Downturn Risks Demand Data Governance - and Now Is the Time to Act

Downturns disrupt the operation of organisations and lead to the wastage of information assets in the downsizing process. Organisations need to protect their most valuable assets when times are hard, so they are better prepared for the upturn. These are some of the key conclusions to be drawn in a new report by global advisory and consulting firm Ovum.

Titled Data Governance in a Downturn, and authored by analysts Graham Titterington and Mike Davis, the report examines the risks and the opportunities and practical steps an enterprise should take to address them.

Data governance costs money and in a downturn, there is a pressure to reduce it. According to Ovum's Mike Davis this is a mistake. "The long term cost of chaos is always greater than the cost of establishing order", says Davis. "Data governance policies should be reviewed, and if necessary bolstered now. They will not be effective if introduced as a panic measure in the middle of a downsizing process. People need to know in advance what they have to do, and how they should do it."

Data governance is an important part of risk management

The increased risk associated with the downturn comes mainly from internal factors, although external relationships can also be impacted by the loss of records of agreements and transactions, and by any deterioration in services for customers and partners.

"There is both a moral and a legal obligation to take care of information held by the organisation that belongs to others", says co-author Graham Titterington. "Loss or leakage of information may cause a violation of legal or regulatory compliance that may have consequences beyond the immediate penalty imposed on the organisation."

The risk of a process failure or a malicious act increases in a downturn

Policies are required to protect the organisation. For example there is the question of whether a redundant employee should leave immediately or complete their current tasks. Each case should be considered on its merits, for there is no "right" answer that covers all cases. Most employees have information that exists only in their head and it is a challenge to retain this information in the organisation.

When they do leave there should be a thorough "de-provisioning" process from access to corporate resources. Information on their PC and mobile devices should be brought back into corporate servers. Devices should be thoroughly "cleaned" before being re-assigned or disposed of. This process is more complicated if the device is the personal property of the employee. An ongoing legal agreement for the employee to return, delete and desist from using corporate information assets is likely to be the best protection that the organisation can achieve.

Even greater risks relate to the disposal of redundant servers and storage media. "A downturn causes rapid changes in the way in which an organisation operates, and there is a danger of the infrastructure developing in an unplanned way. Uncontrolled development leads to higher long term costs and endangers information integrity", says Titterington.

Contracts with external service providers may also be terminated as part of this rationalisation. "It is important to ensure that all information is returned to the organisation and secured", says Mike Davis.

Think positively - Now is the time to review data governance

An economic downturn can be seen as both a threat and an opportunity for data governance in businesses - a threat due to the potential loss of the information assets of the organisation if it rationalises staff and locations, an opportunity to focus on those assets, to secure and consolidate them and be better prepared for the recovery.

Davis concludes: "Addressing risk and being able to grasp the opportunity requires an information management strategy that values data governance. Considerable business value can be gained by identifying what information the organisation possesses, and where it can be found. Operational efficiency can be improved by bringing distributed information into the data centre, along with standardising information processes".

write your comments about the article :: 2009 Computing News :: home page