Cybersecurity is a concern for every organization, and that concern only continues to grow. In 2016, 4.2 billion records were stolen in a reported 4,149 reported data breaches. Keep in mind, this is just the reported breaches.

The Ponemon Institute, an authority on this subject, conducted a survey that found that while breaches have a severe financial cost, they also carry a significant damage to a company’s reputation. In fact, 60% of the executives surveyed were primarily concerned with negative brand impact.

So, now what? How can an organization address their cybersecurity weak points without spending a fortune or locking down so tightly that it negatively affects productivity?

The Answer is Information Governance

For those of you familiar with our blog, this should come as no surprise, but cybersecurity issues can be vastly improved with a solid information governance program. IG allows the company to address data vulnerabilities at every level.

[Not sure about your IG readiness? CLICK HERE to download our IG Assessment Guide]

An Information Governance program will improve the security, reliability, integrity and accessibility of your data. This can be used as a competitive advantage in the marketplace and will ensure the aforementioned brand reputation. Clients must be able to trust you with their data before they trust you with their money.

Let’s use the above screenshot from our IG Assessment Guide as an example. We need a thorough understanding of WHAT records are created, WHY they are created and HOW they are used. An analysis begins with a careful consideration of the following questions:

• Where are the records located?
• How long do records remain current?
• Who uses and has access to the records?
• Who creates the records?

There are not necessarily set answers to these questions. Effective analysis requires that a common-sense approach be taken. The goal is to make a new system that works, not one that just looks good on paper. Analysis is the process of reviewing all information which has been collected, manipulating that information within the functional and operational requirements of the business, and then drawing conclusions.

Consider In-Place Information Governance

In-Place Information Governance is when the records do not physically move to be managed; the content remains it its original location, but the solution is managing the retention policies and overall File Plan for the content.

Not all solutions are architected to use in-place records management. Many solutions utilize the concept of moving the content so it can be managed. Although this may be desirable in some situations, if you move the content you have to consider your security and workflow, and how the users will find the content once it is moved.

In the example of SharePoint, the Records Management features of SharePoint do enable you to manage records in-place (starting with SharePoint 2010), but unfortunately, many of the other records management features in SharePoint are very weak or non-existent. But that is a topic for a different post. Before SharePoint 2010, you had to move the document to a Records Center for it to be managed.

There are situations in which you might want to transfer your records to another location, but you don’t want that to be a requirement to manage them. For example, the lifecycle of a particular type of record might be to transfer the records to a different storage location as the first phase of the lifecycle and then when the retention period has expired, perform the actual disposition of the records. That is a valid use case, and your solution should accommodate for this. But you don’t want that to be a requirement.

There are many advantages of In-Place Information Governance. Here are five reasons to consider this functionality:

1. Your users can still find their documents in the same place. The users will still search and view the documents the same way; they don’t have to go to a different location or use a different interface to find the documents.
2. Security does not have to be replicated. The security that you created for your documents is still applicable since the documents will not be moved. The originating business system is still responsible for the document and controlling the security. You don’t want to have to re-create a security plan inside your Records Management solution. It should be noted that the solution should absolutely have the ability to lock down a record (e.g. make it immutable), but it should be able to do that without moving the record.
3. Centralized policies. This may not be a standard feature for all solutions with In-Place Records Management, but it should be. Your policies should be managed in a central location by a single web interface. This is especially relevant if you have disparate systems. Your Records Managers should have a single File Plan to manage, and that File Plan should be managed from a single interface.
4. Your workflow does not have to change. Since the content hasn’t moved, your workflow processes do not have to be updated to incorporate a new location for the documents. Updating workflows can become an arduous task if you have extensive workflows. If your documents are being moved, you also need to consider if your existing workflow solution can interface with the new repository.
5. One solution for all disparate systems. Many large organizations have a variety of repositories in which their data is stored. If you are forced to move your content to a centralized repository, this can be an overwhelming task and may take many years to complete in a large organization. In contrast, if your data can remain in-place, then the solution can be implemented faster because it doesn’t have to move the data and it will just need to know the location of the data.

Potential Roadblocks

Information governance programs are not without their hiccups. Below is an infographic that lays out some common roadblocks that you need to proactively avoid.

Conclusion

While IT is charged with protecting the organization from outside threats and securing your networks, it is your job as an information governance professional to make sure the internal processes are effective. Solid and compliant information governance programs will be the cornerstone to continued cybersecurity as the threats and consequences of data breaches increase.

Originally published at blog.recordlion.com.