Being ignorant isn't a valid defense
If you think not knowing where your data is--and what it is--is an excuse, think again. It's out there, and it's gonna get you.
STUPIDITY IS WHEN we don't have a federated, holistic content view into our enterprise data. Intentional ignorance is when we don't know exactly which data has been used by whom for the right or wrong reasons. "We're trying our best, but it's not possible" is the most widely used excuse I hear, but it's a lie.
Let me frame the situation. In the last year, 91% of enterprises had an electronic discovery request. Thirty-three percent of those companies get one or more requests per month. Fifty-four percent of the time, the requests aren't satisfied. So, if NY State Attorney General Eliot Spitzer demands something, he doesn't get it 50% of the time. And when the opposing counsel demands certain data, it's not provided half the time.
The biggest obstacle to providing requested information isn't technology--it's the big cheeses. It's the CEOs who still believe that if they knew what was what, they'd have a lot of explaining to do. They think ignorance is better than knowledge. I think their stoned.
Let's say, hypothetically, that you had a tool that identified every piece of content in your enterprise. It would create a master database index that told you exactly what lives where, who created it, who read it, who changed it and so on. It might even tell you if the content was critical intellectual property and if it was being sent all over by some bonehead VP. But that might not look good for you. That's why you'd rather be blind--you're worried about how you look.
Not long ago, it was OK to say "We can't find the data." Now it costs you lots of money. Regulators aren't idiots and once they learn it's possible to access any type of data, they won't let you off the hook. And that day is coming soon.
The way we stovepipe everything in our world drives me crazy. We have an e-mail archive because Mr. Spitzer says we have to produce e-mails. We have a database archive because our DBA wants faster backups. But neither archive talks to the other. The overwhelming volume of data is unstructured files, and we don't do diddly with that except search keywords. I love the "We deleted it" response to a discovery request. Hate to tell you, but the other guy's lawyers are wise to you and they want the backup tapes. Deleted, my butt--the stuff is on 8 zillion tapes.
If I could, I'd change the way IT operates forever and move it from being all about tactical technologies to being all about the data. First, I'd need to know exactly what I have out there--sort of data resource management. Second, I'd need to find things regardless of content type or location. Third, I'd need to classify data and put enforcement policies on each class. If I could do that, I'd really be able to derive long-term value from my digital assets.
So why hasn't that happened? Because the big cheeses are afraid of what they'll find out. They don't want to know if the VP of HR has sexually explicit stuff on their PC, or that their VP of engineering is sending sensitive data to his brother-in-law in Beijing. I'd like to run a query from one screen to find all the places where intellectual property resides and get an answer--even if it means the IP shows up in Word docs, PowerPoints, e-mails, VoIP messages, on a backup tape, etc. I want a list of every object where "Steve" and "ImClone" are both mentioned. And I'd like to do it proactively so I could manage and avoid risk ... but I guess that's just me.
The new world order is simple. Save everything because it's worth something. Find anything because it's worth more. Embrace the inevitable and ride the wave, or you'll drown in it eventually.