Iron Mountain Study Unveils Internal Power Struggle to Leverage Data Archives for Business and Compliance Purposes
A recent study shows that key departments within organisations, namely Legal, Compliance, IT and Lines of Business, have fundamental differences in how they manage, leverage and value these data archives. This is according to the results of the study, “Mining for Insight: Re-Discovering the Data Archive,” an IDC white paper, sponsored by Iron Mountain (NYSE: IRM).
On one side, 70 per cent of IT and Lines of Business respondents stated they see data archives as a potential revenue driver. As a result, these groups are strong advocates for unfettered access to archives to ensure they are providing business leaders with all of the necessary information to achieve success.
On the other side, Legal and Compliance prioritise security and risk mitigation over ease and speed of access, with only 38 per cent of respondents indicating that data archives can enhance revenue. Instead, these groups primarily leverage data archives to maintain regulatory and eDiscovery compliance, respond to audit and legal case requests and substantiate legal positions.
The two camps are equally divided on who has primary responsibility for managing data archives. Legal and Compliance are much more likely to see themselves as responsible for several key aspects of data archiving, including determining what to archive (45 per cent), ensuring data archives are secured (39 per cent), identifying needs (37 per cent) and making the business case for technology investments (31 per cent) while IT and Lines of Business disagree and aren’t likely to consider Legal and Compliance a key player in any of those decisions.
Even more concerning, each group perceives the effectiveness of their organisation’s overall data management process differently, based on their unique needs. Nearly three quarters of Lines of Business respondents say they receive archived data in formats that are convenient for immediate use, compared with only half of Legal and Compliance respondents.
Not surprisingly, Legal and Compliance expressed frustration with IT’s performance across a range of archiving metrics, most notably including their ability to effectively determine what to archive with Legal and Compliance giving IT a dismally low 20 per cent satisfaction rating. According to Legal and Compliance respondents, IT also fared poorly in other key areas, including managing data archive technology (41 per cent satisfaction rating); defining data archiving solutions (42 per cent satisfaction rating) and on-demand access to data archives (49 satisfaction rating).
“Underscoring the importance for addressing this detrimental disconnect head on is the fact that more than a third of companies polled reported $1 million or more in additional revenue during the past year from monetising their archives,” said Eileen Sweeney, senior vice president and general manager, data management, Iron Mountain. “With significant bottom line implications, it’s time for CTOs, CIOs and the entire C-suite to actively balance the competing objectives between Legal and Compliance and IT and Lines of Business to effectively manage their data archive once and for all.”
To help each side work with the other more effectively, the white paper recommends organisations implement the following best practices :
- Appoint a Chief Data Officer to oversee and derive value from the data archive, while working closely with the Chief Operating, Chief Technology and Chief Information Officers to set long-term business and data strategies.
- Create a cross-functional committee that includes representatives from IT, Lines of Business, Legal and Compliance to ensure effective and efficient data archive management processes that address key concerns around access, protection and business needs.
- Educate both parties on the unique needs and pain points of each group to reach a common ground. Take a common data archive request, like eDiscovery for a legal inquiry, and show each side the various steps and associated business demands.
- Deploy secure data archive technology like tape, restoration assurance and secure cloud storage to effectively meet the demands of both IT/Lines of Business and Legal/Compliance. IT can strive to make data as secure as possible from the beginning to avoid conflict and proactively address concerns.
- Consider working with a third party vendor with specific expertise to help relieve the data archiving burden, while providing Legal and Compliance with the repeatable and defensible access they need to mitigate risk, while also freeing up internal IT resources to focus on more strategic and innovative work.
[su_box title=”About Iron Mountain” style=”noise” box_color=”#0e0d0d”]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.