Sergey Nivens - Fotolia
Companies have learned that in order to leverage the economic and functional efficiencies that technology such as mobile devices and cloud computing make possible, information security investments are essential. This will be no different in 2016, as corporate boards and management teams continue to recognize the importance of information governance to their overall compliance strategies and programs.
Increased security spending does more than protect against malicious actors. The dollars also improve the integrity and reliability of all of the data moving across a digital ecosystem. For any business, secure digital information is increasingly valued for being a factually accurate record that serves as authoritative evidence of the truth. While 2015 was a remarkable year for data governance, there are three new information classifications that will be vital to immediate, short-term business strategies this year.
Log data as evidence
Several businesses have turned to the cloud to store the immense volumes of performance and log data that computers generate as evidence of the company's operational effectiveness. In turn, vendors large and small are creating big data analytic tools that can evaluate log data to detect anomalies and variations much earlier than in previous iterations.
In the past, records management and IT teams have not considered these volumes of log data as functionally important to the corporate compliance program objectives. However, the data has huge value for law enforcement and in legal cases. Log data can often serve as evidence that contradicts oral testimony or even the content of other digital records. For example, the time stamp on an email server log may contradict information on a print-out of that email.
Information governance and security processes can leverage log data to benefit the corporate compliance program's objectives. By developing effective governance, the same log data can be evaluated to help identify miscommunications, improper contacts, trading irregularities, unauthorized purchasing and similar activities that are often the basis for enforcement investigations and litigation.
Software design documentation
The Volkswagen fuel sensor incident has placed the spotlight on a second category of documents and records that has been overlooked by traditional records and IT management practices: Software design documentation. On first impression, software and information system engineers are no different than the architects of homes and office buildings. They produce a design (blueprint) of the end result, and then build it. But as with contractors, the as-built final product is often very different than the original design.
Innovations in software and systems design are enabling more rapid prototyping, version releases and corrections of bugs and defects both before and after the release of an application or system. The DevOps team embraces these innovations because it provides continuous delivery to users while the product is still being refined and enhanced.
Through all of these activities, enormous volumes of supporting documentation can be produced. But with the emphasis on the velocity of revisions, structured governance of the documentation is rarely executed. If the end product fails, is tested and found dysfunctional (as in Volkswagen's case), or is investigated for compliance under the new legal rules governing systems design, the documentation (or the inability to find and produce the documentation) can be game-changing.
Information governance and security personnel should connect with development teams at the earliest stages of each new project to create the information classifications and controls for relevant data. The teams should also produce design documentation that is considered part of the organization's overall information governance program.
While Bitcoin has received a great deal of attention as a digital currency, its underlying blockchaining technology may produce far more dramatic shifts in how corporations create and preserve information records. With blockchaining, there is no central repository of each record or digital asset. Instead, blockchaining divides information assets such as transaction records into blocks. It then encrypts each block and distributes the blocks across a large network of participating systems and devices. Blockchaining provides a highly reliable record in which trust is vested in the consensus of the collective of the participating systems rather than the central repository.
Major financial institutions and venture firms are making heavy investments in blockchain innovations. The information governance challenge, of course, is that the records and digital assets included in blockchain pilots or launch roll-outs are still business records that must follow existing mandates stipulating preservation, access control, availability, and destruction rules. If information governance is disregarded, later legal inquiries or calls to produce the primary records could be troublesome.
For each of these three new information classifications, the data management team and drivers of the corporate compliance program will serve their organizations well if they reach out and collaborate with other IT teams. Too often, the push for accelerated software releases or system development takes precedent over effective information governance and security. Collaboration will help assure that the project budgets for these activities properly anticipate the related information governance expenses and their associated benefits.
Get advice on how to use information governance processes to reduce risk, and how autoclassification tools can help improve data management strategy.