How do records and information management professionals do it?
Based on the two events that I attended recently, each from quite opposite ends of the spectrum, I feel quite sympathetic towards information management and records professionals today.
I attended ARMA 2016 in San Antonio, TX, an annual event with 100 vendors and 2,000 delegates, and subsequently attended a quarterly meeting of the IRMS Public Sector group in London, an event with 50 attendees.
The biggest learning I took from the combination of these two events was how difficult the job is for people in this area due to information volume. Firstly, and perhaps most obviously, these professionals face the challenge of having huge volumes of information to manage. Secondly, many of the companies offering technology solutions in this space are communicating large volumes of indistinct information, leaving professionals with the task of distinguishing the relevant from the noise.
For these professionals, data protection, privacy, and security are the huge topics du jour which occupy people’s minds. GDPR and Privacy Shield are significant contributors to this, mainly in the form of requiring well-defined and robust information governance, but there are also ever-increasing concerns over the general vulnerability of important information.
In the world of unstructured data, the most basic and pressing requirement is to figure out what high-risk data is sitting where, and what to do about it. Business critical data needs to be secured through access controls and brought under governance in terms of retention and lifecycle management. Sensitive data most likely needs to be either locked down further, or simply deleted. For sensitive information in the structured data world, there are other actions that might need to be performed such as anonymization, but these are less likely to be required of unstructured data.
This is a relatively simplistic breakdown in terms of required action, and obviously has paid no regard to the ever-growing volumes of information in scope, never mind the complexities of mapping out the storage locations to address, how to identify business critical data, how to identify sensitive data and what actions are required where.
From the scale of the ARMA event, it was clear that there are plenty of vendors in this space. But it was also clear that they have huge overlaps between their value propositions, and broadly consistent messaging. Many of them can contribute to addressing the problems above, to varying different levels.
Before evaluating a vendor, companies need to perform a thorough self-diagnosis and evaluation of needs. Whether doing a once-off cleanup (the minimal approach) or designing a cleanup task that feeds into a governance strategy, organizations need to make decisions around the three different dimensions of an information management framework: data sources/locations, analysis type and processing depth. The type of tool or technique then depends on the necessary level of action on any of the dimensions.
A lightweight strategy does not require significant depth in terms of any dimension, and therefore a single source tool with basic analysis and processing will give the best return on investment. However, if multiple data sources are in scope, (e.g., email and file systems) then the project will need a stronger, more complex tool. And if more strategic processing depth is needed, i.e., a holistic approach that covers everything from full data cleanup to remediation and ongoing governance, then the technology choices becomes different as a select few vendors cover the full gamut.
While it’s tempting to first go the vendor route, and listen to all the capabilities of the available solutions, it’s important to find the right strategy for your organization first. Vendors are happy to tell you what they can do for you, but determining your strategy first will not only help you wade through the massive amount of solution information, but help you pick the right one in the end.
It’s a classic scenario where a little effort in preparation will pay out a large return in total cost and pain, while achieving the end result that is right for the particular organization.