Lurking in every data center is an unseen enemy: dark data. This unstructured data causes surging storage costs and exposes organizations to a variety of risks.
Win the fight against dark data by developing an information governance program. This plan identifies what dark data exists, how different departments manage data, and when it can be archived and destroyed.
Let’s review the steps organizations must take to create an information governance framework, and learn how organizations can successfully execute it.
Shine a light on dark data
The first step toward a workable information governance is gaining visibility into your data through an assessment. By nature, dark data’s value isn’t defined. Organizations must determine what data has business value and what data is redundant, obsolete, or trivial.
A dark data assessment and file analysis delve deeper into an organization’s unstructured data; Gartner estimates that by 2020, one fifth of all organizations will utilize a file analysis tool to visualize their unstructured data environment, up from less than 2 percent today. These sweeps use metadata as the basis for sophisticated analytics that automatically categorize and classify data.
To fight dark data, team up
This assessment and file analysis put the information governance framework in place, but more work needs to be completed: Organizations must determine how to apply new insights into real strategy and planning. Coordination between many departments and teams across the organization — IT, information security, records management, HR, and legal – will lock down all of the regulatory and compliance requirements that must be adhered to.
These requirements will be unique to your organization. Health care entities must prioritize HIPAA compliance while a payment processor will focus on PCI standards; all organizations should keep personally identifiable information off file shares. But organizations must determine what data will be retained and for how long. It’s important for an organization’s different departments and teams to collaborate and lay out their requirements.
Planning out retention periods and storage locations for data is imperative, but developing a defensible disposition program is just as important. A defensible disposition plan spells out the process of disposing unneeded or valueless data that will stand up in court as reasonable and consistent. Organizations can protect themselves by formally defining when and what types of data can be defensibly deleted.
Execute the plan in five steps
An information governance plan demands action. Organizations can springboard the plan into place through five actions: protect, archive, delete, automate, and socialize.
- Protect frequently accessed, business-critical data by regularly backing up information to the proper tier of storage targets. This backup data needs to be retained for the appropriate length of time as defined in the plan, and should be replicated to off-site storage for disaster recovery. Having a high availability and replication solution ensures the most important data is always accessible.
- Archiving is the appropriate course of action for data that needs to be preserved for compliance, but may not be accessed frequently. Archiving moves data from production sources to secondary storage, according to governance policies. This process helps free up valuable storage space while maintaining regulatory data that can be seamlessly retrieved.
- Once data reaches its predefined end-of-life, it should be deleted. Follow the previously established defensible disposition policy when determining whether data can be deleted. Dark data that has been identified as redundant (such as duplicate files) or trivial (such as MP3s on company file shares) should be deleted immediately. This regular pruning will further relieve storage space while reducing risk.
- Automating these processes is the key to a workable information governance strategy. A good file analysis solution will not only categorize data, but also tie into an archiving solution. Set policies can analyze dark data and automatically archive or delete this data if it meets specific criteria. This automation makes maintaining every aspect of the plan feasible.
- Socialize these processes and procedures to make your strategy a success. In other words, policies should be unambiguous, well defined, and easy to locate across all departments. An information governance playbook, complete with standardized procedures and reports, can act as a blueprint for how each team should execute its respective responsibilities.
Take control of dark data
The next time a records request comes in from the legal department, you can easily produce the requested information or point to clearly defined policies that detail how the information was destroyed. By analyzing unstructured data and developing an information governance strategy, your organization will have an excellent handle on its information while being fully secure and compliant.
Start developing an information governance program and contact your SHI account executive to learn more about conducting a dark data assessment.