the ig forecast: cloudy with a chance of fragmentation › › resource › ...office 365 (including...
TRANSCRIPT
2016 ARMA Houston Spring Conference
The IG Forecast: Cloudy with a Chance of Fragmentation
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
2
Meet our Presenters
Background
• Skilled in working in high-pressure environments to quickly understand client needs and translate large amounts of complex data/information into meaningful solutions.
• Experienced in forensic, financial service, and claim resolution engagements, and has a strong background in data analytics, data visualization, data management/databases, and automation.
Background
• Concentrates in leading large scale information governance projects focused on designing strategic roadmaps, building enterprise taxonomies, developing compliance tools, and implementing unstructured information systems such as Microsoft Office 365 (including SharePoint), Box, and IBM FileNet
• Collaborates with clients to solve complex issues and identify transformative opportunities rooted in managing information as a corporate asset
Tommy HsiaoManager(571) [email protected]
John RhoadesDirector(713) [email protected]
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
3
Objectives
DRAFT: Submitted for Review
01
02
03
04
List common drivers for migrating to Office 365
01
04
Describe the functionality and business drivers of key cloud
platforms and applications
Describe the role of IG in broader digital transformation initiatives
03 List scenarios where utilizing data analytics can support
achieving IG objectives
02Engage stakeholders in a dialogue about the IG risks and rewards of moving to the cloud
2016 ARMA Houston Spring Conference
4
Framing the Challenge
“The cloud is becoming the core paradigm for delivering business technology, with an aspirational promise of ‘zero infrastructure–
anything-as-a-service’. ”
“Zero infrastructure– Anything-as-a-service: A technology operating model for the cloud-centric era” Strategy&
Cost Management Scalability Agility
Why migrate to the cloud?
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
5
Framing the Challenge
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
6
Framing the Challenge
Build Momentum
Plan for Success
Capture Benefits
Cloud Avoidant Evaluating Cloud
Options
Building a Business Case
OR
Adapting to Technology
Strategy Change
Planning for Migration
Migrating to Cloud
Stabilizing Adoption
Exploiting Capabilities
Where is your company on the road to cloud?
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
7
Implications for IGFragmenting the IG Landscape
Records Management
Email Management
Network File Shares
Digital Assets
“Personal” Storage
SocialIn
Scop
eO
ut o
f Scop
e
IG / RMProfessional
“Recent Past” “Emerging Future”
IG / RMProfessional
Records ManagementEmail Management
Network File Shares
Digital Assets
“Personal” Storage
Social
Case Management
Case Management
Compliance Driven Use Case Driven
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
8
Implications for IG
• Data leakage• Increased discovery
cost• Business process
disruption• Increased threats to
information security
• Reduced infrastructure cost
• Improved findability of data
• Improved scalability• Enhanced collaboration• Improved user
experience
Risk
Reward
InformationGovernance
Balancing Risk and Reward
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
9
Five Critical Questions
How will you perform preservation and discovery against cloud based content?
How will your information governance policies, processes, and procedures need to change?
What new privacy and security issues could develop?
How will existing user behaviors need to change?
What do you do with existing landfills of information as you migrate to the cloud?
1
2
3
4
5
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
10
Question 1: How will you perform preservation and discovery against cloud based content?
Key Risks Mitigation Tactics
• Challenges integrating cloud systems and your existing hold order management systems could frustrate efforts to preserve content
• Increased individual storage capacities could increase discovery costs due to an exponential growth in content
• Orphaned applications that remain as repositories may increase the complexity and effort of discovery
• Map discovery process flow against technologies to identify bottlenecks and fail points
• Reinvigorate information management policies and apply governance to unstructured content
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
11
Sample Discovery Process Flow
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
12
Question 2: How will your information governance policies, processes, and procedures need to change?
Key Risks Mitigation Tactics
• Existing governance policies may not reflect the move to social media, increasing the risk of non-compliance
• Current focus may be on records management and not broader information governance challenges
• Lack of consistently applied data classification standards may frustrate efforts to strengthen information security
• Review policies for inclusion of messaging and social media
• Mobilize and empower a cross-disciplinary information governance council to develop standards and provide guidance
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
13
Information Governance CouncilOrganizations can champion information protection utilizing information governance.
Who the Information Governance Framework applies to:
• Roles and responsibilities matrix for enterprise departments that handle sensitive information within and for an organization
What the Information Governance Framework provides:
• A structure to address sensitive information ownership, determine responsibilities for protecting the identified information, and translate into a prioritized actionable remediation roadmap
Protected Information
Privacy &Compliance
Research & Development
Legal
Accounting Revenue &
Finance
InternalAudit
InformationTechnology
Human Resources
Business Operations
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
14
Key Risks Mitigation Tactics
• Shift to social media could surface content outside of user permissions
• “Dark” data that is migrated may not have the appropriate control associated with it
• Extending the enterprise increases risk of data leakage
• Continued release of cloud environment updates could create new threats
• Include Security and Privacy teams on your information governance council
• Conduct conference room pilots of technology that presents the most risk
• Define specific uses cases and benefits to extending access to third parties
• Judiciously conduct pilots with third parties to prove use cases
Question 3: What new privacy and security issues could develop?
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
15
Question 4: How will existing user behaviors need to change?
Key Risks Mitigation Tactics
• Increased storage availability could reinforce hoarding mentality
• Integrated repositories could create confusion on appropriate storage location for data
• Design a change management program to shift mindset to information as a corporate asset, much like cash or equipment
• Provide guidance on “what goes where”
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
16
Question 5: What do you do with existing landfills of information as you migrate to the cloud?
Key Risks Mitigation Tactics
• Discovery risk may increase as “dark” data is migrated to the new environment
• Data could be orphaned on file shares and endpoints as content is migrated
• Benefits case may be diluted by effort to migrate existing archive repositories
• Utilize a risk based approach to analyze existing information stores
• Identify target systems for decommissioning
• Develop a remediation / migration strategy that strikes the balance between what is done using available tools and what users will be required to perform
• Set reasonable timelines to achieve data migration
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
17
Data analytics support Information Governance (IG) principles by helping an organization understand and refine its data landscape
Profile: Understand organization’s data landscape
Remediate: Identify and disposition unneeded data
Monitor: Ensure IG principles are followed / avoid data bloat
IG
Principles
Profile
RemediateMonitor
Data Analytics and Information Governance
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
18
Data Profiling – Levels of Analysis
Enterprise
System/ Machine
Directory
File
Analytics can be run at multiple levels within an organization
Higher level analyses can be used to identify areas for more in-depth analyses
Analyses should be designed to determine information systems/sources within an organization, including additional key data points such as size, key dates (created and last modified)
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
19
Data Profiling – Directory Level Example
Analysis to understand the top 10 directories in a given system/folder based on item count
Obtains directory/folder metadata to create analysis
Key data points to consider:
▪ Item Count
▪ Folder Size
▪ Date Created
▪ Date Last Modified
This analysis helps identify “low hanging fruit” directories to analyze for remediation
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
20
Data Profiling – Machine Level Example
Analysis to understand employee computer data landscape
Obtains user machine metadata to report on partitions, folder and file types
Key data points to consider:
▪ Drive Partition
▪ Folder Type
▪ File Type
▪ File Size
▪ Dates (created/last modified)
Provides insight into employee data usage
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
21
What is it:
Supports IG principles by having the goal of organizing, categorizing and securely removing data
Determines information valuable to the business, legal, and compliance/regulatory needs
Identifies information no longer valuable and that should be dispositioned in a defensible manner
Why is it important:
Reduces reputational and litigation exposure
Reduces cost
Improves discovery of critical documents
Reduces risk of misplacing sensitive information
Data Remediation
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
22
Dark Data
Operational information that is collected but not used. Dark Data includes:
- Log files
- Notes
- Previous employee data
- Customer information
- Emails
Remediation Benefits:
- Cost savings
- Reduce litigation risk exposure
- Identify unknown business value
Approx. 50% of data is
dark
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
23
ROT Data
Redundant, Obsolete, and Trivial (ROT) Data Includes:
- Legacy / unused data systems
- Information not subject to retention/records management policies or schedules
- Non-records
- Non-business related content
Remediation Benefits:
- Cost savings
- Declutters systems which leads to improved productivity
- Discovery benefits / improved search engine performance
Approx. 1/3 of company data
is ROT
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
24
Content subject to legal, fiscal or other compliance/regulatory retention hold must be identified prior to data remediation
Information subject to a retention hold should be evaluated for each system and system type
Remediation methods should consider presence and impact of legal hold data, including aspects such as system complexity and risk of error during data disposition
Legal Hold Data
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
25
Run periodic metadata analytics to ensure compliance
Data Monitoring
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
26
Final Thoughts
• Cloud migration is a transformative event and should be viewed in the broader context of digital transformation
• Information governance acts as the balancing agent between the risks and rewards of migrating to cloud solutions
• In the cloud, data is the only thing you will own — implement governance and processes that can be sustained over time, not just enacted in support of implementation
• Pacing and communication are critical to gain user adoption
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
27
In Closing
01
02
03
04
List common drivers for migrating to Office 365
01
04
Describe the functionality and business drivers of key cloud
platforms and applications
Describe the role of IG in broader digital transformation initiatives
03 List scenarios where utilizing data analytics can support
achieving IG objectives
02Engage stakeholders in a dialogue about the IG risks and rewards of moving to the cloud
2016 ARMA Houston Spring Conference
28
Contact Information
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
John RhoadesPwC | Director1000 Louisiana St.Houston, TX 77002Phone: +1 832 362 2007Email: [email protected]
http://www.pwc.com/us/forensics
Tommy HsiaoPwC | Manager
1000 Louisiana St.Houston, TX 77002
Phone: +1 571 269 7472 Email: [email protected]
DRAFT: Submitted for Review
2016 ARMA Houston Spring Conference
29