IT disaster recovery, cloud computing and information security news

Daisy

Value vs. vulnerability: the business dilemma of information on the move

Sue Trombley, managing director of thought leadership at Iron Mountain, looks at whether organizations are getting the balance right between protecting and utilizing information.

The information created and processed by a business, whether about products, operations, customers or financial performance, can play a vital role in commercial success and even survival. And while every business keeps different types of information, some unique and some typical of its industry sector, it is widely believed that exploiting data sets to inform business decision-making can deliver measurable competitive advantage. You would expect businesses, therefore, to be making the most of emerging technologies and deploying resources suitably to exploit their information to its fullest. The truth is that, in most cases, they are not.

In a recent study undertaken with PwC we set out to explore how mid-sized (from 250 to 2500 employees) and enterprise-level organisations (more than 2,500 employees) in Europe and North America approach the task of harnessing information value. The research uncovered an interesting discrepancy. Many businesses (64 percent) believe they are already getting the most from their information. Yet, a closer look at how the businesses are managing their information reveals that the majority (76 percent) are not extracting full value because they lack the culture, skills and tools they need to do so.

It seems that a majority of business leaders exhibit a false confidence when it comes to the ability of their businesses to manage information for value.

More than two in three businesses (69 percent) believe they know how information flows through the business and where it is most valuable; and 76 percent say the same about knowing where it is most vulnerable. Yet when asked how they determine either of these, few were able to give a clear answer and most didn’t answer at all.

Historically, information management focused on mitigating the threats to information, with most attention given to getting the security right and remaining compliant with regulatory requirements governing privacy and records retention. This would help explain why the number of companies that said they could pinpoint vulnerability is slightly higher than those that understand where it delivers greatest value. It also explains why many companies are finding it hard to adjust to the new information dynamic. Exploiting information for value will create a tension between the need to keep information secure while sharing it with those employees best placed to use it for business insight and advantage.

The triumph of caution is seen elsewhere in the study. For example, the results reveal that 73 percent of those surveyed are confident that valuable information can be accessed easily by all those who need it. However, the research also tells us that just 50 percent of senior managers in Europe and North America are allowed access to such information. In some instances, of course, this is absolutely the right thing to do: no business would want to provide anything but highly restricted access to records that contain personally identifiable information or intellectual property, for example. However, when such restrictions do not apply then access should be granted to the data if it is deemed useful, or measures taken to ‘de-identify’ personal information before sharing.

Companies that allow their IT department access to the most valuable information are more likely to grant such access to a number of other functions, including research and development (27 percent), finance (35 percent), records and information management (27 percent) and marketing (26 percent). However, these numbers also mean that two-thirds of R&D and finance departments and three-quarters of records management and marketing don’t have free access, despite the importance of high-value company insight to areas such as customer engagement and innovation.

This suggests that IT’s traditional role in protecting information could be leading it to restrict data flow through fear of risk or a data breach, and this represents a significant obstacle to deriving the full value from information. Businesses need to create an information strategy up front with the decisions made on who should have access to what information and for what purpose. IT can then play a role as a strategic partner and enabler rather than act as a gate keeper.

IT is not the only potential barrier; in a study conducted with IDC earlier this year we found that legal departments represent a similar and possibly even greater obstacle. Legal and compliance departments were found to prioritize security and risk mitigation over ease and speed of access, with a mere third (38 percent) believing that data archives can enhance revenue. Moreover, just under half felt that they should be responsible for several key aspects of data archiving – with IT and other business functions disagreeing with them on all counts.

In other words, exploiting information for competitive advantage is not as simple as it seems. Entrenched attitudes, inter-departmental silos, a lack of mutual understanding around information needs and the continuing dominance of security concerns can lead to information being caught behind barriers or even locked down. This has far-reaching impact on a company’s ability to make the most of its information.

It is well known that information is at greater risk while in motion than when it is at rest. But that is no excuse to put it to sleep. The C-suite has a major role to play in breaking down unnecessary barriers, while keeping the information secure. It needs to ensure that important decisions about information access and protection are made by all those affected, and that responsibilities are allocated to reflect the needs of a knowledge-enabled business. Our study shows that currently just four percent of companies get it right; we need to work together to multiply that by 25.

A summary of the report, Seizing the information advantage: How organisations can unlock value and insight from the information they hold, can be found at www.ironmountain.co.uk/pwc.

To see the full results of the IDC research, please visit: www.ironmountain.com/DataRedefined



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.