Continuing our series of articles on information security, we dispel some common misconceptions about emerging trends in information governance.
Myth 1: Cloud computing takes care of information governance.
Public cloud services generally offer highly available and secure information services. However, that is where their role in information governance stops.
Many aspects of information governance rest with the service user, especially with private cloud computing. These include managing information lifecycles classification, access, quality, and legal compliance, as shown in Figure 2
Figure 1: Cloud data governance and information lifecycles
Strategic information governance measures specific to cloud computing, including platform and software as a service (PaaS and SaaS), require enterprises to retain full sovereignty, governance, and control over ownership of information and data assets over the long term.
Myth 2: Blockchain solves the problem of record integrity.
While the strength and usefulness of blockchain and Distributed Ledger Technology (DLT) lie in their ability to support traceable and verifiable records across a distributed network, it is a misconception to think that this resolves information integrity and security. These technologies remain largely unregulated and have vulnerabilities.
End users trust their integrity and security even though the ‘business rules’ used to validate transactions are not transparent. Human errors and third-party tampering can still occur outside the blockchain (‘off chain’) and at blockchain ‘end points’ – for example, when a record is generated, accessed, and used. Processes for managing errors, issues, and conflicts may be immature or non-existent.
The model in Figure 3 below illustrates how governance of blockchain records requires a records lifecycle management approach to ensure operational integrity.
Figure 2: Information governance and blockchain records through records lifecycle – Franks (2020)
Myth 3: Big data is too big to govern
Big data is, by definition, made up of large-scale longitudinal and real-time data sets that are used to identify trends, most often using statistical models.
There is a general assumption that granular ‘errors’ or outliers are statistically insignificant and that data collection analysis provides reliable outputs.
While this assumption is reasonable, there is still an important role for information governance in managing big data and its applications in areas such as AI. Big data initiatives require robust information governance to establish the most effective processes and practices for exploiting available data. This includes governance of each stage of the big data lifecycle, from data collection to management, analysis, reporting, and communication.
There are also ethical implications as the level of responsibility and risk associated with big data and AI increases with people-centred applications. When the use of information goes wrong, ethical and human implications have far-reaching consequences. However, the benefits of AI-enabled services can have an equally positive impact through the effective use of information governance to ensure services are delivered effectively and ethically.
Myth 4: Information governance and collaboration do not mix
The idea of collaboration is associated with the concepts of agility, flexibility, and freedom. There is a misconception that governance introduces controls and rules that undermine this flexibility and freedom.
However, information governance, including governance of processes, information, roles, and the collaborative environment, is critical to building effective collaborative capability.
Astral’s approach to governance enhances user experience in the collaboration environment by:
- Maximising collaboration effectiveness through alignment with business priorities and strategy
- Appropriately managing information that is created, used and exchanged without placing limits on user experience
- Ensuring that users are not overwhelmed with uncontrolled proliferation of collaborative channels and documents
- Delivering consistent user experience.
When these approaches are combined, they improve user experience and performance by managing risk and complexity in the collaborative environment.
How do we fix all of this?
There is no one-size-fits-all approach to information governance. For many organisations, an information governance program must address broader needs and be connected to business objectives and how the organisation uses information.
Positioning information governance holistically to drive compliance and deliver business value will vastly increase business acceptance.
Deploying the whole IG program at once in a ‘big bang’ increases the risk of failure by overwhelming the organisation. Introducing these changes progressively with the help of experts such as Astral greatly increases the chances of success.
Figure 3: Key takeaways