It’s certainly been a wild, heated presidential race. Information governance has remained at center stage, ever since President Obama’s successful 2008 rallying cry, “Data We Can Believe In.” And the 2016 candidates have followed suit, with Bernie Sanders’ “What We Need is an Information Revolution,” Hilary Clinton’s “Information for America,” and Jeb Bush’s succinct slogan: “Data!”
But no candidate has tapped into the electorate’s visceral hopes and fears for information governance with more gusto than Donald Trump. As election day nears, it’s time to take a closer look at Mr. Trump’s positions on managing information compliance, cost, risk, and value.
I’m calling for a total and complete shutdown of data entering our computer systems, until our IT representatives can figure out what the hell is going on.
As tempting as an information governance “time-out” may sound, it’s simply not practicable. Data management and legal hold processes must be enhanced without shutting down day-to-day business, and CISOs understand that data security must be applied in real time, without impeding the organization’s ongoing operations. System down-time can be disastrous, as Delta Air Lines experienced with last month’s computer outage, on the heels of earlier shut-downs at Southwest and American.
I’m going to build a great data security perimeter wall. And the hackers are going to pay for it.
Let’s set aside whether hackers will actually pay, and what we’d do with all that bitcoin. Perimeter walls, standing alone, now work about as well as the Maginot Line – they are helpful to a point, but worthless on their own. As Ed Amaroso reminds us, perimeter system walls are porous by design, with data moving through them constantly in our interconnected world, especially with mobile technology and cloud platforms. Today’s strategies for system security are moving on to newer approaches, such as more robust system segmenting, adaptive authentication, and behavioral analytics.
My top generals will have 30 days to submit to the Oval Office a plan for soundly and quickly defeating IS/IT.
Sure, it may be tempting to look askance at groups who speak a foreign language … but really? IS/IT professionals are dedicated problem-solvers, and the usual source of data problems is not the solution built or bought, but instead our limited understanding of what the need was in the first place. If a data management need is not fully understood, the solution requirements will miss the mark, and thus the solution will either fall short or have unexpected consequences. And IS/IT folks cannot read minds. We all need to take the time to think, talk, and listen carefully to the views and needs of all involved stakeholders, so that information challenges and opportunities are thoroughly understood before we act.
We’re going to have a thing called ‘extreme vetting.’ And if people want to bring in data, we’re going to know where it came from and what it is.
Now this makes sense. In our permeable organizations, incoming e-communications and data files should be vigilantly screened. Nothing new here, but as the 2016 Verizon DBIR notes, system vulnerability patching commonly remains a day (often years) late and a dollar short. Also, the relentless rise in phishing demands far greater user education and vigilance of the workforce about social engineering attacks. And we need to remember that data can physically walk in or out, especially at employment onboarding or separation, which may result in such exposures as misappropriation of confidential data and security compromises.
We’re going to make information great again.
Let’s do. In an increasingly complex world, information is an essential business asset. Its value should be maximized, while at the same time compliance, cost, and risk should be managed. We can indeed make information “great again,” and the path involves a more holistic view of information challenges and opportunities – in other words, information governance. The key is having a broad perspective, which requires active engagement of all stakeholders – Legal, Compliance, IT, Records Management, and of course the lines of business. Because when it comes to successfully practicing information governance, to borrow from Mr. Trump’s opponent, we are indeed Stronger Together.