Time has sure flown by. I can’t believe that it has been two months since my last post. I guess that is bound to happen sometimes. For me, blogging is like exercise. When I get in the groove it is easy but when I stop for a week, I seem to just get into a new groove. OK – on to the topic at hand.
I want to close (finally) on what I believe is the biggest information-centric IT trend for 2008 and that is Information Compliance.
It is actually quite amazing that this market has taken so long to develop but I think I understand the reason. IT really evolved in very much a bi-polar way. By that, I mean that we had IT come together from two endpoint positions. On one side we grew IT around big corporate systems running OLTP, ERP and such. Typically, these systems are managed in a way that both contemplate and address Information security and protection. While not always perfect, these systems hold information that everyone understand was important, so the systems we designed with Information Compliance in mind.
Over this same period, we started to work and collaborate and do business in whole new ways. Email, chat, the use of the web and other such capabilities moved from interesting tools to business critical systems. The issue, of course, was that most of these applications never contemplated the fact that they would manage such critical information.
Take a simple example of sending an email to a broker to buy or sell some stock. That is, by most legal definitions, a binding contract. It is also private and confidential. Communications like this are booming simply because it is so efficient and simple. Take an industry like healthcare. Imagine the efficiencies that we could bring to the system if people could communicate more easily with their doctors.
In fact, companies have realized, often in abrupt matter that Information Compliance represents both a risk and an opportunity. On the risk side, all of those emails, IM’s, and file shares represent a potential risk if confidential information is lost or if the information is not managed properly. On the flip side, as we develop more robust ways to protect and secure information, companies and individuals will be able to leverage more of the latest technologies for business critical and confidential needs.
Information Compliance, by my definition, is an umbrella term that entails that we need to be able to secure protect information both “at rest” and “in motion.” We also must be able to track and audit information and understand the “history.” We must be able to insure both the authenticity and privacy of information. We must be able to control the “rights” that we want to give to individuals relative to a pice of information. We must have business rules and retention policies that insure that we have retained all of the necessary information. Finally, we must be able to “discover” information that may exist are hundreds of applications, many thousands of people, and many billions of objects pertaining to a particular topics.
As a whole, this is what information compliance is all about.
For many companies, putting more information compliance capabilities in place will be simply about reducing risk. Over time, this capability will let us do more with our information. We will be able to share it in more secure ways and interact with more efficiency and less bureaucracy.