Every business is unique. With that said, I believe it is worth noting that organizations, regardless of size or market focus, share similar challenges when it comes to allocation of budgets and responsibilities at the executive level. Security and information governance are two trends that are dominating the headlines and discussions within corporate boardrooms to change these internal conflicts and align departments.
Security and information governance are converging across the enterprise market and are poised to make organizations more efficient while improving operations and mitigating risk associated with data. Among the many factors contributing to this convergence are the rise in cyberattacks, increased regulatory demands and the impact that a data breach has on an organization’s bottom line — not to mention brand reputation. The time for action is now.
Across the globe, cyberattacks are on the rise. As new technology is developed and deployed, we see cyberattacks becoming more sophisticated and more targeted with their desired outcome. These range from DNS attacks to ransomware (May’s WannaCry global virus), and they can affect everything from power plants to the outcome of elections. For the corporate world, these attacks are no longer just a nuisance and considered a cost of doing business. Cyberattacks are an ongoing battle that is accelerating the convergence of information governance and security.
The other catalyst to this convergence phenomenon is the increased regulatory demands that are set to take hold in 2018. Today, the European Union’s General Data Protection Regulation (GDPR) stands as a loosely written piece of regulation that has specific fines and definitive requirements. Unlike past regulations, many organizations are paying close attention to GDPR because of the associated fines. For the most serious infractions, including not having customer consent to process data or not adhering the core of “privacy by design” concepts, these fines are not inconsequential (4% of global revenue or $20 million). However, the hidden and less confirmed numbers relate to the cost and resources that are required to remediate the noncompliance. Noncompliance is expected to have broader consequences to an organization’s brand as the reporting of a data breach is more stringent.
The convergence of these two industry trends is changing the way that organizations capture, manage and protect data. It is pushing organizations to adopt more efficient platforms, including migrating to the cloud, and demanding that organizations eliminate much of the useless data that they hold onto.
One only has to look at the travel industry to understand the implications of GDPR for both information governance and security. Organizations across the world that service the travel industry (hotels, airlines, e-commerce sites, etc.) are going to be under the same scrutiny as those based in EMEA when dealing with personally identifiable information (PII) and maintaining control of their data.
The importance of aligning the C-suite in addressing both of these critical business challenges at an organizational level cannot be overstated. Today’s business challenges require that departments work together, that funds are allocated correctly, and that a holistic strategy is applied to the management and protection of corporate data. At the end of the day, data is at the heart of each of these trends. Organizations need to understand a number of things about the data, including:
- What data is captured and for what purpose?
- Where and how will it be managed and secured throughout the information lifecycle?
- Does the data collected comply with new regulations and policies?
- When will stored data be destroyed in accordance with data governance policies?
I have participated in customer meetings where the CIO was in the midst of outlining the company’s GDPR data strategy and the CFO actually took over the meeting because the cost benefits that are associated with retiring ROT data, migrating to the cloud and mitigating risk to noncompliance are seen as major cost savings for an organization.
Security and information governance will continue to dominate conversations and secure headlines. Both trends demand that organizations re-evaluate how they collect, manage and protect data. In understanding and securing answers to these data-related questions, organizations are better able to mitigate unwanted risk, as well as the financial burden associated with those risks. Organizations are equipped to achieve greater efficiency and operational alignment and realize cost savings by understanding its data, protecting its data and being proactive in its management.