IIIS: Data governance, risk and compliance
- 03 August, 2011 10:37
Data governance, risk and compliance (GRC) should be viewed by IT managers as a business asset rather than something for the law firm to deal with, according to an IDC US senior analyst.
Speaking at the Implementing Information Infrastructure Symposium (IIIS) in Sydney this week, IDC US vice-president of storage and Big Data, Benjamin Woo, said that IT managers and CIOs need to understand the GRC — not because they want to be lawyers or paper pushers but because every day they are enabling an organisation to do its work.
"GRC is not about keeping data, but how we enable the data that we keep, and the information that we generate, and how we use that in corporations," Woo said.
"How does the data that I keep impact my business? And that's not something that we always think about as IT people."
He cited IDC US statistics from 2009 that showed 800 exabytes of data was generated globally. However, this did not include stored data.
"In 10 years we are going to grow that data amount 44 times to 35 zettabytes by 2020 and almost 50 per cent of new data generated will be in the Cloud within 10 years, which means someone else is going to be touching your information along the way," Woo said.
"This is not about a scare tactic and frightening you into buying security products. The good thing is that only 30 per cent of the data generated is in corporations but there will still be 10 zettabytes to take care of and it will mean a huge impact on the world."
He also said delegates should think of GRC as not something that has to be "beaten into your organisation", but as a business process.
According to Woo, when IT staff think about GRC they think about cost mitigation and how to avoid being sued.
"If you understand how to take the risk out of your environment and how to follow the compliance rules, you can than use Big Data technologies to create situations in which you are proactively mining your data and discovering your data for profit and revenue opportunities," he said.
"That's the key point where organisations turn from understanding that they become record keepers to be taking the data and saying they have digital assets."
Woo drew attention to a website called Qurora which is a crowdsourced collection of questions and answers.
According to Woo, the principles of Qurora made up points which would help IT staff understand GRC
- Quality of data.
- Accessibility/availability of the data.
- Deleting data.
- Asset ownership in the Cloud.
Woo highlighted a major issue with data in the Cloud which IT managers needed to remember, that of data erasure.
"Many Cloud providers don't actually delete data when you ask them to. There are backup copies," he said.
The IIIS is co-hosted by Storage Networking Industry Association A/NZ and Computerworld Australia.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU