.

The Legitimacy of Applications

Decision makers’

opinions on what

constitutes a

“legitimate”

application for

business purposes

varies widely

©2013 Osterman Research, Inc.

Mobile Devices,

BYOD and BYOA

The Penetration of Mobile Devices

Personally-owned

mobile devices are

more common in the

workplace than

company-supplied

devices

©2013 Osterman Research, Inc.

The Pervasiveness of BYOD

Most iPhones and

Android smartphones

used in the workplace

are personally owned

BlackBerry and

Windows Phone

devices continue to

be the choice of IT

decision makers for

providing to

employees

©2013 Osterman Research, Inc.

Some Fundamental

Problems to Overcome

Complicating the Problem

Corporate content is

distributed across a

wide range of

platforms

Only some of these

platforms are under

the direct control of

those who manage

information

governance

©2013 Osterman Research, Inc.

Some Still Don’t Understand Retention

The philosophy

behind information

governance in the

context of email (and

other data types)

varies widely

©2013 Osterman Research, Inc.

Email Preservation Approaches

The approach to

preserving email (and

other content types)

varies widely by

organization

There is some

consensus, but no

unanimity of opinion

of opinion on content

retention

©2013 Osterman Research, Inc.

Retention Policies and Systems are Lacking

Many organizations

are extremely

vulnerable to data

loss because they

lack policies and/or

system to prevent

users from deleting

important content

©2013 Osterman Research, Inc.

Information Governance

Needs Improvement

Retention of Various Content Types

Most organizations do

a decent job of retain

email, files and

SharePoint data

For other content

types, there is

substantial room for

improvement

©2013 Osterman Research, Inc.

Retention From Various Platforms

Retention from email

systems, file servers

and SharePoint

repositories is

reasonable

For other platforms,

sound retention

practices have a long

way to go

©2013 Osterman Research, Inc.

Quality of Information Governance

Information

governance for email

and files is working

well

For non-traditional

data types,

information

governance is quite

poor

©2013 Osterman Research, Inc.

Quality of Platform Governance

For mobile devices

and employees’ home

computers,

information

governance is

seriously lacking

©2013 Osterman Research, Inc.

Information Governance Stakeholders

There is a wide range

of information

governance

stakeholders that are

involved in

information

governance

©2013 Osterman Research, Inc.

What All of This Means

• Information governance is fundamentally about:

– Retaining important/deleting unnecessary information

– Managing data to improve the business

• But information governance has become more difficult because:

– Data types are proliferating

– Information volume is growing rapidly

– The number of venues that generate and store information is increasing

– Greater connectedness increases information governance requirements

– Oversight is becoming more stringent

– Penalties are becoming more onerous

©2013 Osterman Research, Inc.

What Organizations are Doing Right

• Expanding the envelope of communication and collaboration

solutions

• Retaining information

• Implementing policies focused on:

– Archiving

– Data loss

– Liability

– Data protection

– Content management

©2013 Osterman Research, Inc.

Where Improvement is Needed

• More focus on information, less focus on data

• A more holistic approach to goverance

– Content

– Stakeholders

– Business processes

• Greater focus on content deletion

• A realization that information governance is a systemic process, not

a collection of individual projects

©2013 Osterman Research, Inc.

Summary

• Content and the platforms that create them are drifting away from IT-

controlled information governance

– More content is sent via social media

– More content is generated by personally owned devices

– More content is stored in personally managed cloud applications

• Information governance practices are lacking

– Stakeholders generally understand what they need to do (even if they don’t

do it)

• Decision makers should focus on a holistic approach that

– Puts IT back in control of information governance

– Manages all content in a unified and centralized manner

©2013 Osterman Research, Inc.

For More Information

Osterman Research, Inc.

+1 253 630 5839

+1 206 905 1010

info@ostermanresearch.com

www.ostermanresearch.com

ostermanresearch.wordpress.com

mosterman

©2013 Osterman Research, Inc.

Interview: Technology Solutions to Information Governance Challenges

Jay Brudz, Partner

Drinker Biddle

Strategies for Data Governance in the New Age

Brian Weiss, Vice President, Global Lead Subject Matter Expert

HP Autonomy

HP Information Governance Brian Weiss

September 24, 2013

Emerging Trends

IG moving beyond email and files

Rich end-user

search

Advanced discovery

and investigations

Supervision and

surveillance Automatic

classification

Gain Control – Understand its Value

Email Files IM Audio Social Video SharePoint

HOLD

Evolution from on-premise to the cloud

• Equal or better:

– Cross-silo data visibility

– Capacity and scalability

– Security standards

• Largest private cloud 50PB+ managed

• SOC2 datacenters

• Split-cell WORM technology

• Economies of scale & pay for what you

need when you need it

• Share risk with a trusted third party

• Increased access to additional

information governance offerings

Social, Mobile, Sync/Share: Governance Challenge

• Volumes are high and channels are unmanaged

• Consumer market is driving corporate appetites

• Challenge for traditional security and policy managemnet

• Obligations to supervise and archive certain social media

interactions under FINRA, Dodd-Frank and other

• Need to govern social media interactions according to

records/retention requirements

Facebook: 600 million users

Twitter: 20 billion total tweets

LinkedIn: 90 million members

YouTube: 2 billion videos per day

Migration from legacy point solutions

End-to-end integrated information governance

eDiscovery • Raw data processing

• Early case assessment

• Technology-Assisted Review

Data

Protection • Server data

protection

• Mobile data

protection

Enterprise Content Management • Document management

• Records management Information Archiving • Legal holds

• Content archiving

• Communications supervision

• Policy management

eDiscovery and InfoGov: The ounce of prevention

Creation Information

management Identification

Collection

Review Production Presentation

Preservation

Analysis

Processing

Collection = 8-10% of cost

$940/GB collected

Source: EDRM.net

Processing = 15-20% of cost $2931/ GB processed

Review = 60-70% of cost

$13,636/GB reviewed

Getting Started with Information Governance

Information governance defined

HP Information Governance

A portfolio of modular solutions that help organizations access

and understand human and computer-generated information

without bias to repository or location, organize and control this

data with a centralized policy engine, and intelligently manage

and take action upon this data in accordance with business,

legal/compliance, and data management objectives.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Information governance framework

Access & Understand Leverage & Take Action

Unstructured enterprise data repositories

Structured enterprise data repositories

Cloud-based repositories Data

Mobile & social media

Offline data repositories

Address business & operational objectives

Enterprise Content Management

Enterprise Search & Collaboration

Legacy Data Cleanup

Legal Holds Information Archiving

Records Management eDiscovery

Address legal & compliance objectives

Backup/Recovery

Enterprise Security

Address data management & security objectives

Centralized Policy Engine

Organize & Control

Administer data in place or in a consolidated repository

HP Autonomy solutions family

IDOL the OS

Compliance, Litigation

Readiness, Storage

Optimization,

Database Archiving

Supervision & Policy

Management

eDiscovery

Supervision

Legal Hold

Unified Information

Access & Analytics

Voice of the Customer

Media Intelligence

Video Surveillance

Big Data Analytics

Enterprise Search

Knowledge Mgmt

Content Access

& Extraction

Policy-Driven Info Mgmt

Records Mgmt

Legal Content Mgmt

Business Process Mgmt

Document Mgmt

Records Mgmt

Workflow Automation

Legacy Data Clean Up

Server Data Protection

Virtual Server Data

Protection

Remote & Branch

Office Data Protection

Endpoint Device

Data Protection

Enterprise

Content Management

Information

Archiving &

eDiscovery

Data

Protection

Digital Experience Mgmt

Web Optimization

Search Engine Marketing

Marketing Analytics

Contact Center Mgmt

Rich Media Mgmt

Augmented Reality

Marketing

Optimization

Information Analytics

Information Governance & Management

Digital Marketing

Hybrid

OEM

Software

Cloud for human information

Application/Database Retirement

Enhance operational efficiency Remove inactive data from production databases to stabilize performance

Avoid violating SLAs and ensure users are happy and productive

Production

database

Archive

database

Retire outdated applications Automate the process of extracting, validating and deleting data from old applications

Lower costs associated with maintaining these databases, which can number in the 1000s

Expedite backup performance Minimize the backup image required by reducing the volume of data to be backed up

Lower the risk of long disruptions and accelerate disaster recovery

Improve search and eDiscovery Achieve better visibility into, and proactively consolidate, previously difficult-to-access data

Lower costs of eDiscovery and investigations, and increase end-user productivity

XML XML Legacy

database

Legacy

database

Legacy

database

Reduce data footprint & storage costs Reduce the amount of (cloned and legacy application) data stored by 50% or more

Lower storage costs, including hardware, maintenance and administration

Before:

60TB Stored

After: 30TB

Stored

Option 1: Start by addressing live data

Consolidate information for legal / regulatory purposes Information Archiving

Extract full business value from human information ECM

Comply with internal / regulatory / government regulations Records Management

All offerings deliver clear benefits but are optimized for day-forward data

The problem of “dark data”

We are running out of capacity Let‘s add more Disks

Applications are slowing down Upgrade Infrastructure

Backup takes longer and longer Change Backup Infrastructure

We need to retain information... Keep Tapes

…for a certain period of time We keep everything forever

We need to be compliant Implement Archive, DMS, RM,...

We need to retrieve Information... Look into different sources

…historical Information Recover Tapes

Option 2: Start by addressing legacy data

Defensibly

Dispose

Apply

Policy

Autonomy

ControlPoint

Product

Structured Data

Repositories

Unstructured Data

Repositories

Know what information you

have

Know where the information is

located

Know your information is

secure

Know the information is

managed appropriately

HP AIO

Product

Autonomy

Consolidated

Archive

HP Records

Manager

Manage &

Migrate

Analyze,

classify,

take action

Additional

Active

Repositories

Migrate legacy data to an active repository for uniform management and governance

Legacy Data Cleanup: Customer benefits

Improve search and eDiscovery Consolidate data for more-efficient legal holds, investigations, and Early Case Assessment

Avoid eDiscovery over-collection, which yields added processing, review and analysis costs

Reduce data footprint & storage costs Reduce the amount of data stored with defensible disposition of data

Lower storage costs, including hardware, maintenance and administration

Before:

60TB Stored

After: 30TB

Stored

Mitigate risk of data mismanagement Ensure Information is managed uniformly, in accordance with policy and regulations

Protected data to minimize risk of accidental spoliation or security breaches

Enhance user productivity Unify information silos for better productivity and collaboration

Consolidate information for better knowledge management and expertise location

Legacy

repository

Legacy

repository

Legacy

repository

Minimize strain on IT staff Avoid duplicate effort spent producing the same information again

Focus resources on revenue-producing activities instead of accessing data

Legacy

repository

Legacy

repository

Legacy

repository Active

repository

Autonomy Dodd Frank Recordkeeping Solution Architecture

Connector

Framework

Email

IM Voice

ControlPoint

-

Classification

TRIM

-

Records Mgmt

Database

Archiving

Compliance Front Office Compliance

Files

Archive

Review Manage

policy

Report

Unstructured

Applications

Scan/Fax

Structured

A complete enterprise information

strategy with HP Autonomy

Challenge Search enterprise

information in real time

Regulatory needs for

information archiving

Consolidate legacy websites

Solution Autonomy IDOL Autonomy Digital Safe (cloud)

+ Autonomy Supervisor

Autonomy TeamSite + Autonomy LiveSite

Results • Real time access to

intranet & extranet sites

• 30+ applications powered

by IDOL for search &

analytics

• Global archive & supervision

platform for 39,000+ active

employees & 120,000 historical

accounts

• Eliminated 47 data center racks

in 4 regions, saving millions

• Unified legacy websites on one platform

• Personalized web experiences delivered for 80,000+

employees, supporting 500+ content contributors

• Needed a scalable, real-time means to engage fans

across all channels and increase fan and broadcast

experience

Panel and Roundtable Discussion: Evolving Governance With the Next

Generation of Data

Wrap Up and Closing Remarks