As the mountains of data grow, so does the variety of strategies CIOs are marshalling to manage that information, and profit from it.
The Technology Solution
Eyeing a potentially lucrative new market, software and consulting companies are enthusiastically targeting information governance applications. Project InVision's governance, risk and compliance program, for instance, uses a modular approach that provides an organization visibility into the movement of information throughout its networks, so it can set up authorization channels to protect financial and confidential records. Other enterprise-security companies, such as Providence, R.I.-based Polar Cove, address a critical, and often overlooked, subset of data governance: the security and auditing procedures of outsourcing firms.
"When companies outsource services, they do not outsource responsibility," says Bruce Eissner, Polar Cove CEO. "For public companies, that means they must require outsourcers to behave just as the public company must behave. Their controls, including business processes and information management, must meet the same level of compliance as the public company. The outsourcer may be private, but they need to execute and to certify their executions as if they were public."
No aspect of information governance has generated more attention from technology providers than data storage. Every day, millions and millions of new e-mails are created, and an equally unfathomable amount of data from customers, or from internal activities, is entered into corporate networks. Archiving this information in a fashion that makes it retrievable, and not forever lost in some vast repository, is an extremely difficult task.
The problem is that the lion's share of data is unstructured—E-mail, word-processing documents, spread sheets and the like—and they resist any obvious system for recovering a specific piece of information after it is stored away. To overcome this, technology services and software firms are developing programs that assist companies in creating architectures and operating procedures for handling unstructured data. Issues under examination include the length of time information should be retained and how e-mail and word-processing files must be tagged so that they can be located by searching mechanisms.
"In the past, the IT infrastructure was created without communicating with applications owners and business units, who are in a better position to know the value of data to the organization and which data must be accessible," says Jim Damoulakis, chief technology officer at GlassHouse Technologies Inc., a Framingham, Mass.-based storage company. "We're finally in a period when infrastructure policies are being decided on a strategic level."