the ig forecast: cloudy with a chance of fragmentation › › resource › ...office 365 (including...

2016 ARMA Houston Spring Conference

The IG Forecast: Cloudy with a Chance of Fragmentation

DRAFT: Submitted for Review


2

Meet our Presenters

Background

• Skilled in working in high-pressure environments to quickly understand client needs and translate large amounts of complex data/information into meaningful solutions.

• Experienced in forensic, financial service, and claim resolution engagements, and has a strong background in data analytics, data visualization, data management/databases, and automation.

Background

• Concentrates in leading large scale information governance projects focused on designing strategic roadmaps, building enterprise taxonomies, developing compliance tools, and implementing unstructured information systems such as Microsoft Office 365 (including SharePoint), Box, and IBM FileNet

• Collaborates with clients to solve complex issues and identify transformative opportunities rooted in managing information as a corporate asset

Tommy HsiaoManager(571) [email protected]

John RhoadesDirector(713) [email protected]



3

Objectives


01

02

03

04

List common drivers for migrating to Office 365

01

04

Describe the functionality and business drivers of key cloud

platforms and applications

Describe the role of IG in broader digital transformation initiatives

03 List scenarios where utilizing data analytics can support

achieving IG objectives

02Engage stakeholders in a dialogue about the IG risks and rewards of moving to the cloud


4

Framing the Challenge

“The cloud is becoming the core paradigm for delivering business technology, with an aspirational promise of ‘zero infrastructure–

anything-as-a-service’. ”

“Zero infrastructure– Anything-as-a-service: A technology operating model for the cloud-centric era” Strategy&

Cost Management Scalability Agility

Why migrate to the cloud?



5




6


Build Momentum

Plan for Success

Capture Benefits

Cloud Avoidant Evaluating Cloud

Options

Building a Business Case

OR

Adapting to Technology

Strategy Change

Planning for Migration

Migrating to Cloud

Stabilizing Adoption

Exploiting Capabilities

Where is your company on the road to cloud?



7

Implications for IGFragmenting the IG Landscape

Records Management

Email Management

Network File Shares

Digital Assets

“Personal” Storage

SocialIn

Scop

eO

ut o

f Scop

e

IG / RMProfessional

“Recent Past” “Emerging Future”

IG / RMProfessional

Records ManagementEmail Management

Network File Shares

Digital Assets

“Personal” Storage

Social

Case Management

Case Management

Compliance Driven Use Case Driven



8

Implications for IG

• Data leakage• Increased discovery

cost• Business process

disruption• Increased threats to

information security

• Reduced infrastructure cost

• Improved findability of data

• Improved scalability• Enhanced collaboration• Improved user

experience

Risk

Reward

InformationGovernance

Balancing Risk and Reward



9

Five Critical Questions

How will you perform preservation and discovery against cloud based content?

How will your information governance policies, processes, and procedures need to change?

What new privacy and security issues could develop?

How will existing user behaviors need to change?

What do you do with existing landfills of information as you migrate to the cloud?

1

2

3

4

5



10

Question 1: How will you perform preservation and discovery against cloud based content?

Key Risks Mitigation Tactics

• Challenges integrating cloud systems and your existing hold order management systems could frustrate efforts to preserve content

• Increased individual storage capacities could increase discovery costs due to an exponential growth in content

• Orphaned applications that remain as repositories may increase the complexity and effort of discovery

• Map discovery process flow against technologies to identify bottlenecks and fail points

• Reinvigorate information management policies and apply governance to unstructured content



11

Sample Discovery Process Flow



12

Question 2: How will your information governance policies, processes, and procedures need to change?


• Existing governance policies may not reflect the move to social media, increasing the risk of non-compliance

• Current focus may be on records management and not broader information governance challenges

• Lack of consistently applied data classification standards may frustrate efforts to strengthen information security

• Review policies for inclusion of messaging and social media

• Mobilize and empower a cross-disciplinary information governance council to develop standards and provide guidance



13

Information Governance CouncilOrganizations can champion information protection utilizing information governance.

Who the Information Governance Framework applies to:

• Roles and responsibilities matrix for enterprise departments that handle sensitive information within and for an organization

What the Information Governance Framework provides:

• A structure to address sensitive information ownership, determine responsibilities for protecting the identified information, and translate into a prioritized actionable remediation roadmap

Protected Information

Privacy &Compliance

Research & Development

Legal

Accounting Revenue &

Finance

InternalAudit

InformationTechnology

Human Resources

Business Operations



14


• Shift to social media could surface content outside of user permissions

• “Dark” data that is migrated may not have the appropriate control associated with it

• Extending the enterprise increases risk of data leakage

• Continued release of cloud environment updates could create new threats

• Include Security and Privacy teams on your information governance council

• Conduct conference room pilots of technology that presents the most risk

• Define specific uses cases and benefits to extending access to third parties

• Judiciously conduct pilots with third parties to prove use cases

Question 3: What new privacy and security issues could develop?



15

Question 4: How will existing user behaviors need to change?


• Increased storage availability could reinforce hoarding mentality

• Integrated repositories could create confusion on appropriate storage location for data

• Design a change management program to shift mindset to information as a corporate asset, much like cash or equipment

• Provide guidance on “what goes where”



16

Question 5: What do you do with existing landfills of information as you migrate to the cloud?


• Discovery risk may increase as “dark” data is migrated to the new environment

• Data could be orphaned on file shares and endpoints as content is migrated

• Benefits case may be diluted by effort to migrate existing archive repositories

• Utilize a risk based approach to analyze existing information stores

• Identify target systems for decommissioning

• Develop a remediation / migration strategy that strikes the balance between what is done using available tools and what users will be required to perform

• Set reasonable timelines to achieve data migration



17

Data analytics support Information Governance (IG) principles by helping an organization understand and refine its data landscape

Profile: Understand organization’s data landscape

Remediate: Identify and disposition unneeded data

Monitor: Ensure IG principles are followed / avoid data bloat

IG

Principles

Profile

RemediateMonitor

Data Analytics and Information Governance



18

Data Profiling – Levels of Analysis

Enterprise

System/ Machine

Directory

File

Analytics can be run at multiple levels within an organization

Higher level analyses can be used to identify areas for more in-depth analyses

Analyses should be designed to determine information systems/sources within an organization, including additional key data points such as size, key dates (created and last modified)



19

Data Profiling – Directory Level Example

Analysis to understand the top 10 directories in a given system/folder based on item count

Obtains directory/folder metadata to create analysis

Key data points to consider:

▪ Item Count

▪ Folder Size

▪ Date Created

▪ Date Last Modified

This analysis helps identify “low hanging fruit” directories to analyze for remediation



20

Data Profiling – Machine Level Example

Analysis to understand employee computer data landscape

Obtains user machine metadata to report on partitions, folder and file types

Key data points to consider:

▪ Drive Partition

▪ Folder Type

▪ File Type

▪ File Size

▪ Dates (created/last modified)

Provides insight into employee data usage



21

What is it:

Supports IG principles by having the goal of organizing, categorizing and securely removing data

Determines information valuable to the business, legal, and compliance/regulatory needs

Identifies information no longer valuable and that should be dispositioned in a defensible manner

Why is it important:

Reduces reputational and litigation exposure

Reduces cost

Improves discovery of critical documents

Reduces risk of misplacing sensitive information

Data Remediation



22

Dark Data

Operational information that is collected but not used. Dark Data includes:

- Log files

- Notes

- Previous employee data

- Customer information

- Emails

Remediation Benefits:

- Cost savings

- Reduce litigation risk exposure

- Identify unknown business value

Approx. 50% of data is

dark



23

ROT Data

Redundant, Obsolete, and Trivial (ROT) Data Includes:

- Legacy / unused data systems

- Information not subject to retention/records management policies or schedules

- Non-records

- Non-business related content

Remediation Benefits:

- Cost savings

- Declutters systems which leads to improved productivity

- Discovery benefits / improved search engine performance

Approx. 1/3 of company data

is ROT



24

Content subject to legal, fiscal or other compliance/regulatory retention hold must be identified prior to data remediation

Information subject to a retention hold should be evaluated for each system and system type

Remediation methods should consider presence and impact of legal hold data, including aspects such as system complexity and risk of error during data disposition

Legal Hold Data



25

Run periodic metadata analytics to ensure compliance

Data Monitoring



26

Final Thoughts

• Cloud migration is a transformative event and should be viewed in the broader context of digital transformation

• Information governance acts as the balancing agent between the risks and rewards of migrating to cloud solutions

• In the cloud, data is the only thing you will own — implement governance and processes that can be sustained over time, not just enacted in support of implementation

• Pacing and communication are critical to gain user adoption



27

In Closing

01

02

03

04

List common drivers for migrating to Office 365

01

04

Describe the functionality and business drivers of key cloud

platforms and applications

Describe the role of IG in broader digital transformation initiatives

03 List scenarios where utilizing data analytics can support

achieving IG objectives

02Engage stakeholders in a dialogue about the IG risks and rewards of moving to the cloud


28

Contact Information

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

John RhoadesPwC | Director1000 Louisiana St.Houston, TX 77002Phone: +1 832 362 2007Email: [email protected]

http://www.pwc.com/us/forensics

Tommy HsiaoPwC | Manager

1000 Louisiana St.Houston, TX 77002

Phone: +1 571 269 7472 Email: [email protected]


mailto:[email protected]

http://www.pwc.com/us/forensics

mailto:[email protected]


29

the ig forecast: cloudy with a chance of fragmentation › › resource › ...office 365 (including...

Documents