| The other day I decided it was finally time to clean - | | | | simple. We simply put everything in a box and placed |
| really clean - my desk. As I worked through years of | | | | that box in a warehouse for however long. Given the |
| accumulation, I noticed an actual pencil lying forgotten | | | | explosive growth of easily replicable electronic |
| on an old pad of paper. The pencil was all dusty and | | | | information, it's much more challenging. |
| unused, and the pad had yellowed and curled edges. | | | | Factor #4: Information is subject to electronic |
| That got me thinking about how long it's been since | | | | discovery |
| pen and paper were used for daily communication | | | | A critical event occurred in December 2006 with the |
| and record keeping. Now, some of you may brand | | | | passing of The Federal Rules of Civil Procedure |
| me an old codger for being able to remember that at | | | | (FRCP). The FRCP governs procedures for civil suits |
| all, but, bear in mind that the first usable version of | | | | in United States district (federal) courts. It was |
| Microsoft Windows, version 3.0, shipped just 18 years | | | | amended to outline how electronic documents can be |
| ago. At that time, many pencil pushers resisted | | | | used to support litigation proceedings. The |
| transferring everything to the "computer," but even | | | | amendment also defined how electronic documents |
| the most active holdouts gave way in a year or two. | | | | should be handled to support litigation search and |
| Oh, some of us might have used an email system | | | | discovery. |
| back then. At Hewlett Packard, I remember sending | | | | Essentially, this means that all information is |
| emails using their proprietary HP Desk mail system | | | | discoverable, which presents a problem. Companies |
| back in the mid 1980s. However, at the time, the | | | | are not only required to keep information for a |
| majority of office workers were... actual pencil | | | | particular period of time (for regulatory purposes), |
| pushers. | | | | but also are incentivized to get rid of it as soon as |
| Can you find anyone today who doesn't compulsively | | | | possible. It simply isn't practical for a company to pay |
| check their email or scroll through file listings to find | | | | an attorney $400/hour to perform discovery across |
| what they need? OK, John McCain doesn't, but he | | | | all of their information. |
| has "people." I don't know about you, but I don't | | | | The Challenges of Managing Unbridled Information |
| have "people." However, I do have my fully | | | | Growth (the Buckets Multiply Geometrically) |
| networked system with Internet access, Instant | | | | So - where does this leave us? We have too much |
| Messaging, stunning graphics, oodles of productivity, | | | | information today. Some of this data needs to be |
| and regular backups. And I love it! | | | | protected because it contains sensitive information. |
| In that eighteen years we experienced the world | | | | Some of it needs to be retained for certain periods |
| changing faster, and more completely than it ever | | | | of time due to regulatory constraints, and it's all |
| had. The Internet (once the exclusive domain of the | | | | discoverable. We are creating new information at an |
| nerdy-ist of nerds - cosmological physicists) became | | | | alarming pace, and like with the sorcerer's apprentice |
| everyone's instant window to the world. Easy-to-use | | | | bucket brigade, it's frighteningly out of control. |
| authoring tools allowed everyone to be productive. | | | | I attended last month's ARMA (Association of |
| It's as if the sorcerer's apprentice were replicating | | | | Records Managers and Administrators) conference in |
| legions of pencils instead of brooms to generate a | | | | Las Vegas to get more perspective on the |
| catastrophic data deluge. Today, corporations are | | | | information conundrum. After all, records managers |
| literally drowning in it. | | | | have had to deal with the management of |
| Back in 2006, IDC conducted an exhaustive study | | | | information for many years, initially in physical form |
| (Source: The Expanding Digital Universe, IDC, March | | | | and more recently in electronic form. Their mantra is |
| 2007) and forecasted, between 2006 through 2010, | | | | simple. They need to know what they have and |
| a 57% growth rate year over year in the amount of | | | | where they have it. They need to make certain only |
| information created, captured and replicated. | | | | the right people have access to the information. |
| So, where is all this information coming from and why | | | | They need to know what to keep, and they need to |
| aren't companies able to deal with it? Well, it comes | | | | keep it as long as they have to. They need to get |
| from everyone, and it's a problem because most of | | | | rid of everything else. It's a simple matter of setting |
| it is unstructured. Most people aren't aware of this, | | | | up policies across the enterprise and enforcing them. |
| but The Enterprise Strategy Group estimates that | | | | It sounds so simple. But is it? Do we know what we |
| between 80-85% of all business data is unstructured | | | | have? Do we know where we have it? |
| (Source: Extending Discovery to All Corporate | | | | Unfortunately, it is easier said than done. The |
| Information, Enterprise Strategy Group, December | | | | information we create is vast. It is stored in |
| 2007). | | | | heterogeneous formats throughout the world. |
| What is unstructured data? It consists of emails, | | | | I spoke with one Records Manager of a mid-sized |
| reports, all user files (documents, spreadsheets, | | | | company who told me, "Yes, I know what we have. |
| PPTs, PDFs), images, video, HTML/XML, MP3, etc. It | | | | I have two file shares in Des Moines with my finance, |
| varies in importance, too. The average user will save | | | | marketing and sales files. I have a user share in our |
| pictures of their children, emails about what a good | | | | corporate office with personal files. At corporate, I |
| job they are doing, CYA "email trails," work-related | | | | also have my web farm. I have an Exchange Server, |
| spreadsheets, thick Word documents, etc. | | | | one Personnel Database, one Accounting Database, |
| In the book, "Tapping into unstructured data: | | | | and one Documentum System. Oh, and twelve |
| Integrating unstructured data and structural analytics | | | | SharePoint sites." |
| into business intelligence" (Bill Inmon and Anthony | | | | Her problem is typical. With information stored |
| Nesavich, Prentice Hall, 2008), the authors describe | | | | everywhere, how can she manage it across |
| the various types of unstructured data created by | | | | heterogeneous systems? How can she set up |
| the typical departments in a corporation. These | | | | consistent policies for ensuring the right access? How |
| include: Accounting, Call Centers, Engineering, Finance, | | | | can she ensure that the right data is retained? How |
| Human Resources, Legal, Marketing, Sales, Shipping | | | | can she ensure that she gets rid of what she does |
| and Operations. That means everyone is contributing | | | | not need? |
| to the challenge while they look to the data center | | | | Basically, she not able to address these problems, |
| to control it. | | | | which could place her company out of compliance. |
| The Challenges of Unbridled Information Growth | | | | This brings a risk of being heavily fined. The problem, |
| Let's take a look at some of the major challenges in | | | | of course, is even worse for larger companies who |
| dealing with this unbridled growth of information. | | | | literally have Petabytes of information stored |
| Factor #1: Information must be stored | | | | everywhere. |
| The more data we generate, the more storage is | | | | One Certified Records Manager I spoke with likes to |
| required. This storage need opened up tremendous | | | | categorize information as follows: |
| opportunities for storage vendors as customers | | | | Type of Information and Where it Exists |
| sought to purchase more and more equipment. The | | | | - Unstructured - Data File Shares, Desktops, Laptops |
| storage industry introduced the moniker Information | | | | - Enterprise Content Management System - |
| Lifecycle Management to provide more cost | | | | SharePoint, FileNet, Documentum |
| effective ways to deal with this growth. They also | | | | - Messaging - Email, Voice Mail, IM, etc. |
| introduced the concept of tiered storage to allow | | | | - Databases - Human Resources, Order Processing, |
| companies to better manage it along various | | | | etc. |
| dimensions: price, performance, capacity and function. | | | | He explained, "The problem is that a single, universal |
| Initially, the storage cost factor was the biggest | | | | system for managing information does not exist." I |
| impact on corporations of this growth. However, as | | | | visited vendors, both big and small, and confirmed |
| storage cost quickly declined, its importance became | | | | what every Records Manager has known for quite |
| dwarfed by other factors. | | | | some time. That being able to effectively manage |
| Factor #2: Information can be sensitive and needs to | | | | information according to the Records Management |
| be protected | | | | mantra is truly a Herculean task. |
| As companies created more and more information, | | | | Managing Information in a Cloud (the Sorcerer |
| the importance of protecting that information and | | | | Returns from Lunch) |
| ensuring the proper access level became more | | | | There is a sorcerer who can clean up, organize, and |
| apparent. While it sounds easy (i.e. making sure the | | | | control the deluge of information, and its name is |
| right people have access to the right information), it's | | | | Classification Management. Only when information is |
| not so easy to actually do, and the costs of not | | | | classified, can it be effectively managed to address |
| securing data can be astounding. Examples are: | | | | the concerns of sensitivity, retention and destruction. |
| - Hefty fines under PCI, SOX and HIPAA for | | | | The magic wand of this Classification and |
| breaches and noncompliance | | | | Management sorcerer is a sophisticated Policy Engine. |
| - Bad PR and damage to the corporate brand due to | | | | It's sophisticated because it can support different |
| the need to publicly disclose privacy breaches | | | | Policies for different information sources (databases, |
| - Outright IP theft where trade secrets and | | | | email systems, etc.). It can support different Policies |
| proprietary information could fall into the hands of a | | | | for different regional regulations, and it's flexible |
| competitor and materially damage the company's | | | | enough to deal not only with today's regulations, but |
| business prospects | | | | also with future ones. |
| Factor #3: Information must be preserved for | | | | Scalability is the other side of this magic wand |
| regulatory reasons | | | | because, classification alone is not sufficient to deal |
| Every company is governed by a set of regulations | | | | with the scale of the information in the average |
| that that determine the length of time that | | | | enterprise. It is geographically distributed across |
| information must be stored. There are a slew of | | | | heterogeneous systems, and a centralized |
| regulations that govern information retention. The | | | | information management scheme will not and cannot |
| more familiar of these include: | | | | scale. |
| - Health Insurance Portability and Accountability Act | | | | Because of this, we see Enterprise Information |
| (HIPAA) of 1996 | | | | Management as being the first enterprise application |
| - Sarbanes-Oxley Act of 2002 | | | | that requires a form of cloud computing. This allows |
| - SEC Rule 17a-3, a-4 | | | | all information everywhere to be managed. |
| There are countless more. Some industries (e.g. | | | | What's Next |
| Pharmaceutical, Finance, etc.) are more regulated than | | | | As we proceed into 2009, only a couple things are |
| others. And, of course, with the recent Credit Crisis, | | | | certain: companies will create more information; |
| we expect the number of regulations to skyrocket in | | | | government will create more regulation, and the |
| the coming years. | | | | sorcerer will have more and more data to manage. |
| In the good old days, retaining this information was | | | | |