It’s an understatement to say companies are drowning in digital information. Since the death of the floppy disk and the rise of networked computing, barriers to creating and sharing information have steadily come down. Combined with increased digitization paper-laden business processes, most companies find themselves struggling to harness the volume and diversity of information on their networks for business benefit. What’s startling is just how little progress we've made in maximizing the value and minimizing risks associated with the digital content and data we collect.
Any discussion of information governance always brings me back to this depressing little anecdote:
"Monday September 8, 2008, is a day that the executives at United Airlines will remember. The company’s stock fell 76 percent to $3 by 11:08 a.m. when trading was halted. The decline was not the result of a pending acquisition or recent financial results announced by the company. Instead, an article that said “UAL Declares Bankruptcy” appeared on the South Florida Sun Sentinel Web site that Sunday, got picked up by Google News, and then quickly summarized and republished to Bloomberg by a reporter tasked with summarizing stories about companies in distress. Then the trading began and the stock collapsed. The problem: the article was from 2002, not 2008."
Of course the incident led to a flurry of finger pointing: was it the Webmaster at the newspaper's site that let an old article get out? Was it the Google search bot that couldn't detect the article was old? Was it the reporter that failed to check facts? Or was it the traders that made trades on un-vetted information? Who knows, but the point is that all the goodness that has come with digital information sharing has also brought its share of costs and risks.
This is as true on the Internet as it is on the networks of the worlds’ largest companies. Consider, for example, the amount of communications traffic generated by the 85% of US information workers that use email regularly at work. It's no surprise that Forrester clients report their storage capacity requirements are growing 20% to 40% each year. Storage costs have grown to 17% of the IT hardware budget, up from 10% in 2007. Beyond sheer data volumes, enterprises now face more diverse data formats including video, audio, micro-formats, instant messages, application data, document data, and more.
Yet storage costs pale in comparison to the risk of fines, fees, and reputation risk associated with compliance and eDiscovery. Onerous regulations and recordkeeping requirements have led to significant investment in information management technologies. Yet still, only 28% of archiving decision-makers we surveyed are very confident they can demonstrate their digital information is accurate, accessible, and trustworthy.
Information Management pros are between a rock and a several hard places.
IT pros are rarely empowered to bulk delete information on networks. Businesspeople (we're told at least) are too busy to manage anything that leaves their own precious personal hard drives. Perhaps that's why network file shares (and more recently SharePoint sites) continue to grow into digital landfills with everything from useful collectibles to moldy toothbrushes no one wants to touch. Simultaneously, Moore's Law is giving enterprises denser storage capacity at ever-lower price points, keeping the financial pain of more storage capacity perpetually below the radar of senior-most bean-counters. And finally, increasing regulations and threats of lawsuits make digital information as much a liability as an asset.
So what's the answer?
While there are a slew of technology providers that stand ready to throw more software and hardware technology at this problem, my sense is a lot more is needed. Companies like Autonomy, IBM, EMC, and others are working feverishly to build more intelligence into suites of software to assist with information governance. In fact, entire software segments are thriving across archiving, records and retention management, legal discovery apps like legal hold and pre-case assessment, and more.
Software innovations like federation, intelligent indexers, and advanced information analytics will all help IT to better understand and take action on information that should and shouldn't reside on corporate networks. These tools will also help automate some portion of information governance processes and policy enforcement. For example, one defense contractor Forrester works with uses intelligent crawlers to perpetually scan, detect, and sequester top-secret documents that have mistakenly been removed from secured databases and stored on public file shares.
But technology will do little to solve the core issue of accountability for enterprise information. Instead, accountability will require people, policy, and processes for managing the lifecyle of information more effectively.
Forrester is beginning to take a closer look at wholistic approaches to information governance. We'd like to hear how you think information governance will work in the future from a technology, people, policy and process perspective. Here are a few nutty and unconventional ideas to get the creativity going:
– An enterprise information "tax". Taxes on gas help control consumption. Taxes on cigarettes mean fewer smokers. Would a tax on storage consumption in the enterprise finally get people to think twice about what they save? I can think of hundreds of ways I'd reinvest those tax dollars in more innovative and differentiated business initiatives than perpetuating a digital landfill.
– Periodic "non-essential" information purges. Company sanctioned information destruction days have worked in the analog world. Many professional services firms already allocate a day here and there for employees to shred paper files that are no longer needed. Why hasn't this practice bled over into digital world? Or has it? Our research suggests only 40% of information workers in enterprises create documents weekly. So with the right leadership support, getting some of them to clean up their virtual playpens may not be as taboo as IT pros perceive.
Our thesis is changing behaviors, along with better defining policy and processes will play an important role in a holistic information governance strategy. Agree/disagree?