Information Without Governance Is Like A Kid With Free Reign To The Cookie Jar

By Jeffrey Lewis posted 05-23-2014 21:14


Everyone wants information, but no one wants records.  The problem with records is that they are inactive, locked in a cabinet and no longer serve a business purpose.  Information is active and can go places where records cannot go, such as the cloud and to mobile.  Records are tightly managed and information can have a tendency to become very chaotic.  For this very reason records managers need to position themselves to not just manage records, but also govern information. 

If we view one of our tasks is to protect information like a mother hen then we will be like parent who only gives their kid carrot sticks and celery, but when the child goes to a friend’s house they will immediately pig out on junk food.  Business wants the newest and coolest gadgets out there.  Once our focus only becomes on protecting records and information, but not making it accessible then our staff will see taking information to the cloud and mobile as a forbidden fruit that they cannot resist.  Mobile and the cloud are not the enemy of information governance.  The only bad cloud or mobile environment for records and information is the one that is not governed.  The consumerization of IT is making business more efficient and we need to team up with them to make the most of the resources they have available.  

On-site, off-site or behind a firewall are not our only options when it comes to storing information.  Many records managers resist the cloud with fears of it not having enough security.  The truth of the matter is that in many occasions the cloud is more secure than most enterprise environments.  Our users want to telecommute and have access to information at any time and from any location.  If we do not provide it for them, then we are fooling ourselves if we think we can outsmart them and prevent compliance failures and other risks by trying to rope off all access to information.  More and more cloud vendors are coming online, so it is impossible to create a policy to block them all. If you have your own cloud space then you only have one cloud to worry about auditing and having policies in place for instead of a sprawling untamable frontier of content that is impossible to police.    

When records management was paper based it was not agile in the least.  The advent of electronic records made information storage and retrieval a very dynamic and fast paced process.  BYOD now has made information governance an obstacle course that could rival any Tough Mudder.  For example, as users create corporate records on their devices, are we able to sync that to our records management systems?  More importantly, when employees sync their phones to their own personal network do we have the proper containerization or other type of solutions in place to make sure corporate information is not synced as well? If a phone is lost or stolen, how do we make sure corporate information does not get into the wrong hands?  Most importantly is the training aspect.  Teaching staff enterprise policies for corporate owned devices is the logical step that no one will argue, but due to human nature users will have a resistance when they have to apply corporate policies to personal devices which house corporate data. 

Information is an asset that is very powerful, but also very risky.  In the information governance table we have a natural seat next to compliance, but business and IT will block RIM from the table if we do not treat disruptive technologies as a present day reality that must be managed in the information life cycle.  We can't manage it just for management sake, for the same reason they can't use cool toys just for the sake that the toys are cool.  Our attention needs to be on how information flows through the organizations so that we can get the maximum return on investment while reducing any risk of indictment.    

#ElectronicRecordsManagement #Records-Management #information governance #cloud #ConsumerizationofIT #informationsecurity #BYOD #Informationaccess #InformationGovernance