So Rob Fitzgerald sends me an article this morning and asks tells me to blog about it. See, he’s my boss so he can do that. My initial reaction (as always, to anything) is one of skeptical interrogation. He sends me two dozen articles a day so I asked myself “why this one?” I immediately identified two potential catalysts for this request.
- I have numerous drafted blog entries that I have yet to post and he’s tired of waiting.
- He’s out of town and thinks I need busywork.
Knowing that the man who signs my paychecks and truthfully someone who I deeply respect asked me to do this I figured I would humor him and read the article. At this point he has me. He played me like a fiddle. I’m in. And before I tell you why let’s talk about a couple things. The article is about a survey conducted regarding “Information governance”. The points of the article that grabbed me are nicely summed up by Doug Austin here. For this conversation let’s focus on the following excerpt:
Of the 2,320 respondents, less than one-half believed that an information governance program was important to their organization” and “only 32 percent of senior management believed information governance important.”
Now that you are up to speed you may remember I mentioned that at this point I’m in. I know what you’re thinking “wow that was quick”… Yes. It was. Let me explain why.
(Please read this next part in Morgan Freeman’s voice… obviously.)
See… it all starts a few years ago when The Lorenzi Group was created with the sole purpose of providing digital forensics to law firms and companies involved in litigation. It didn’t take us long to figure out that what we were really doing was collecting, organizing, analyzing and interpreting data for our clients. The cases varied, as did the data we handled but it turned out the forensic analysis was a small piece of what we were doing for our clients. Over the years we have seen all types of data theft, data manipulation, data breaches and lawsuits or internal investigation involving data use. The entire time it was simply collect, organize, analyze and interpret.
At the same time we started to understand just how damaging each of these scenarios could be. The costs pile up quickly with legal bills, losses of data, clients and IP, bad publicity, fines, sanctions and the list goes on. It seemed incredibly silly that many of these issues were not being addressed proactively in an effort to lower the potential risks and costs. So about three years ago we designed a way to do that. It’s actually pretty straight forward. We collect data at the device level we then organize, analyze and interpret it for the clients. We call it ROAR (Real-time Operations Analytical Results).
The initial concept of ROAR is that by bringing transparency to your corporate network you would be better protected from inside threats. At the same time all this data is being observed so that anomalies identifying risk were addressed early on and the data is readily available in the event of necessary legal discovery. As it turns out it works very well.
Have we ___________________________?
- Caught data thieves red handed? Yes.
- Identified potential sexual harassment lawsuits early on? Yep.
- Exposed insider collusion and executive and sales people stealing clients? You betcha.
- Identified internet abusers? Of course.
In the spirit of ROAR and transparency I will be very candid. Initially I expected that we were going to get lots of people fired. And to be fair… we have. However our work with some of our more forward thinking clients has seen us save and create more jobs than we have eliminated.
Blah blah blah… enough with the sales pitch already right? And what the hell does this have to do with information governance? Ok. Sorry but I think the background and experiences here is important for my upcoming conclusion.
In the name of data security we put cameras (theoretically) on our clients networks and suddenly we were helping them address compliance and productivity as well as well as data security. We had organically created a set of business intelligence that was robust yet unique. By compiling user generated data instead of technical data we have access to not only what the machines are used for but by who, how and when they are used. Our clients now operate more efficiently at a lower level of data related risk and make smarter business decisions than their competitors who don’t have this information readily available.
And now the requested blog topic… Information governance and the survey covered in the article on Law.com.
It does not surprise me one bit that less than half the respondents and only 32 percent of senior management think protecting and understanding their data is important. I think it’s easy to understand their viewpoint even though it is incorrect. They hear “data” they think “cost”. Fair enough. Data and specifically data security have traditionally offered very little in the way of up obviously tangible ROI. Those days are over we (and many others) have proven it. Technology moves very fast. The amount of data being created on a global scale is growing exponentially each day. The people who maximize the value of their data will be more successful than those who do not.
Your data is your business. I hope your senior management is part of the 32% who agree. If not, give us a holler and we will be happy to enlighten them.