Dark Governance Rises: Maturing Beyond an Operational Data Governance Model

Over the course of the last year or so, the buzz-phrase “dark data” has entered the common lexicon of data management, information management, technology and business analytics circles. When I first heard the term my mind conjured up the image of the bat-cave wired with the technical capabilities to track Gotham City’s super villains. Armed with my rapacious curiosity I set out on a deliberate quest to study the shadowed periphery of the information landscape.

This four part blog series shall examine the emergent phenomenon known as “dark data” with the objective of evaluating and contextualizing the trend’s influence on information management practice discipline.

PART 3: DARK GOVERNANCE RISES – MATURING BEYOND AN OPERATIONAL DATA GOVERNANCE MODEL

The reality of big data – is that prioritization is key since the data landscape is growing at an exponential rate. We can’t boil the ocean as much as many would like to. As such, enterprise governance and risk management strategies are not only valuable in standardizing operational data management practices and monitor for risk, benefits realization, performance and compliance… but also can assist in rationalizing existing data management processes prioritized within larger enterprise data, business, compliance and technology views. Interestingly, a recent article published in CIO magazine echoes these sentiments while providing an overview of enterprise risk considerations as it relates to the prevalence of unstructured dark data.

Unfortunately, the most common data governance framework that is adopted by organizations is often reactive and/or point-solution-based reinforcing a lack of data management practice maturity. The results of this piecemeal and operationally-driven approach for data governance may include:

(i) operational data management service delivery issues prioritized in a vacuum;
(ii) the emergence of a fractured data ownership (and decision-making) model;
(iii) inconsistent procedural practices across data stores;
(iv) lack of enforceability or alignment with broader organizational data management policies or procedures;
(v) siloed and/or fractured data management decision-making that may fail to consider downstream/upstream process impacts;
(vi) a lack of oversight into broader legal, compliance or governance risks impacting data management practices;
(vii) minimal detective/predictive controls implemented to support proactive governance capabilities;
(viii) increased emphasis on governing performance and process as opposed to risk; and
(ix) a lack of measurable and demonstrated value of the governance function.

In a nutshell, a data management program that seeks to implement governance only at the operational data management layer will undoubtedly find difficulty in unlocking the value and/or manage the risk of dark data in a consistent fashion unless it matures to include an enterprise governance function.

Stay Tuned for Part 4 of our Series…
The Bane of Dark Data’s Existence – the Governance of Supplier Management Risk.

Posted in Governance, Information Management | Leave a comment

Cybersecurity at hearth!

Since about 3 years, cybercrime is expanding and every organisations can be a target, from the smallest to the biggest.

It is always better to prevent than cure so every organization should develop and implement plans and procedures to prevent and respond to any cyber threats.

The U.S. Department of Justice recently developed and published their Best Practices for Victim Response and Reporting of Cyber Incidents (PDF). If your organization is not prepared yet against cyber incidents, this is a good starting point.

If you need any help to develop or implement your cyber prevention and response plan or if you are victim of a cyber incident, KPMG’s Cyber Security team of professionals can help you.

Posted in Cyber Security, Cybercrime, Information Security, Information Technology, IT Security | Leave a comment

BC to Preserve and Protect

The BC government is looking to pass a legislation that will allow for electronic documents to serve as official archived provincial records (sweet!). The new legislation will replace the Document Disposal Act established in 1936 (wow, they had Information Management in 1936). Today most records are “born digital” and can be easily saved and centrally stored (when’s the last time you created a spreadsheet using a pencil and ruler…actually when’s the last time you used a pencil…haha…ok, what’s a ruler).

By digitally archiving and storing records, users can easily access public information with a click of a mouse and at all hours of the night (24/7 baby!). Public archives serve as the corporate memory of the province’s activities, people and institutions (pop quiz#1 – which Beverly Hills 90210 actor is from BC and had a donut named after him). One of the biggest reasons why the province is moving towards digital records is cost. It is more cost-effective to manage electronic records than traditional paper copies (tax payers will be dancing in the streets).

This is exciting news for several reasons:

1) Users will have superior access to information. Gone are the days of flicking though stacks of dusty paper and file (no more paper cuts) or travelling to multiple locations to locate information (one stop shopping).
2) By electronically storing records this will ensure future generations will be able to access historical content (pop quiz#2 – Which BC City hosted the 2010 Olympics…hint, the city rhymes with Uber)
3) Opportunity to gather advanced metrics and usage statistics. Using web tools to find out what people are looking at and how often items are being viewed will provide valuable insight into trends and patterns (analytics is the new kale?).

BC is taking a big step forward to preserve and protect its past. Will other provinces follow (looks like Quebec and Saskatchewan are not far behind)?

Posted in Uncategorized | Comments Off

Data Analytics: A Competitive Advantage

Business that can effectively leverage data and analytics to manage the risks it faces will be rewarded by seeing the future more clearly, making better decisions and ultimately being more successful than those companies that cannot. A new report from KPMG looks at how companies are planning to use D&A initiatives to help them improve performance.

Driving performance while managing risk: Embedding data and analytics in the business model

Posted in Uncategorized | Comments Off

Activating the Bat Signal – Shining a Light on Enterprise Information Governance

Over the course of the last year or so, the buzz-phrase “dark data” has entered the common lexicon of data management, information management, technology and business analytics circles.  When I first heard the term my mind conjured up the image of the bat-cave wired with the technical capabilities to track Gotham City’s super villains.  Armed with my rapacious curiosity I set out on a deliberate quest to study the shadowed periphery of the information landscape.

This four part blog series shall examine the emergent phenomenon known as “dark data” with the objective of evaluating and contextualizing the trend’s influence on information management practice discipline.

PART 2: ACTIVATING THE BAT SIGNAL – SHINING A LIGHT ON ENTERPRISE INFORMATION GOVERNANCE

Enterprise data governance and information risk management are only now emerging as disciplines of practice supporting many organization’s big data and associated content management strategies.  In 2013 the IDC reported that over 90% of big data is in fact dark data.  Correspondingly, a significant factor that may be contributing to this staggering estimate is the correlation between exponential data growth and the effectiveness (or even prevalence) of governance controls needed to manage its lifecycle, reliability and usability.  With an emphasis on governing the container, absent the content, an organization’s data has run the risk of becoming stale, inaccessible, unmanaged, un-owned or even un-mapped as a result.  Technology infrastructure and storage costs continue to increase as a result of this exponential data grown absent the ability to unlock value from the data contained therein. Bottom line – technology alone is not a solution to the dark data dilemma. One only has to look at the voluminous amounts of un-inventoried/indexed system backup tapes that continue to accumulate for many organizations as an example of the persistence of dark data absent a unified information governance strategy and the implementation of effective information risk management controls.

Stay Tuned for Part 3 of our Series…
Dark Governance Rises – Maturing Beyond an Operational Data Governance Model.

Posted in Governance, Information Management | Comments Off

Information Governance Joins the Dark Side

Over the course of the last year or so, the buzz-phrase “dark data” has entered the common lexicon of data management, information management, technology and business analytics circles.  When I first heard the term my mind conjured up the image of the bat-cave wired with the technical capabilities to track Gotham City’s super villains.  Armed with my rapacious curiosity I set out on a deliberate quest to study the shadowed periphery of the information landscape.

This four part blog series shall examine the emergent phenomenon known as “dark data” with the objective of evaluating and contextualizing the trend’s influence on information management practice discipline.

PART 1: PEERING BEHIND THE MASK – LOOKING BEYOND THE HYPE TO DEFINE DARK DATA

My comic book daydreams aside… there is still no common definition of what constitutes dark data amongst those who seek to use it.  For example, Gartner positions dark data as “information assets that are collected, processed and stored” over the regular course of business and in turn fail to be leveraged for their value to support additional business purposes (such as analytics, direct monetization or business relationships).  The Gartner definition goes further to expressly articulate that many organizations retain dark data only for compliance purposes incurring additional operational expense and risk as opposed to business value.  Accordingly, Gartner’s definition seemingly pits compliance and legal risk against operational risk… vanquishing the potential for a balanced risk-based approach to data management for any organization.

On the other hand, I would define dark data as information that an organization is unable to efficiently identify, process and/or utilize but know that it exists based on the effect this data type has on its other information-based assets. Archivists, librarians and records managers alike are well acquainted with this reality… knowing that a large volume of an organization’s information assets have traditionally been paper-based and stored offsite with little ability in the present to extrapolate analytics from the collection besides this initial indexing action.   Records managers know that these offsite records are there … somewhere… and work through the implementation of organizational strategies to minimize the information asset risks associated with what they commonly call “orphaned” or even “unmanaged” record collections.  This traditional information management model has learned there is an important difference between the information an organization can’t see versus the information that hasn’t yet been discovered.  Accordingly, these same patterns of practice should be considered within the framework of the digital age as many organizations begin to map out and implement their big data management strategies.

Stay Tuned for Part 2 of our Series…
Activating the Bat Signal – Shining a Light on Enterprise Information Governance.

 

 

Posted in Governance, Information Management | Comments Off

E-mail stronger than ever!

Every year IM and IT specialists release their predictions for the upcoming year. John Mancini, President of AIIM, was one of them. One of his prediction caught our eye: the renaissance of the email. As many of you already know, the death of the email has been forecasted for at least the last 3 years.

With the evolution of technology we can now better tame the overflow of email. To learn more about some of these new capabilities, AIIM has published a report presenting tools to help manage emails through Outlook and SharePoint. AIIM will also be presenting a free webinar on January 28th on this topic.

Posted in Governance, Information Management, Technology | Tagged , , , | Comments Off

Have you heard of the new bookbook?

Have you heard about the all new bookbook?

No? I’m sure you did. Published more than 200 million times around the World, its the all new 2015 IKEA Catalogue… presented with a technological and humoristic twist!

A fun way to mock technology through this always highly anticipated catalog.

Posted in Technology | Tagged , | Comments Off

EDRM Diagram: increased focus on Information Governance

EDRM.net recently published the third version of its Electronic Discovery Reference Model (EDRM) diagram. This version emphasizes what was previously called ”information management” by changing its name for “Information Governance” and by leveraging the importance of a good information governance all along the EDRM process.

EDRM.net is also the creator of the Information Governance Reference Model. The link between the two models is now clearer than ever.

Posted in E-Discovery, EDRM, Governance, Information Management | Tagged , , | Comments Off

Action required: Heartbleed vulnerability

What is Heartbleed?

Heartbleed is a vulnerability within OpenSSL; a popular software product used by many websites and network devices to provide secure connections. The vulnerability exists due to a logic error within the OpenSSL code. This flaw allows criminals to access parts of a web server’s memory that may contain sensitive information

How serious is this problem?

Very serious. The Heartbleed defect could expose information such as usernames and passwords, credit card information and other sensitive information that would be sent by the user to the website, network device or mail servers. Web technologies are present in devices that are not web servers meaning you may have more at-risk technology than is immediately obvious. There is some indication that certain web browsers may be affected although specifics are not yet known.

How KPMG can help

KPMG’s member firms have designed and implemented Cyber Security capabilities in some of the world’s largest corporations and assisted clients in handling complexsecurity breaches. This insight provides our teams with a unique viewpoint on the building blocks for detecting and defending against cyber criminals. KPMG can assist in addressing the Heartbleed issue by:

  • Assessing systems and networks for the presence of the vulnerability
  • Performing forensic analysis of affected systems and supporting networks to identify indicators of abuse
  • Analyzing the risk associated with compromised systems

 

For more information on Heartbleed, including a quick decision tree, on our related services and on whom to contact across Canada, please consult our Heartbleed Slipsheet.

Posted in Cyber Security, Information Security | Tagged , | Comments Off