cloud content management & governance…a primer l… · • 50tb of merger/acquisition data on...
TRANSCRIPT
Cloud Content Management & Governance…A Primer
San Antonio ARMA Chapter
2Cloud Content Management & Governance…A Primer
John P. Frost, CRM FAISenior Information Governance Specialist for Box
25+ years of Enterprise Content Management (ECM) and Information Governance (IG) experience including informationsecurity and content analytics
Roles Served:
• Corporate Records Manager
• ECM and Governance Technical Consultant
• Governance Technical Seller
• Worldwide Services Practice Lead
• Vice President of Sales and Operations
Certified Records Manager (CRM)
Fellow of ARMA International (FAI)
Customers Served:
• Global corporations
• Foreign governments
• Fortune 500 companies
Agenda /What is Cloud Content Management and Governance?
/Why Govern Cloud Content?
/Case Study 1: Small Cancer Smart Medicine Developer
/Case Study 2: Large Multi-National Bank
/Cloud Deployment Strategies and Best Practices for Governance
/ Summary and Questions
What is Cloud Content Management?
5Cloud Content Management & Governance…A Primer
Cloud Content Management is . . .
/ The combination of centralized, cloud-native content services with advanced security and governance
/ Collaboration across the entire extended enterprise becomes seamless
/ The latest machine learning technologies help you maximize the value of every piece of content
6Cloud Content Management & Governance…A Primer
Cloud Application Types
“We are not focused on building yesterday’s apps faster; we’re focused on building tomorrow’s apps faster.” —Johan den Haan, Mendix
• Cloud-Native• Built for cloud and mobile• Integration needed for most robust feature set• Generally stronger security and performance
• Managed Hosted Service• On-Prem solution that is virtually hosted• Built for On-Prem• Mobility may be limited
7Cloud Content Management & Governance…A Primer
What Information Governance Encompasses
Source: IGInitiative.com
8Cloud Content Management & Governance…A Primer
Operational Risk
Privacy Act (AU)
CobiTGramm-Leach-Bliley
California Consumer Privacy Act (CCPA)
Solvency II (EU)
Freedom of Information
HIPAA/HiTECHAnti-terrorism Act (UK)
US DoD 5015.2
Basel III (EU)PIPEDA
GB/T 35273-2017 (CN)
Tread Act
21 CFR Part 11
OSHA 1910.119
Companies Act (UK)Sarbanes-Oxley
ISO 9000 Quality
New York Cyber Regs
DOMEA (DE)ISO 15801 Legal Admissibility
ISO 17799 Information Security
GDPR (EU)
Audit
Computer Crime Law
MoReq2010 (EU)
AML / KYC
PATRIOT Act
FINRA 2210SEC 17a-4
IG ScopeWith Overlapping IG Drivers
ISO 15489 Records
Dodd-Frank 47 CFR Part 42
Privacy & Security
Geopolitical Specific Regulation
Industry Specific RegulationsGovernance
Risk
ITAR/EAR
Why Cloud Content Management and Governance?
10Presentation title: Go to first Master Slide to edit
“Cloud computing is often far more secure than traditional computing, because companies like Google and Amazon can attract and retain cybersecurity personnel of a higher quality
than many governmental agencies.”
Vivek Kundra, VP at Salesforce and former federal CIO of the United States
11Cloud Content Management & Governance…A Primer
Why legacy content management no longer works…
Employees expect a digital workplace• Agile internal and external team collaboration
• Access to information anytime, anywhere on any device
• Support for work across a best-of-breed cloud stack
Businesses need to evolve in the digital age• Accelerate process across the extended enterprise
• Deliver modern digital experiences for customers
• Automate processes and drive efficiency with AI
Cyber threats and regulations are constantly changing• Protect the flow of content across the extended enterprise
• Shadow IT creating security and compliance gaps
• Address complicated global regulations (e.g., GDPR)
12Cloud Content Management & Governance…A Primer
The wrong mix provides inefficiencies for business
Creation Internal collaboration Publishing GoverningExternal collaborationShare content with
an internal teamShare content with
partners and vendorsPublish to internal and external teams
Retain and govern content
Kick off process
13Cloud Content Management & Governance…A Primer
Cloud is the Viable Option…
• Cost• Infrastructure (hardware, backup, storage, licensing)• Human Investment
• Security• Portability• Long-term growth and maintenance• Scalability• Transparent updates• Leverage location• Acceptance• “App” Culture
14Cloud Content Management & Governance…A Primer
Cloud Usage
15Cloud Content Management & Governance…A Primer
Cloud Initiatives
16Cloud Content Management & Governance…A Primer and Trends in the Industry
Information Lifecycle (or Zone) ModelComposition of information in an organization
50%
15%
35% ROT (Purpose-Served)RecordsWork-in-ProgressOn Hold
1%
• CGOC – 70%
• AIIM – 40%
ROT
17Cloud Content Management & Governance…A Primer
Value of InformationOver its lifecycle
Maximum usage includes:AnalyticsArchivingDisposal
Source: CGOC.com
18Cloud Content Management & Governance…A Primer
Cloud Infrastructure (IaaS)Cloud Content Management and GovernanceAn Architecture
API Foundation (PaaS)
Governance
Security
Insights
ContentMetadata
Workflow
AI
AppsNative Integrations Customizations
19Cloud Content Management & Governance…A Primer
Extend Compliance
20Presentation title: Go to first Master Slide to edit
Case Study 1
Small Cancer Smart Medicine Developer
21Cloud Content Management & Governance…A Primer
Overview of Medical Governance
• Need to have Cloud Content Management solution as a System of Record
• 262,000 files (approximately 800 GB)
• Regulations – GDPR, SOX, 21 CFR Part 11, etc.
• Retention - Disposition
22Cloud Content Management & Governance…A Primer
Solution Drivers
• Secure content needing governance• File shares – Limited standards, unknown amount of data
23Cloud Content Management & Governance…A Primer
Tools of the Solution
• Box• Box Governance
24Cloud Content Management & Governance…A Primer
Lessons Learned
• C-Level approval and support was critical• Governance leads should have training on the content platform as well as the governance
application• Build “playbooks” for tool usage for super users (records coordinators)• Ask vendor if there are existing guide resources that may be shared
25Cloud Content Management & Governance…A Primer
Successes
• Over 400 users with content being governed• 800 GB of content being governed and growing• 80 retention policies deployed• 3 legal holds deployed• 7 security classification policies deployed
26Presentation title: Go to first Master Slide to edit
Case Study 2
Large Multi-National Bank
27Cloud Content Management & Governance…A Primer
Overview of Bank Governance
• Assessment with ARMA Principles
• Governance Policy Updates
• Paper Process
• 2.5 Petabytes of Data
• Structured / Unstructured
• Regulations – GDPR, PCI-DSS, SOX, etc
• Retention - Disposition
*Source: Integro
28Cloud Content Management & Governance…A Primer
Solution Drivers
• Structured vs Unstructured• Google mail – maintain and dispose – how?• Google sites – what needs to be retained and how?• SharePoint – 6 sites, 1 Terabyte• File shares – Limited standards, unknown amount of data• Retired systems – shut off hardware while maintaining data• Active data growth – mitigate slow response from systems
*Source: Integro
29Cloud Content Management & Governance…A Primer
Tools of the Solution
• Cloud-Based on AWS• IBM Atlas Global Retention and Policy Schedule Management• IBM FileNet• IBM Enterprise Records (IER)• IBM StoredIQ• IBM Content Collector for Files & SharePoint (ICC)• IBM Content Classification (ICM)• IBM Content Navigator (ICN)• Navigator for Microsoft Office (NMO)• IBM InfoSphere Optim (Optim)• Estuate ArchLens• On-Premise• IBM Atlas Global Retention and Policy Schedule Management (DB on-prem)
*Source: Integro
30Cloud Content Management & Governance…A Primer
Lessons Learned
• C-Level approval and support was critical• Culture shock is inevitable; sound change management needed• Involve the business and users in the process• People want to do the “right” thing• Kick off meetings for each new department streamlined the process• Naming conventions proved vital• Drop down menus keep metadata consistent as much as possible
*Source: Integro
31Cloud Content Management & Governance…A Primer
Successes
• 50TB of merger/acquisition data on hold (9 years old)
• File Analysis indexed and identified data requested for litigation
• Locate PCI in shared drives
• PCI Certification made easier by using File Analysis to identify and move data to approved storage
• GDPR – anticipated future success with File Analysis
• Google – future phase leveraging Box Governance
*Source: Integro
Cloud Content Management and Governance…Strategies, Best Practices and Payback
33Cloud Content Management & Governance…A Primer
Information Governance Strategy
• Align with Corporate Strategy
• Obtain Executive Support
• DEFINE what your organization will include with Information Governance
• Meet with LOB leaders to explain information governance, why its needed and how it will impact and ALIGN with them; Help paint the “big picture” for governance
• Build policies that are brief, but require minimal review long-term
• Agreement from Compliance, IT, Legal, Records Management, and Security on the policies and requirements necessary for content that is, or will be, stored in cloud content solution
34Cloud Content Management & Governance…A Primer
• Define/Enhance governance (especially retention) strategy and policy before technology deployment
• If possible, Clean and Enrich your content/metadata BEFORE moving to the cloud
• Have a strategy to handle the content and records should your organization cancel the contract with the cloud content provider
Information Governance Strategy
35Cloud Content Management & Governance…A Primer
Best Practices
• Level set on goals and objectives with ALL relevant groups and stakeholders during project kickoff• Consider dividing your organizational applications into Systems of Engagement and Systems of Record;
this will help determine how to apply retention• Retention in cloud systems needs to accommodate record and non-record content• Align on the vision for how the cloud content and governance tool will be used at your organization (i.e.
what business processes and content will be powered by cloud content management)
36Cloud Content Management & Governance…A Primer
Best Practices
• Help stakeholders understand the available functionalities in each solution component and how they can be utilized to address immediate needs/pain points
• Conduct knowledge transfer and training with the users to properly enable them own their solution
• If migrating large volumes into the Cloud Content System, “clean” the content before migration/ingestion into the new system
• Test the solution build in a sandbox environment before production deployment. Even cloud solutions
have sandbox or “Test” environments
• Use simple, big bucket retention; use event-based calculation on critical records
• Destroy information when it meets its required obligation
• Unless government-mandated, do not have destruction approvals
37Cloud Content Management & Governance…A Primer
Working with Cloud Providers
• Accessibility • Data Security • Data Location • Data Segregation • Data Integrity
• Data Ownership• Experience of SaaS Provider• Qualifications of Provider’s Staff • Financial Stability of Provider – Bankruptcy?
38Cloud Content Management & Governance…A Primer
eDiscoveryData Reduction and IT Costs Risk Reduction
Actual Risk/Burden v Target Reduction for Period
Reduction of Discoverable Data Volume
Storage Volume and Cost by Business
ROI/Payback for Information Governance
Employee Efficiency
Better Work PerformanceBy Managing Storage and Over-Retention
39Cloud Content Management & Governance…A Primer
• eDiscovery:
• $18,000 per GB for review and productionº
• Total Storage Volume (GB) X % Estimated Reduction X 1% (Estimated Content on Hold) X $18,000 = Total eDiscovery Savings Potential
• Breach Cost and Reputation Risk:
• Average cost of a data breach is $3.86M*
• # Documents Affected X $141*, OR
• # Customers X $151*
• Storage Costs Reduction:
• $2.5M/per year to store 1 PB plus cost significantly add to run rate
• Storage Cost X Storage Volume X % Estimated Reduction
• Employee Efficiency (Over-Retention)
• 4.5 hours /week spent searching
• 4.5 X # employees = Total Search Time (TST)
• % Efficiency Reduction (5%?) X TST = Total Efficiency Savings (TES)
• TES (hours) X Blended Hourly Employee Rate X 48 (weeks) = Total Employee Efficiency Savings ($)
ROI/PaybackThe Numbers
*. Source: Ponemon Instituteº Source: Rand Institute✤Source: IDC
✤
Cloud Content Management and Governance…Industry Trends
41Cloud Content Management & Governance…A Primer
• Content is rapidly moving to Cloud and Cloud Content Management and Governance platforms; allowing for content to be governed from numerous systems
• eDiscovery is also moving fully to cloud• With the above trends, Cloud Access Security Brokers (CASB) and Data Loss Prevention (DLP) tools are
increasing in deployment and use.• File Analysis is allowing organizations to locate and remove redundant, obsolete and trivial (ROT)
information, locate and protect sensitive information and ensure intelligent data migration• Information Governance and Data Governance programs are merging into Unified Governance
programs
Trends in Information Governance United States
42Cloud Content Management & Governance…A Primer
• Auto-Classification of information is becoming more prevalent, and eDiscovery is using A.I. and analytics for Technology-Assisted Review (TAR)
• Security and protection of information assets is the main focus• Robotics Process Automation (RPA) is gaining ground for repetitive tasks such as metadata assignment
to information• Blockchain is now being looked at and tested for content management and governance. While there is
a lot of hype, we are still a few years away from anything solid being deployed• Internet of Things (IOT) poses a huge information governance challenge around volume of data and
security and privacy of that data• Regulation around data privacy and governance is increasing worldwide; the concern to be addressed is
security and ETHICAL use of data
Trends in Information Governance United States
43Cloud Content Management & Governance…A Primer
In summary . . . / Organizations are moving to cloud at a rapid rate
/ Clean your data before moving to cloud
/ These are two of many organizations successfully governing in the cloud
/ Know your cloud vendor
/ You will govern MORE than just records
/ Simple is the key
/ ROI is out there!
/ The industry is changing…keep up!
John [email protected]
<TRACK NAME>Next session:
Maximizing GDPR and Global Data Protection Compliance1:45 PM RM 2004/2006
On the exhibit floor:
• Visit our demo's of Relay
• Visit IBM on the Exhibit Floor
Visit us online:
• Box.com/Apps