Putting your data to good use
Prioritizing information lifecycle management is critical
Discovering how best to use the vast amount of data your organization creates and collects is one of the key tenets of any organization's strategy. Although the importance of effective use of data is now far better understood than ever before, centric to effectively converting data to actionable insights is an organization-wide information lifecycle management framework. One that is failproof and comprehensive across how information is collected, used, stored and then safely disposed.
Iwona Sikora is Senior Vice President & General Manager, Records Management for Europe & South Africa at Iron Mountain.
With the volume of worldwide data expected to reach 175 zettabytes by 2025, and multi-million-dollar penalties for data and information breaches, knowing how to properly manage and protect your records and data is more critical and mandatory than ever before and must be prioritized now, if organizations are to secure their success in the long-term.
Hybrid work is re-inventing information access and management policies
The hybrid model is here to stay, notwithstanding the fence sitters and the last few corporate holdouts. As digital transformation continues to accelerate at a rapid pace, “mobile” employees working from flexible locations (including offices, hot-desking spaces, homes, local cafes or hotels etc.) create an inherent information leakage and data security risk, in most cases, unintentionally. Organizations must not merely tighten, but completely redesign their policies and procedures around secure access to information across all access points and devices. Most managed to scamper through the last 2 years of pandemic induced chaos with a patchwork of quick fixes, which will simply not survive the back-to-business volumes we will now be seeing.
The diversity of content formats being managed is also growing exponentially. The boom in collaborative tools, applications and video-conferencing software is adding to the weighty volume of data generated alongside existing physical and digital records. The number of stakeholders in charge of this field has multiplied (CIO, CDO, CTO, business leaders, records manager, data protection officer, compliance officer, office manager etc.) and they must all operate from one information security framework that ensures compliance, protection and interoperability.
They must also seek to better understand how to collaborate within the constantly changing confines of a hybrid working model, whilst taking a risk management first approach to all processes. Awareness of the potential of breakdowns in handling data and information is integral to ensuring zero breaches and failures. Employees, wherever they are working from, must also be considered an integral part of the organization's defenses against data breaches. Ensuring that employees are educated and engaged in proper data management processes is more critical than ever.
Data remediation initiatives must focus on ESG and privacy regulations
Data protection has been at the core of the regulatory and legislative information management agenda in many countries over the last decade. As the pace of technology enabled transformation has continued, climate conscious geo-political and corporate mandates are compelling organizations to report their emissions output and track their environmental progress. This will only intensify on the back of more regulatory change expected in 2023.
Data remediation initiatives emphasizing ESG and privacy laws will be crucial to respond to new legislation and demonstrate information resiliency. From a compliance perspective, businesses need to be careful about the type of data they collect. Storing data without consent or legitimate business purposes can raise GDPR compliance issues. Here again, data remediation is a necessary step, as it can help businesses improve compliance by getting rid of duplicate, unnecessary or unused data. All of this makes data remediation a critical tool for sanitizing data management and ensuring data network security within an organization. Knowing how data travels through your organization will enable you to access it for reporting to regulators. Effective preparation for these new changes will ensure organizational compliance and an ability to focus on business as usual.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Data residency takes center stage with the continued acceleration of cloud & AI
In response to the demands of the hybrid workplace, cloud-based services are naturally increasing, but in a multi-cloud environment it can be difficult to keep track of the tentacles of the information spread. Knowledge around data residency, including what information you should hold, where it is stored, which regulatory framework(s) it is governed by and who within your organization has access to it is critical to data security and privacy. In most parts of the world, businesses operate under local data regulations that dictate how the data of a nation's citizens or residents must be collected, cleaned, processed and stored within its borders. The primary reason enterprises choose to store data in different locations is often related to regulations, data policies and taxes. However, companies are allowed to transfer data after complying with local data protection and privacy laws. In this scenario, businesses must notify users and get their consent before obtaining and using their information.
AI can be used to aggregate, analyze, present data clearly and extract the most relevant information, so that businesses can make the right decisions around data sovereignty. Subsequently, AI can also be applied for content search and redaction – whereby personal identifiable information is hidden in documents from unauthorized access – and better integrate systems and overcome silos. From an information lifecycle viewpoint, AI can be used to identify and delete unnecessary data, as well as to support compliance and governance.
Keep your foot on the pedal - continued focus on data quality and stewardship
Businesses continue to build vast newer streams of data sitting in databases and on applications – with little idea of what to do with it. Fortunately, many organizations are becoming aware of this knowledge gap and increasingly investing in formal governance programs, with a renewed emphasis on data privacy.
The role of the ‘data steward’ or ‘data broker’ as a prime participant in technology and business initiatives is taking center stage. This concerted effort to increase the awareness and prioritization of data handling principles and standards within the organization is a welcome development following years of data breaches resulting in reputational damage and falling customer trust.
This increased focus on the value and quality of data is leading to increased vigilance in ensuring data sets are accurate, valid, complete and up to date, with AI being used to detect incomplete, inconsistent or out of date data. Data minimization efforts such as these can lead to cost-savings when obsolete data no longer needs to be stored.
Don’t forget physical assets in the modern ‘phy-gital’ office space
In the post-pandemic working world, as offices reopened following two years of downsizing of real estate, many businesses recognized the space taken up by obsolete IT equipment and discarded digital assets. While information has a lifecycle, so too do physical assets used for information management.
With an increased focus on the circular economy and meeting carbon neutral pledges, choosing an Asset Lifecycle Management (ALM) partner is crucial to ensuring that disposing of old IT assets and phy-gital records is done with data security and compliance in mind. Recently, a financial services institution was fined $35m for its improper disposal of hard drives. Understanding what records, assets and information your organization has, what needs to be digitized and what can be automated is now an essential element of the modern office environment.
Ultimately, businesses should use this post-pandemic period to safeguard their future with an intention to elevate and prioritize their information and data security, management and destruction practices. Data, records and information management has long been an overlooked and underinvested area, with little certainty about who has ultimate corporate ownership. If organizations do not develop processes, assign dedicated functional ownership and invest in technology, they will struggle to ensure compliance, value recovery and security of their information assets in an increasingly data-centric world.
Iwona Sikora is Senior Vice President & General Manager, Records Management for Europe & South Africa at Iron Mountain.