Using Information Governance to Mitigate Risk

As greater challenges emerge in today’s data-centric business environment, organizations are placing more emphasis than ever upon risk mitigation. Not only are IT executives looking for ways to reduce their organizations’ risk profiles, but business leaders—including boards of directors—are making risk reduction an essential action item.

Yet risk mitigation involves a number of different policies, actions and initiatives, all centered on identifying, avoiding, eliminating and ameliorating the impact of risk for the organization.

At the heart of an organization’s risk mitigation strategy is information governance. By now, most enterprises have adopted some form of information governance, but those programs must be fluid, flexible and dynamic in order to keep up with rapid, unexpected changes to the organization’s risk profile. Organizations need a comprehensive and evolving information governance policy to protect themselves, their customers and their suppliers, and to free up employees to focus on more productive opportunities.

Information governance programs can help eliminate risk in numerous categories, including:

1. Financial risk: Simply storing everything without any plan governing how to deal with the growing amount of data will lead to skyrocketing costs for infrastructure and IT management. You’ll spend a huge amount of money on housing all the data in the first place—and that’s before taking into account the time and money you will then have to spend searching for the information you need. A full organizational strategy for proper data storage, retrieval and retention will save money on both Capex and Opex.

2. Legal and compliance risk: Compliance requests often come with very tight deadlines, and if you don’t meet those deadlines, you face potentially large fines or other penalties. In today’s world, compliance requirements are growing faster than ever, often faster than manual processes can keep up with. Your information governance policy needs to be able to evolve with them without putting undue burden on staff.

3. Productivity risk: Consider the end user who has to sift through huge volumes of unorganized data for one piece of information—a proverbial needle in the haystack—all because clear and precise upfront measures were not taken to organize data. Or think about employees who waste time managing their mailbox because they continually hit capacity limits.

4. Security risk: If you lack strong controls and have no idea where your information is, you have no idea what security risks you’ve promoted. Perhaps you will accidentally grant the wrong person access to sensitive data they shouldn’t see, or perhaps you will place critical information into systems or devices without proper security. Perhaps you’ll simply lose track of crucial information.

5. Reputational risk: If an information crisis or data breach does indeed happen, your company’s reputation will no doubt take a massive hit. Companies dream of being on the front page of The Wall Street Journal—but not for a data breach. It’s happened to massive corporations like Target; it can happen to yours.

With a comprehensive information governance policy, you will cut risk dramatically in all five of these areas. It’s an important step to a truly secure, efficient and flexible organization in today’s risk-laden world.

Veritas offers a broad selection of information governance tools supporting a wide range of use cases to address and overcome risk. For more information on Veritas information governance solutions for risk mitigation, go to