Lost in Plain Sight: Business Information

Although business processes—and the information passed back and forth among those processes—are considered absolutely vital to the business, information technology has tended to be application-centric. As a result, business applications are typically designed for initial information creation and first use; they are not designed for the control and use of the information during its entire lifecycle. Often, after that first use, information languishes under the control of the creating application, where it cannot be easily accessed or reused by other applications and processes. For example, after an online transaction processing (OLTP) application closes a sales transaction, it has done its job. However, the information on the sales transaction may be combined with other information to craft a sales strategy directed at a particular customer or determine buying patterns that can help in product reordering and inventory management.

That languishing information is typically "fixed content," that is, information that does not change after its creation. Businesses may not be able to easily find and use this type of information, which may comprise up to 80 percent of an organization's information assets. Generally knowing that information is located somewhere within a large pool of data is not the same as being able to extract exactly what is needed. In effect, critical business information may be lost in plain sight.

The cost to the business of not being able to locate this information is two-fold. First, opportunities are lost for creating added business value such as improved customer relations or identifying new market segments. A second potential cost is the increased risk to the business when information is not available when needed such as in case of litigation or to comply with government regulation.

Lost and Found Department: The Role of IT Governance

IT governance is the enterprisewide framework of relationships and processes that govern IT decision-making in IT investment decisions, infrastructure management, client relationships, and all other aspects of the IT function. This framework and the management processes associated with it help the business define and enforce policies that govern the proper location and movement of information throughout its lifecycle. With proper IT governance in place, the business knows which IT assets to deploy in support of what type of information. The IT infrastructure is optimized to efficiently manage, locate, and deliver information when and where it is needed.

But finding lost information is of no use if the business does not know what it needs to do with that information. Information governance sets the structure for dealing with that problem.

Found and Used: The Role of Information Governance

Information governance is the enterprisewide framework that includes the people, processes, and procedures necessary to ensure the preservation, availability, security, confidentiality, and usability of an enterprise's information. An information governance team or committee should be composed of representatives of executive management (who understand the business strategy), the IT organization (who understand the technical IT requirements), the business units (who understand the business requirements), and the legal department (who understand the legal and regulatory requirements).

The ongoing work of the information governance team guides the proper use of all the information owned or controlled by the enterprise. "Proper use" means adhering to the information governance policies regarding accessing, safeguarding, and handling of the information. It also means the mining and analysis of the information to extract added business value in support of the business strategy.

With a well-designed information governance framework in place, the adoption of specific technologies (e.g., e-discovery, content management, security, storage, and active archiving) can proceed according to a concerted plan rather than as a reactive response to the latest stone-in-the-shoe problem. Information that is lost not only needs to be found, but also managed and used. And that requires a formal, enterprisewide information governance initiative.

David Hill is principal of Mesabi Group, a Boston-based industry analyst firm that focuses on storage and storage management-related issues. His book on data protection will be published in 2009.