SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Automated information governance. Driving value, security and compliance
Thu, 22nd Dec 2022

Modern organisations are flooded with data but the flood of information can become overwhelming, putting at risk the ability to harness its value. Content services solutions are able to mitigate the risk of inundation, and help an organisation maintain better control of information.

The difference between deriving value from information comes from governance. Set up the right governance framework and an organisation can maximise and leverage its information for key business applications and keep it compliant and secure. Iif the framework isn’t there, though, then the result can be chaos, security risk and the potential for regulatory or legal breaches.

A first step in information governance is to understand the lifecycle of business information. The relevance of information varies through its lifecycle -- from its creation to living in a database or content repository, to being ready for analysis, to its eventual deletion or end of its useful life.

Automation tools set to well defined business rules take much of the pain out of governance and minimise errors. Automating governance can set rules around the ‘end of lifing’ of these documents as they go through an automated expiration process managed by established rules -- including who is allowed to access them.

The term ‘paper trail’ also has a digital application, as data doesn’t only exist as a series of numbers. Much of it resides in documents which, while they may be in html or pdf form, are ultimately digital equivalents of paper.

Metadata created around these documents will comprise information on who created it, where it is stored, and who has accessed it and when they did so.

A key business goal is to maximise the value of information and make it easily accessible to the right people in the organisation at the right time.

This requires the streamlining of information flows and integration with core business applications. Information can be wasted if it resides in silos, and value is most often found when it is used in business applications to drive operations or deliver insights. 

Integrating information with applications also contributes to an improved user experience. Users are more likely to work with and find value in applications where information is readily available and easily manipulated.

Managing security and compliance risk is the second critical goal of information management.

Get this right and the business will hardly notice because issues of security and compliance are less likely to emerge as problems to manage. Getting it wrong, however, can mean legal and regulatory penalties and security vulnerabilities which puts both the organisation and its stakeholders at risk.

Privacy issues have come to the fore in Australia through a series of recent high-profile data breaches. Organisations have an obligation to keep customer and third-party data safe, while some Australian organisations also need to comply with Europe’s General Data Protection Regulation (GDPR) regime which outlines how personal data can be used and accessed.

Australian legislators are significantly increasing penalties for organisations who breach the Privacy Act and negligently allow data to be hacked, but beyond that the safe guardianship of customer data is critical to an organisation’s brand promise to its stakeholders. 

Automation software is also increasingly being used in best practice systems for managing information security and compliance, and the right governance framework will automate other aspects of data management such as retention and destruction.

An advanced content services platform provides a holistic view of an organisation’s data, which not only helps ensure better governance but also streamlines workflows. There are many factors within such a platform that help automate data governance, such as end-of-life rules, accessibility and auditing via meta data.

Automating governance builds the foundation for an effective framework which meets the challenge of information management, enabling the organisation to find value in its information while also keeping it safe and compliant.