clearing out digital debris with information governance · digital debris increases the cost of...

Clearing Out Digital Debris with Information Governance ®

2 Data Debris: A Huge Source of Savings Enterprises Can’t Afford to Ignore

4 Cleaning House: Practical Approaches to Data Debris

6 Four Data Debris Initiatives That Attack ROT at Its Roots4

2

6

Contents…

Contributor: Michael Stevens

Clearing Out Digital Debris with Information Governance

2 Clearing Out Digital Debris with Information Governance © 2015 QuinStreet, Inc.Back to Contents


he worldwide growth rate of digital data is staggering. It is also alarming — at least it should be. Consider: According to the Compliance, Governance and Oversight

Council (CGOC), an independent forum of data experts, 2.5 quintillion bytes of data are created daily. Analyst firm IDC declares that the amount of data is doubling every two years, and is estimated to reach 44 trillion gigabytes by 2020.

If you’re a CIO or a data center administrator, these statistics aren’t just big numbers. They are a big problem — for your company. Email messages, social media and blog posts, text and instant messages, photos, video and audio, machine-generated data like log files, and transactional detail are on track to overwhelm your storage capacity.

Each added petabyte costs $4 million per year to store. The truth, to put it bluntly, is that you can’t afford the resources to keep with this deluge. No company can.

There are, of course, technologies that can temporarily mitigate the problem such as data compression, deduplication, thin provisioning, tiering and cloud-based approaches. But all of these merely “kick the can down the road.” A more fundamental solution is required.

Digital Debris Is the Norm

Volume is only half the data story. Even more problematic is the fact that only one-third of the data stored by most companies has business or regulatory/legal value. The rest falls into the category euphemistically referred to as ROT: Redundant, Obsolete, Trivial. Some examples of ROT are:

• Operational data (e.g., logs) with no further value

Data Debris: A Huge Source of Savings Enterprises Can’t Afford to Ignore

T

• Data from departed employees and old or unsupported applications• Outdated drafts• Copies of once-important documents (e.g., for litigation) that are no longer needed.

The one-third figure (31 percent, to be precise) is based on a 2012 CGOC survey and may not be accurate for your company. But it’s very likely that in the best-case scenario you don’t need at least half the data you’re storing.



Obviously, there is a substantial cost benefit in deleting all this “digital debris” in terms of less hardware, lower power and cooling costs, fewer technician hours and other related costs. But there are two other important benefits. The first is that digital debris makes all data-based decision support functions more difficult and less reliable. The second is that, from a legal perspective, digital debris increases the cost of e-discovery, and can sometimes help a legal opponent by supplying more information than is strictly required.

Information Governance

Looked at from a high-level perspective, what companies need to do sounds simple: get rid of the debris, and store what’s left in a manner that’s commensurate with its business value. In the real world, however, the problem is so big, so complex and so fraught with uncertainty that most IT organizations simply feel overwhelmed. The good news is that there is a collection of best practices, referred to collectively as information governance, specifically developed to help companies get their data under control.

There is also a map to lead you in clear, well-defined stages from where you are to where you want to be: The Information Governance Maturity Model. It defines five stages of maturity.

Unsure. IT is aware that data issues may be lurking, but is not actively looking for them. In this stage there are numerous unanswered questions. Where is the data? What kinds of data do we have? Who owns it? Who has access to it? In this stage, no planning or data management processes are in place.

Overwhelmed. In this stage, IT is aware that there are problems, but has no real understanding of data value/costs. The focus is on dealing with data from troublesome sources when issues arise in an ad-hoc fashion via short-term fixes. There is no bandwidth to take on broader issues.

Structured. IT has a stronger understanding of what data issues exist on a global basis, is investigating the root causes of data problems and has established processes to mitigate these issues. There is an active search for ways to reduce data costs. Data discovery is performed on a regular basis.

Managing. IT has a clear understanding of which data issues are problematic, with initiatives to discover further problems. There are well-established information lifecycle management processes in place, and all stakeholders are involved in them. There is full agreement across the enterprise on key data issues.

Optimizing. Fully automated processes run at regular intervals, with concise reports that prove issues have been addressed. There is a strong understanding of data composition in the enterprise. All stakeholders feel confident that data issues are being discovered and addressed proactively.

The Information Governance Maturity Model is a powerful tool for getting started on the path to a cost-cutting approach to data that’s based on business value. Instead of being confused and faced with constant fire-fighting, IT organizations can attack the problem in an organized fashion with clear challenges and goals.

A Leadership Opportunity

While dealing with data debris is a formidable challenge, it also presents an excellent opportunity for IT to take a leadership role and function as a change agent. By reaching out to other stakeholders and driving best practices, IT can drive significant cost savings, improving IT efficiency and simplifying the handling of related downstream processes as well for multiple win-win outcomes.



he case for information economics could hardly be stronger. Diligent information lifecycle management cuts IT’s operational costs, improves business processes and the

accuracy of analytics, reduces legal cost and risk (by supporting only the amount investigation required by law and no more) and puts IT in a leadership position as a change agent. Given these benefits, why don’t IT departments jump at the opportunity to get rid of data debris?

The answer to why eliminating ROT (data that is Redundant, Obsolete or Trivial) isn’t aggressively pursued by IT typically lies in another IT acronym: FUD (Fear, Uncertainty and Doubt). Obviously, no IT organization would actively choose to take on the management of huge amounts of unnecessary data. There is absolutely no benefit in that course of action. The preservation of unnecessary data is more of a non-choice stemming from inertia, lack of information, and a vague, nagging fear that one day there will be an urgent demand for a document that has suddenly become very important, and IT won’t be able to produce it. According to research conducted by the Enterprise Strategy Group (ESG), IT and business professionals cited four barriers to data disposition:

• 36 percent cited fear of inability to furnish data related to a legal or regulatory request.• 29 percent feared being unable to furnish data for business needs.• 22 percent reported that policy dictated that all data be preserved indefinitely.• 18 percent said that data disposition was too difficult.

The first three items reflect what the central problem in information lifecycle management is, arguably. Nobody in

IT really knows what data actually needs to be saved. This is hardly a surprise. Given the constant pressure to “keep the lights on,” meet SLAs and implement the demands of line managers for new capabilities, there are no available resources to ask this question. Lacking any knowledge or guidance, the saving of every byte “just in case” has been the only viable course of action.

To put it another way, most IT departments are in the first stage of the Information Governance Maturity model, UNSURE.

Cleaning House: Practical Approaches to Data Debris

T



Moving upward in this model involves achieving several overarching goals:

• Cutting the amount of data stored to the absolute minimum.• Ensuring regulatory/legal compliance.• Storing all data at a cost that matches its business value.• Automating all of the above.Fortunately, there are specific steps that can be taken to move forward and increase the rate of defensible disposition of data.

The first step, as with most major corporate initiatives, is to obtain high-level buy-in and/or recruit a champion. This is not as difficult as it sounds. The cost of data storage per unit of data for any given tier or class of data is usually a known number. With that number, very convincing what-if scenarios can be calculated, e.g., “If we reduced our storage capacity by x gigabytes, our cost savings would be y dollars.” Furthermore, the first stages of defensible disposition can be achieved with no capital investment. All that’s required is cooperation from key stakeholders.

The second step is reaching out to those stake holders to establish policies that can ultimately be automated. In general, data loses value over time until it becomes worthless. Sales data from the previous year is valuable for planning, but data from 10 years ago is probably not. Even data related to regulatory compliance or legal issues can be deleted at some point in time.

In most organizations, the key stakeholders in the policy setting process are:

• Business users who employ applications for collaboration and decision support• Application owners who self provision or request storage when applications are launched• The legal team, which knows what needs to be kept for in the case of potential litigation• The records or compliance team, which manages record retention to meet regulatory obligations

Dealing with these various groups will involve a certain amount of back-and-forth negotiation, as there will always be trade-offs. For example, the goal of having maximum IT efficiency may be in conflict with the wish to have every possible byte of decision support information. However, even with the most conservative approach to data retention, it is virtually certain that large amounts of data will be purged.It’s important to remember that the exchange between IT and the various stakeholders isn’t a purely intellectual exercise. The stakeholders need to have trust in the IT systems that will ultimately implement the policies they formulate, and feel confident that the data they need will really be there when they need it.

Once policy decisions have been finalized, the last step is enforcement. In some cases, the policies that exist may be adequate but require more rigorous enforcement to be successful. In fact, in the ESG study mentioned earlier, better enforcement was cited as crucial by 76 percent of the respondents. The key to enforcement is putting the technology in place that can automate the central tasks of identification, classification, analysis, movement (e.g., from one tier to another) and, of course, deletion.

This technology is available. IBM offers a full complement of proven solutions that let companies gain control over their data once and for all, as well as guidance on how to most effectively put these solutions to work.



f the five stages in the Information Governance Maturity Model, the second stage — “Overwhelmed” — is typically the most uncomfortable. Many IT organizations

experience a strong temptation to look for quick fixes based on the mechanics of storage. Thin provisioning, to take just one example, enables more efficient utilization of existing storage capacity, so that companies can effectively store more data at a lower cost.

These approaches certainly have a place in any total data management strategy, but it is a serious mistake to rely on them to solve the fundamental problem of data debris. Eliminating ROT (data that is Redundant, Obsolete or Trivial) requires more. Specifically, the IT organization, records management teams and legal teams must work together to establish viable policies that allow for defensible deletion of data that has no value from a business, regulatory or legal perspective.

Only when these policies are in place and a clear plan has been formulated should IT proceed with implementation. At this stage, IBM offers a complete portfolio of solutions that enable companies to dramatically reduce data debris while keeping the costs of storing useful data in line with its value.

Legacy Data Clean-Up

One of the main barriers to eliminating ROT is the fact that it is scattered throughout organizations on multiple servers, in multiple file formats and often in multiple physical locations. Much of this data is unstructured, which adds to the challenge. IBM® Information Governance for Data Assessment & Clean Up allow teams working on the elimination of data debris to index, search and act upon data from more than 75 common enterprise data sources in 450 different file types. Furthermore,

Four Data Debris Initiatives That Attack ROT at Its Roots

O

the solution can deal with that data in place, whether it resides in network servers, storage systems, the cloud, or even on desktops and laptops.

Companies can take a broad brush approach to cleaning up this data or classify and filter it at high levels of granularity. To give a rather extreme example in the area of trivial ROT, teams could perform an enterprise-wide search for documents whose file paths contain \sales\, with the file type .ppt and an age greater than five years — and delete all the results that meet those criteria.



Companies can also determine what data needs to be retained for legal or compliance purposes, and also spot any data that requires extra protection, such as files containing credit card information, social security numbers and the like.

The big picture is that the IBM solution for Data Assessment & Clean Up enables organizations to truly understand the value of their data, while giving IT the information it needs to clean house confidently, without fear that important records will inadvertently be deleted.

eDiscovery

The legal requirements of eDiscovery have a disproportionate impact on the problem of ROT because this is the area where IT managers are most likely to keep unnecessary data “just in case.” According to the Compliance, Governance and Oversight Council, only about 1 percent of organizational information is actually subject to legal hold. However, as a separate study conducted by the Enterprise Strategy Group revealed, fear of deleting such data was cited by 36 percent of the respondents, making it the top data management concern of IT and data professionals.

The IBM Information Governance for eDiscovery solution organizationally links legal and IT teams so they can work together to eliminate uncertainty and maximize the relevance of eDiscovery data while minimizing its volume. The ultimate result is the smallest legally defensible data set. This reduction in volume not only cuts the downstream costs of attorney review, it also lessens the risk of turning over information to an opponent that need not have been provided.

IBM Information Governance for eDiscovery is easy to use for non-IT personnel. Legal users can walk through a legal-friendly workflowto identify data sources, data ranges, custodians and matter terminology, and work with data experts to create advanced filters as well. This process applies to unstructured data, including in-place desktop data.

The ability to analyze in-place data is important because approximately 90 percent of corporate cases are settled prior to the collection process. The insights yielded by in-place analysis enable litigators to make more informed decisions about whether to settle or litigate, without having to move large quantities of data to a retention server.

Records Management and Retention

In every enterprise, a certain amount of stored data passes its point of usefulness every day. For this reason, one-time clean-up initiatives aren’t enough to solve the data debris problem. Retention and disposition schedules must be rigorously enforced to ensure that initial successes in value-based data management are maintained over time. The teams in charge of this function face several challenges:

• They must deal with multiple jurisdictions, all of which have different rules.• Retention schedules are often managed in PDF documents and spreadsheets, which are difficult to update and don’t support automated disposition.• The systems used to enforce compliance (message archiving, to take one example) are often not capable of executing retention policies.

IBM Information Governance for Records and Retention solution addresses all these issues. It lets companies define global and jurisdiction-based schedules while also enforcing both retention and disposition policies, including records containing unstructured data. It also provides inventory information that establishes the location, importance and utilization of data — information that can lead to better decision making concerning retention vs. disposition.

Value-Based Archiving

All of the solutions described here for eliminating data debris can also be used in conjunction with IBM Information Governance for Archiving to ensure the retained data is stored at a cost that matches its business



value. The determination of where useful data should be stored or archived can be fully automated once rules have been established, as can the process of moving data from tier to tier in a multi-level tiering system as it ages and become less valuable.

The New Data Imperative

The problem of data debris is insidious. Unlike system crashes or malware attacks, it doesn’t manifest dramatically. Rather, it quietly saps resources in ways that are as costly as they are difficult to uncover.

Fortunately, a map that leads to success with data debris exists. IBM’s Information Governance Maturity Model can lead companies step-by-step to a position of mastery over their data, with the help of smarter data solutions that have proven their value in enterprises worldwide.

clearing out digital debris with information governance · digital debris increases the cost of...

Documents