Information Management Keeps Your Business Alive

Information management has always been an important (if overlooked and underfunded) part of running a successful business. And in the last 2 years, with the realization that Information Security requires strong information management to succeed, information management’s star has been rising in conjunction with its ownership by the Chief Information Security Officer (CISO), whose budgets are trending steeply upwards, even in industries (like health care and energy) that are experiencing strong downward cost pressures. But an additional and often overlooked benefit of good information management is its impact on business continuity and disaster recovery (BC/DR)—a function that, while it should be one of the top priorities of any business, is itself often overlooked.

In Doculabs’ recent survey of data management leaders across industries, 33 percent of respondents replied that they had weak to no enforcement of BC/DR policies at their organizations. Given the criticality of ensuring that core business systems and information are safeguarded, this is a shockingly high number. But even when these policies are in place and enforced, poor information management practices can negatively impact (or even completely impair) BC/DR efforts.

Amount of Data

From a BC/DR perspective, a key constraint is the amount of data to backup or recover. The more data, the longer it takes to backup and recover. For backups, longer time means the risk that a backup can’t complete during off hours, and so either the backup (1) won’t be a full reflection of production data or (2) will impact production environments because it needs to run beyond 6 pm to 6 am.

For disaster recovery, the longer time means that the business is offline longer in the aftermath of a storm, power outage, or other disruption. In most large businesses, an hour of lost time on critical systems can be measured in hundreds of thousands, if not millions or tens of millions, of dollars.

Good information management allows an organization to purge data it’s no longer legally required to keep or which is no longer operationally useful. This reduced data footprint leads to shorter backup and recovery times, which means not only greater adherence to service level agreements (SLAs) between IT and the business, but reduced dollar impacts from outages—not to mention customer and pattern good will from being able to get up and running and back to business as usual more quickly.

Nature of the Data

The BC/DR function, like any corporate function, has limited resources: They can’t do everything they need to, but must make decisions on what to do (and, more importantly, what not to do) based on their budget and headcount. The challenge they face at most organizations is that they don’t know what data they have, on what systems, or who owns it. So they have a difficult time allocating their limited resources to gain the most value for their efforts.

Good information management helps by providing a view of where the riskiest data (PHI, PII, PCI, intellectual property) lives, as well as where the lest valuable data lives (junk, stale, orphaned, and abandoned data). This gives BC/DR a better idea of what it needs to protect and where it is. It also identifies that data that has no known owner, so that they can (1) find and owner or (2) assign one.

Having this kind of a data map not only allows BC/DR to manage data more effectively, but also the applications that contain it, because they can roll up the information to see what kind of data each system manages in general. They can then treat some applications (e.g. those that handle sensitive data) with a higher degree of attention than those that don’t. In a corporate environment where BC/DR will never have all the resources it needs, this kind of insight is invaluable.

The Final Word

BC/DR is a complex, specialized domain that requires years of training to do well. But hopefully, this short post has shown you the importance of information management to BC/DR and also given you some ammunition to apply good information management techniques to the process of ensuring that critical business data and the systems it lives in are available when needed.

 

 

Rich Medina
Joe Shepley
I’m VP and Practice Lead, focusing on developing Doculabs’ InfoSec practice and its applications in a wide range of industries.