Upload
everteam
View
1.213
Download
0
Embed Size (px)
Citation preview
© Boston - Paris - Hong Kong - Singapore - Bangalore - Dubai
What are you waiting for?
Remediate your File Shares and Govern your Information Assets
©
What are you waiting for?Remediate your File Shares and Govern your Information Assets
2
Synopsis:• With the digital transformation of business continuing unabated, organizations find themselves with
exploding amounts of electronic content. A lot of that content is “dark” content scattered across the enterprise, in shared drives, cloud repositories, obsolete applications, etc. It is a mix of content that is valuable, obsolete, orphaned, duplicated, etc.
• Organizations need to trim the fat… i.e. go to the proverbial gym… in order to…• Gain visibility about where this dark content is and what it resides• Take remediation actions regarding redundant and obsolete content• Identify and extract valuable content from obsolete applications (enabling their decommissioning)• Bring valuable content under governance controls
• Where this is most needed is in Shared Drives, where surprisingly high percentages of valuable content lay uncontrolled and unmanaged.
• This session will explore these issues and highlight the steps needed to remedy this situation as part of the Information Governance journey…
Presenter:• Bassam Zarkout is a technology executive with 24 years of experience in IG, RM, and other Content
Management related domains. His experience includes the implementation of his vision for an innovative IG platform based on the principle of separating the rules from the tools from information repositories, thus enabling in-place governance of Information Assets. He is also active in the IoT and AI spaces as well as the application IG principles (especially Privacy) to IoT data.
• Bassam lives in Ottawa, [email protected]
@bzarkout
+1.613.7913033
©
About Everteam
25 years experience and innovation in development and delivery of ECM, Archiving, RM, IG, and BPM solutions
• Focuses on legal and compliant environments• Enables enterprises to build and manage content-driven processes
• Advanced and natively-developed content analytics, baked into offering• File Analytics targeted at various use cases
• File Share Remediation, Cloud Migration, Application Decommissioning, etc.• 1300+ customers, billions of documents
3
BostonParis (HQ)
BangaloreHong Kong
Dubai
©
Major Pain Points re Corporate Information aka Information Assets
4
Bene
fits
of D
igita
l Tra
nsfo
rmat
ion March towards digitization
•Delivered significant benefits to organizations
Creation of Massive Volumes of Corporate Information•Corporate information is “lifeblood of organization”
Cha
lleng
es o
f Dig
ital T
rans
form
atio
n Exploding volume of corporate information created, stored and consumed•Exabytes, Zettabytes and Yottabytes
Information landscape increasingly complex•Human-created documents and emails, high-volume reports from business systems, social media content, IoT data
Information scattered across many systems•Many platforms•On-premises and cloud•Lack of visibility re context and content of corporate information
Growing Data Residency issues•Differences in regulatory and legal requirements across jurisdictions
Ris
e of
Info
rmat
ion
Asse
ts New term has emerged•ALL corporate information•Documents and records•On-premises and cloud•Email•Corporate social media communications
•Output from business systems•Physical
Insights about Information Assets •What are they?•Where are they?•How much exists?•What do they contain semantically?
•How to look after them?•Risks contained in them?•What is their value?•Actions to be taken on them?
Nee
d fo
r Inf
orm
atio
n G
over
nanc
e Definition still maturing•What problem is it solving?• Is it a strategy?• Is it a program?•Is it a set of technologies?
Orphan function in the organization•Who is the corporate sponsor?•Who leads it? Chief Data Officer, Chief Digital Officer, CIO, Chief IG Officer, Legal Counsel, Chief Risk Officer, Data Protection Officer, etc.
Budget•Who owns it?•What is ROI?
©
Information Governance: Strategy Program Technology
5
What is Information Governance?
IG Strategy•Vision, Mission, Mandate, Culture•Analysts perspective
IG Program•Framework for executing the IG Strategy•Consultants perspective
IG Technology•Set of tools used to power the IG Program•Vendors perspective
Information Governance Program
Cost RiskValue
Reduce cost of ownership of corporate
information
Reduce legal and regulatory compliance risks associated
with owning information
Increase business value of information
©
Challenges with the Governance of Information Assets
6
Information Assets scattered across the EnterpriseShared Drives, SharePoint, Cloud Repositories, ECM Systems,
Email Servers and Archives, Business Applications, etc. Challenges with Information Assets
• Exploding volume of corporate information created, stored and consumed
• Data Residency issues
• Data Privacy issues: PII, PHI, PCI, etc.
• Information scattered across many systems
• Lots of Dark Content
• Not all Information Assets are created equal (different Categories such as Business Records, ROT, ESI, etc.) and may require different handling rules
Dark Content
©
Lifecycle Management of Information Assets
Not all Information Assets are created equal
7
A) B
usin
ess
Rec
ords
B) E
ssen
tial B
usin
ess
Con
tent
(with
mul
tiple
sub
-cat
egor
ies)
C) R
OT
Con
tent
D) ESI
This category may be divided into several sub-categories
Information Assets Categories
Information Asset Categories Actions
A) Business Records • Submit to System of Records• Apply immutability• Manage lifecycle in accordance with corporate
retention policies
B) Essential Business Content • Do nothing?• Migrate to Cloud Repositories, SharePoint, etc.?• May become Business Records at some point• May become ROT after a while
C) ROT Content Redundant Obsolete and Trivial
• Delete?• Quarantine?
D) ESI Electronically Stored Information
• Identify, Preserve, Collect, Review, Produce, etc.• Hold in Place?
Time
Activ
ity
Regulatory Filing Regulatory FilingAnalytics
day month year decade
Disposal
©
Sample ROT Definitions (Redundant, Obsolete, Trivial)
8
Main rules
Duplicates• Exact duplicates, minus Golden originals
• Near duplicates• De-NIST rules• Other (tbd)
Other?
Information Assets not needed for business or
any other purposeAND Lifecycle does not
depend on events AND Not responsiveto any litigation AND/OR
Not accessed for specific period time AND/OR Older than
certain age AND/OR Older than farthest reaching litigation
How to identify GOLDEN “originals” versus mere copies?What to do with GOLDEN “originals” versus mere copies?
Golden Copy Other Copy Other Copy Other CopyOther Copy
©
File Share Realities and Issues
9
Organizations tend to take pragmatic views re management of Information Assets• High-value and process-centric content managed within ECM systems• Significant amounts of content (40%?) scattered in File Shares
• Under control of end-users• Worse… under nobody’s control
• Increased use of cloud-based Enterprise File Syncing and Sharing systems• Dropbox, OneDrive, Google Drive, etc.
Perceived low-cost and practicality of File Shares has led to…• End-users relate to them• Uncontrolled growth of File Shares usage• Loss of knowledge, insight and governance of Information Assets
• Proliferation of duplicated and orphaned Information Assets• Old projects, departed employees, etc.
• Perpetuation of legacy/obsolete applications
©
File Share Realities and Issues: quite messy…
10
Increased darkness of content• Loss of value & insight about Information Assets
High IT costs• Storage• Barriers for decommissioning of legacy applications that are expensive to maintain and operate
• Barriers to cloud adoption, especially EFSS• Etc.
Increased risks and costs• Increased legal & non-compliance risks and costs• Barriers & increased risks for GDPR compliance in particular
• Barriers & increased risks for M&As
Remediation and Migration of File Share Content is essential !
Need visibility through Dark Content
©
File Share Remediation: Process powered by File Analysis software
11
Step 1: Define Remediation Policies and Rules
Step 2: Define Remediation Execution Process
Step 3: Execute Remediation Process
Step 4: Maintain (Repeat Process)
Prerequisite: Identify and Process ESI content and Place them on HoldBefore actual File Share Remediation work can start (i.e. Step 3), the organization’s Legal Department MUST identify ESI and process it (EDRM.net framework).Specialized eDiscovery tools may be utilized for this work.
©
What Gartner says about File Analysis software
12
Emerging solutions made of disparate technologies to enable data architects, legal & security professionals, storage managers, and business analysts to
• Understand and manage unstructured data stores• Reduce risk and costs
• Make better information management decisions
Market Definition• Analyze, index, search, track and report on file metadata
and file content, enabling organizations to take action onfiles according to what was identified
• Assists organizations in understanding unstructured data:• File Shares, email databases, EFSS, RM, ECM, SharePoint, etc.
• Content analysis based on identity and access entitlements• Example: PII, PCI, PHI, Personal Data (per GDPR)
• Enables remediation actions• Delete, migrate, alert, report, etc.
Gartner predicts that by 2020…
50% of midsize/large enterprises will implement file analysis for managing unstructured data (up from < 10% today)
80% of current FA capabilities will be embedded into overall risk mitigation, storage optimization and IG platforms
80% of FA vendors that do not provide actual data remediation will exit market
©
File Analysis software: Content Analytics and Actions
13
Content Analytics
Sources of Information AssetsShared Drives, SharePoint, Cloud Repositories, ECM Systems,
Email Servers and Archives, Business Applications, etc.
Perform corporate approved actionsDo nothing, delete, quarantine, declare as record,
migrate, hold, archive, redact, update, etc.
Generate Content Awareness and Insight
Define corporate rules, policies and actions
SecurityLegal
Actions
Corporate
Dashboard
FA UserDiscover content
Generate benefits and valueMitigate risks, enforce corporate governance controls, increase operational efficiency, perform analytics and
extract insight about content, etc.$$
Benefits
Manage process
Manage
2
3
1
4
©
File Analysis software: Content Analytics and Actions
14
Step Process Tasks
Define Remediation Policies and Rules• Define Information Asset Categories• Define remediation policies and rules for each class• Define golden copies and their handling rules
Define Remediation Execution Process• Identify and inventory File Shares• Assess volume of content in File Shares• Identify business nature of content• Determine final state of each File Share (keep, decommission, etc.)• Define batch-based process and prioritize processing of batches• Connect to content sources (File Shares)
Execute Remediation Process (batches)• Discover content (crawl File Shares and index metadata and content)• Identify content categories (Business Records, Business Content, ROT)• Identify specific terms and patterns (example PII, PHI, etc.) and tag content• Extract metadata and content• Sort, filter, cluster, facet results• Prepare content for IG actions (migrate, delete, quarantine, etc.)• Perform actions on content (Business Records, ROT, etc.)
Maintain• Repeat process to maintain File Shares content over time
2
3
1
4
Important: Governance by Design and Privacy by DesignDefining is fundamental and key to the Governance by Design and Privacy by Design aspects of the IG Program.
21
©
To Summarize
Organizations have taken pragmatic view re the management of Information Assets:
• High-value and process-centric content is managed within ECM solutions
• Perception that File Shares are “low-cost” and practical to operate
• Significant amounts of content scattered in File Shares… can be 40% or more
• Increasing usage of cloud-based Enterprise File Syncing and Sharing systems
Result is a Big Mess• Uncontrolled growth of File Shares• Lots of Dark Content that may be valuable
• Loss of insight and governance of Information Assets in File Shares
• Duplicates & orphan/abandoned file spaces: old projects, departed employees, etc.
• Barriers to Legacy application decommissioning• High IT costs• Hard to leverage valuable Information Assets
• Increased legal and non-compliance risks
15
©
To Summarize
Organizations must take steps to remediate contents of File Shares
• Business Records• Bring under formal RM process controls
• Business Content• Do nothing, migrate, etc.
• ROT• Delete, quarantine, etc.
• ESI to be done by Legal before remediation work starts
• Collect• Analyze• Place on hold• Produce
Remediation of File Shares is a Process• Process is straight-forward
File Analysis software to power process• Advanced analytics capabilities• Advanced actions capabilities important
• Beyond what traditional eDiscovery tools provide
Benefits of File Share Remediation• Reduced IT costs• Reduced legal and compliance risks and costs• Reduced barriers for cloud adoption
16
Time to act is now!