welcome [] · – security standards • largest private cloud 50pb+ managed • soc2 datacenters...
TRANSCRIPT
Welcome
Welcome
Charles Pelton, Contributing Editor
Computerworld & CIO
Data Retention and Liability in the Age of Social and Mobile
Michael Osterman, Principal
Osterman Research, Inc.
Data Retention in the Age
of Social and Mobile
Michael D. Osterman
Principal, Osterman Research, Inc.
©2013 Osterman Research, Inc.
About Osterman Research
• Focused on the messaging, Web and collaboration industries
• Practice areas include archiving, security, encryption, content
management, etc.
• Strong emphasis on primary research
conducted with decision makers and
influencers
• Founded in 2001
• Based near Seattle
©2013 Osterman Research, Inc.
Important Caveats
• In case I say anything today that sounds intelligent:
– It will be purely accidental
– I am not an attorney
– Nothing I say constitutes legal advice
What is Information Governance?
• Gartner “The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information.”
• Wikipedia “An emerging term used to encompass the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.”
• AIIM “Information governance is concerned with defining the accountability for your organization’s information assets – its content and records.”
Risks and Consequences of Poor IG
• Inadequate response to regulatory audits
• An inability to adequately conduct early case
assessments, place holds on data, respond to
eDiscovery requests, retain data or delete data
• Increased likelihood of data breaches, employee
misconduct and general mismanagement of
corporate data resources
• An overall increase in corporate risk
©2013 Osterman Research, Inc.
Examples
•
•
• Human Resources
Some Background
on Social Media
Growing Use of Social Media
The proportion of
users employing
social media tools on
the corporate network
continues to grow at a
rapid pace
©2013 Osterman Research, Inc.
Social Media in the Mix of Other Tools Minutes per workday spent on various communication tools
Email continues to
dominate the time
spent on
communication and
collaboration, but
social media use
continues to climb.
59% have increased
their use of social
media over the past
year; 64% expect it to
increase over the next
year. ©2013 Osterman Research, Inc.
The Legitimacy of Applications
Decision makers’
opinions on what
constitutes a
“legitimate”
application for
business purposes
varies widely
©2013 Osterman Research, Inc.
Mobile Devices,
BYOD and BYOA
The Penetration of Mobile Devices
Personally-owned
mobile devices are
more common in the
workplace than
company-supplied
devices
©2013 Osterman Research, Inc.
The Pervasiveness of BYOD
Most iPhones and
Android smartphones
used in the workplace
are personally owned
BlackBerry and
Windows Phone
devices continue to
be the choice of IT
decision makers for
providing to
employees
©2013 Osterman Research, Inc.
Some Fundamental
Problems to Overcome
Complicating the Problem
Corporate content is
distributed across a
wide range of
platforms
Only some of these
platforms are under
the direct control of
those who manage
information
governance
©2013 Osterman Research, Inc.
Some Still Don’t Understand Retention
The philosophy
behind information
governance in the
context of email (and
other data types)
varies widely
©2013 Osterman Research, Inc.
Email Preservation Approaches
The approach to
preserving email (and
other content types)
varies widely by
organization
There is some
consensus, but no
unanimity of opinion
of opinion on content
retention
©2013 Osterman Research, Inc.
Retention Policies and Systems are Lacking
Many organizations
are extremely
vulnerable to data
loss because they
lack policies and/or
system to prevent
users from deleting
important content
©2013 Osterman Research, Inc.
Information Governance
Needs Improvement
Retention of Various Content Types
Most organizations do
a decent job of retain
email, files and
SharePoint data
For other content
types, there is
substantial room for
improvement
©2013 Osterman Research, Inc.
Retention From Various Platforms
Retention from email
systems, file servers
and SharePoint
repositories is
reasonable
For other platforms,
sound retention
practices have a long
way to go
©2013 Osterman Research, Inc.
Quality of Information Governance
Information
governance for email
and files is working
well
For non-traditional
data types,
information
governance is quite
poor
©2013 Osterman Research, Inc.
Quality of Platform Governance
For mobile devices
and employees’ home
computers,
information
governance is
seriously lacking
©2013 Osterman Research, Inc.
Information Governance Stakeholders
There is a wide range
of information
governance
stakeholders that are
involved in
information
governance
©2013 Osterman Research, Inc.
What All of This Means
• Information governance is fundamentally about:
– Retaining important/deleting unnecessary information
– Managing data to improve the business
• But information governance has become more difficult because:
– Data types are proliferating
– Information volume is growing rapidly
– The number of venues that generate and store information is increasing
– Greater connectedness increases information governance requirements
– Oversight is becoming more stringent
– Penalties are becoming more onerous
©2013 Osterman Research, Inc.
What Organizations are Doing Right
• Expanding the envelope of communication and collaboration
solutions
• Retaining information
• Implementing policies focused on:
– Archiving
– Data loss
– Liability
– Data protection
– Content management
©2013 Osterman Research, Inc.
Where Improvement is Needed
• More focus on information, less focus on data
• A more holistic approach to goverance
– Content
– Stakeholders
– Business processes
• Greater focus on content deletion
• A realization that information governance is a systemic process, not
a collection of individual projects
©2013 Osterman Research, Inc.
Summary
• Content and the platforms that create them are drifting away from IT-
controlled information governance
– More content is sent via social media
– More content is generated by personally owned devices
– More content is stored in personally managed cloud applications
• Information governance practices are lacking
– Stakeholders generally understand what they need to do (even if they don’t
do it)
• Decision makers should focus on a holistic approach that
– Puts IT back in control of information governance
– Manages all content in a unified and centralized manner
©2013 Osterman Research, Inc.
For More Information
Osterman Research, Inc.
+1 253 630 5839
+1 206 905 1010
www.ostermanresearch.com
ostermanresearch.wordpress.com
mosterman
©2013 Osterman Research, Inc.
Interview: Technology Solutions to Information Governance Challenges
Jay Brudz, Partner
Drinker Biddle
Strategies for Data Governance in the New Age
Brian Weiss, Vice President, Global Lead Subject Matter Expert
HP Autonomy
HP Information Governance Brian Weiss
September 24, 2013
Emerging Trends
IG moving beyond email and files
Rich end-user
search
Advanced discovery
and investigations
Supervision and
surveillance Automatic
classification
Gain Control – Understand its Value
Email Files IM Audio Social Video SharePoint
HOLD
Evolution from on-premise to the cloud
• Equal or better:
– Cross-silo data visibility
– Capacity and scalability
– Security standards
• Largest private cloud 50PB+ managed
• SOC2 datacenters
• Split-cell WORM technology
• Economies of scale & pay for what you
need when you need it
• Share risk with a trusted third party
• Increased access to additional
information governance offerings
Social, Mobile, Sync/Share: Governance Challenge
• Volumes are high and channels are unmanaged
• Consumer market is driving corporate appetites
• Challenge for traditional security and policy managemnet
• Obligations to supervise and archive certain social media
interactions under FINRA, Dodd-Frank and other
• Need to govern social media interactions according to
records/retention requirements
Facebook: 600 million users
Twitter: 20 billion total tweets
LinkedIn: 90 million members
YouTube: 2 billion videos per day
Migration from legacy point solutions
End-to-end integrated information governance
eDiscovery • Raw data processing
• Early case assessment
• Technology-Assisted Review
Data
Protection • Server data
protection
• Mobile data
protection
Enterprise Content Management • Document management
• Records management Information Archiving • Legal holds
• Content archiving
• Communications supervision
• Policy management
eDiscovery and InfoGov: The ounce of prevention
Creation Information
management Identification
Collection
Review Production Presentation
Preservation
Analysis
Processing
Collection = 8-10% of cost
$940/GB collected
Source: EDRM.net
Processing = 15-20% of cost $2931/ GB processed
Review = 60-70% of cost
$13,636/GB reviewed
Getting Started with Information Governance
Information governance defined
HP Information Governance
A portfolio of modular solutions that help organizations access
and understand human and computer-generated information
without bias to repository or location, organize and control this
data with a centralized policy engine, and intelligently manage
and take action upon this data in accordance with business,
legal/compliance, and data management objectives.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Information governance framework
Access & Understand Leverage & Take Action
Unstructured enterprise data repositories
Structured enterprise data repositories
Cloud-based repositories Data
Mobile & social media
Offline data repositories
Address business & operational objectives
Enterprise Content Management
Enterprise Search & Collaboration
Legacy Data Cleanup
Legal Holds Information Archiving
Records Management eDiscovery
Address legal & compliance objectives
Backup/Recovery
Enterprise Security
Address data management & security objectives
Centralized Policy Engine
Organize & Control
Administer data in place or in a consolidated repository
HP Autonomy solutions family
IDOL the OS
Compliance, Litigation
Readiness, Storage
Optimization,
Database Archiving
Supervision & Policy
Management
eDiscovery
Supervision
Legal Hold
Unified Information
Access & Analytics
Voice of the Customer
Media Intelligence
Video Surveillance
Big Data Analytics
Enterprise Search
Knowledge Mgmt
Content Access
& Extraction
Policy-Driven Info Mgmt
Records Mgmt
Legal Content Mgmt
Business Process Mgmt
Document Mgmt
Records Mgmt
Workflow Automation
Legacy Data Clean Up
Server Data Protection
Virtual Server Data
Protection
Remote & Branch
Office Data Protection
Endpoint Device
Data Protection
Enterprise
Content Management
Information
Archiving &
eDiscovery
Data
Protection
Digital Experience Mgmt
Web Optimization
Search Engine Marketing
Marketing Analytics
Contact Center Mgmt
Rich Media Mgmt
Augmented Reality
Marketing
Optimization
Information Analytics
Information Governance & Management
Digital Marketing
Hybrid
OEM
Software
Cloud for human information
Application/Database Retirement
Enhance operational efficiency Remove inactive data from production databases to stabilize performance
Avoid violating SLAs and ensure users are happy and productive
Production
database
Archive
database
Retire outdated applications Automate the process of extracting, validating and deleting data from old applications
Lower costs associated with maintaining these databases, which can number in the 1000s
Expedite backup performance Minimize the backup image required by reducing the volume of data to be backed up
Lower the risk of long disruptions and accelerate disaster recovery
Improve search and eDiscovery Achieve better visibility into, and proactively consolidate, previously difficult-to-access data
Lower costs of eDiscovery and investigations, and increase end-user productivity
XML XML Legacy
database
Legacy
database
Legacy
database
Reduce data footprint & storage costs Reduce the amount of (cloned and legacy application) data stored by 50% or more
Lower storage costs, including hardware, maintenance and administration
Before:
60TB Stored
After: 30TB
Stored
Option 1: Start by addressing live data
Consolidate information for legal / regulatory purposes Information Archiving
Extract full business value from human information ECM
Comply with internal / regulatory / government regulations Records Management
All offerings deliver clear benefits but are optimized for day-forward data
The problem of “dark data”
We are running out of capacity Let‘s add more Disks
Applications are slowing down Upgrade Infrastructure
Backup takes longer and longer Change Backup Infrastructure
We need to retain information... Keep Tapes
…for a certain period of time We keep everything forever
We need to be compliant Implement Archive, DMS, RM,...
We need to retrieve Information... Look into different sources
…historical Information Recover Tapes
Option 2: Start by addressing legacy data
Defensibly
Dispose
Apply
Policy
Autonomy
ControlPoint
Product
Structured Data
Repositories
Unstructured Data
Repositories
Know what information you
have
Know where the information is
located
Know your information is
secure
Know the information is
managed appropriately
HP AIO
Product
Autonomy
Consolidated
Archive
HP Records
Manager
Manage &
Migrate
Analyze,
classify,
take action
Additional
Active
Repositories
Migrate legacy data to an active repository for uniform management and governance
Legacy Data Cleanup: Customer benefits
Improve search and eDiscovery Consolidate data for more-efficient legal holds, investigations, and Early Case Assessment
Avoid eDiscovery over-collection, which yields added processing, review and analysis costs
Reduce data footprint & storage costs Reduce the amount of data stored with defensible disposition of data
Lower storage costs, including hardware, maintenance and administration
Before:
60TB Stored
After: 30TB
Stored
Mitigate risk of data mismanagement Ensure Information is managed uniformly, in accordance with policy and regulations
Protected data to minimize risk of accidental spoliation or security breaches
Enhance user productivity Unify information silos for better productivity and collaboration
Consolidate information for better knowledge management and expertise location
Legacy
repository
Legacy
repository
Legacy
repository
Minimize strain on IT staff Avoid duplicate effort spent producing the same information again
Focus resources on revenue-producing activities instead of accessing data
Legacy
repository
Legacy
repository
Legacy
repository Active
repository
Autonomy Dodd Frank Recordkeeping Solution Architecture
Connector
Framework
IM Voice
ControlPoint
-
Classification
TRIM
-
Records Mgmt
Database
Archiving
Compliance Front Office Compliance
Files
Archive
Review Manage
policy
Report
Unstructured
Applications
Scan/Fax
Structured
A complete enterprise information
strategy with HP Autonomy
Challenge Search enterprise
information in real time
Regulatory needs for
information archiving
Consolidate legacy websites
Solution Autonomy IDOL Autonomy Digital Safe (cloud)
+ Autonomy Supervisor
Autonomy TeamSite + Autonomy LiveSite
Results • Real time access to
intranet & extranet sites
• 30+ applications powered
by IDOL for search &
analytics
• Global archive & supervision
platform for 39,000+ active
employees & 120,000 historical
accounts
• Eliminated 47 data center racks
in 4 regions, saving millions
• Unified legacy websites on one platform
• Personalized web experiences delivered for 80,000+
employees, supporting 500+ content contributors
• Needed a scalable, real-time means to engage fans
across all channels and increase fan and broadcast
experience
Panel and Roundtable Discussion: Evolving Governance With the Next
Generation of Data
Wrap Up and Closing Remarks