In the past, the main drivers for data archiving centred on legal and compliance initiatives and business continuity, including eDiscovery, records retention, audits and disaster recovery. But as more companies are looking to take advantage of information in an effort to gain competitive advantage in their markets, data archiving has taken on a new role. However, there are major organisational disconnects related to archive accountability and lines of authority, particularly between IT and the legal and compliance departments that are holding enterprises back from maximising the full value of their archives.
According to a recent IDC survey, the results of which have been published in a white paper sponsored by Iron Mountain*, the underlying reason for the data archiving disconnect very likely stems from a fundamental difference in roles and objectives between IT and Legal. Whereas responsibilities for things like troubleshooting computer and technology issues or approving vendor contracts are clearly defined and don’t have overlap between the two groups, the management and usability of an enterprise’s data archives can pit them against each other. The research showed that although 70 per cent of IT respondents see data archives as enhancing revenue, only 38 per cent of legal and compliance teams agree, which makes sense in light of how each group utilises the archive.
While legal and compliance departments focus on risk mitigation and limiting access to information in the archives, IT departments continue to evolve into a more service-like organisation supporting lines of business (LOB) with their information needs. These contradicting objectives drive a perception wedge between the two groups, creating further disconnect.
Legal and compliance aren’t even on the same page with IT regarding which department has the primary responsibility for archiving. IT is the least likely to see legal and compliance as responsible for archiving, and both are much more likely to see themselves as responsible for many aspects of data archiving, from determining what to archive to ensuring data archives are secured.
IT seems to be blind to legal and compliance frustrations, with more than three quarters of IT respondents rating their internal customer satisfaction with their management of their company’s electronic data archives as high. However, though almost 80 per cent of legal and compliance respondents use archived data, less than half are satisfied with their ability to access this data, and only one in five legal and compliance professionals say they’re satisfied with IT’s performance across data archiving metrics.
These frustrations with electronic archiving from legal and compliance teams are a real problem for organisations. Businesses and IT organisations cannot focus solely on the needs of the business at the risk of ignoring legal departments. For businesses to succeed, they need to put in place tools, procedures and governance that will satisfy both sets of internal constituents’ needs and objectives.
With more than a third of companies reporting $1 million or more in additional revenue during the past year from monetising their archives, and no slowdown in the rapid growth of enterprise data in sight, it has never been more critical that IT and legal find a way to balance their competing objectives for the good of the bottom line, but there are a few concrete steps that businesses can take to address these challenges:
Appoint a Chief Data Officer
A CDO can help oversee the development and implementation of programs to derive value from the data archive, while working closely with the Chief Operating, Chief Technology and Chief Information Officers to set long-term business and data strategies. The CDO would not only make sure that the enterprise’s general counsel and legal teams are appropriately involved and represented, but ensure that all sides are brought to the table, educating everyone on the unique needs and pain points of each group to reach a common ground.
Create a Cross-functional Archiving Committee
Spearheaded by the CDO and including representatives from IT, LOB, Legal and Compliance, an archiving committee would certainly help foster collaboration towards implementing effective and efficient data archive management processes that address key concerns around access, protection and business needs.
Deploy Secure Data Archive Technology
Depending on what is already in place, the committee should explore implementing or updating the enterprise’s data archiving technology with secure, cost-effective solutions such as tape, restoration assurance and secure cloud storage in order to effectively meet the demands of IT, LOB and Legal and Compliance teams. IT can strive to make data as secure as possible from the beginning to avoid conflict and proactively address concerns throughout implementation.
Consider Partnering with a Third Party Vendor
Vendors with specific expertise and technology offerings can help relieve the data archiving burden and provide great value to the CDO and the Archiving Committee. The right vendor will be able to deliver a solution that provides Legal and Compliance with the repeatable and defensible access they need to mitigate risk, while also freeing up internal IT resources to focus on more strategic and innovative work.[su_box title=”Eileen Sweeney, SVP and General Manager, Data Management, at Iron Mountain” style=”noise” box_color=”#336588″]Eileen Sweeney, is a senior vice president and general manager, data management, at Iron Mountain. Iron Mountain Incorporated (NYSE: IRM) is a leading provider of storage and information management solutions. The company’s real estate network of 64 million square feet across more than 1,000 facilities in 36 countries allows it to serve customers around the world. And its solutions for records management, data backup and recovery, document management and secure shredding help organisations to lower storage costs, comply with regulations, recover from disaster, and better use their information for business advantage. Founded in 1951, Iron Mountain stores and protects billions of information assets, including business documents, backup tapes, electronic files and medical data.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.