The 10 Biggest Threats to your Information (caused by yourself, the CEO)

Dieser Artikel enthält die wichtigsten Argumente, wieso Information Governance wichtig ist, bzw. was passiert, wenn sich eine Unternehmensführung nicht darum kümmert (in E).

1.    Give away Data to Siren Servers

What’s a siren server? Pls read Jaron Lanier’s „Who own’s the Future“. This is a must read for everybody who thinks their business model isn’t endangered by Google & co.

Google and other big servers try to get your data. This isn’t a big threat to individuals, but a serious one for organizations.

People who think this endangers only eCommerce providers are wrong. If information represents value, value can be shared. If somebody controls the data for 3D printing, the whole replacement part business will die, not because of the ability to print the part, but because somebody loaded this data onto a siren server. This is the same development or fate, which the music industry went through. There are more examples in Jaron’s book. If you are willing to give away your data for free, your or someone’s business model is going to collapse.

2.    Don’t know where Data is stored

Of course the argument about the Siren servers can be copied here. However, this its mostly an internal issue, although becoming an external threat as well. By sourcing to the cloud, you are loosing control over your data. And for a big organization, this is a nightmare, because vital information is spread all over the planet and cannot be found anymore. In addition, most cloud services enforce rules which allow them to control your data. Even if you have a 100page contract, your data is gone. This piece of paper (sic..) will not bring it back.

In addition, the „stovepipe“ problem (all data in isolated silos or stovepipes) isn’t reduced but will increase massively. This is an old IT Governance topic (see Threat #3).

You think you have an SAP shop and there is no danger to you? Don’t be sure, because tools like Dropbox, Box or Sharepoint will happy to hold lots of your valuable data. Your employees  will do this if you don’t set up a good control system (see Threat #8).

3.    Don’t know the Quality of Data (IT)

Information or better, data quality, depends on many factors. Traditionally, it will start with controlling your IT if you are an old fashioned business. However, in the time of outsourcing and the cloud, the control aspects shift from controlling your IT to controlling information.

Today, IT Governance is still a very important discipline, which is almost as much neglected as Information Governance. Although backed by a large profession and a strong organization (IT Auditors, ISACA), controlling the IT apparatus is a very challenging task. Management still relies on the reports of the big audit companies which systematically underestimate the value of IT. The old audit profession has more professionals coming from the accounting profession than experts from IT. Result: The IT Audit budget is still much much smaller than the financial audit budget. Financial Auditors still rely on garbage data which has been produced by uncontrolled systems or cheap service providers with corresponding results.

So most information and data we base our decisions upon, are just junk.

4.    Don’t define Metadata

Metadata will stay, because data about data will be required to organize information chaos. To define metadata and taxonomies require a lot of effort and time, but are worth the investment.

Automatic indexing and similar methods will support you building metadata and finding it. But the basic structures will have to be built. Taxonomies are about organizing your business and thus your information. Taxonomies help to understand your business and help you defining the right rules. You don’t need retention lists if you start a business, but you need to understand which data, knowledge and value are kept in your organization.

They are also an excellent means to discuss the importance of information and how data should be treated. The Information or data repository (in the economical sense) helps you designing your business processes. M & A and other transactions will be much easier. Because you will understand and know which value the information signifies you’re dealing with.

5.    Approach Information Governance Top Down

Yes, I am a consultant and consultants like to work Top Down because it is so logical.. wrong: Live has been swarmed from the swamps and invaded our world  from the oceans (Creationists pls ignore this part). There was no top down strategy to build it. The same is true for 95% of all start up organizations or companies. They don’t grow from the top. The best business plan doesn’t work if the basic idea isn’t strong enough and provides sufficient results.

So why should we try to implement such an abstract topic as „Information Governance“ or „Information Management“ from the top if even the brightest minds in our organization don’t understand the meaning of it? After many years in the consulting business, we know that this approach doesn’t work in 99 out of a 100 cases. So, go and start from the bottom, implement that social media channel or archiving solution and work your way up. Identify those “red flag” topics which will have an impact on the organization. From then on, you will involve the upper levels automatically, up to the board to define Governance rules and structures for all group companies.

6.    Ignore Information as a Production Factor

Information is a production factor. Most managers will sign this statement, but next day they will go back to work and ignore the problems people have with knowledge sharing, finding information and the like. Managers will have to show that information is crucial to the success of the organization. If members of the board are using tablet computers but the company enforces a policy which bans such devices, nobody will care about keeping these rules. Or, even worse, if members of the board will be using a cheap cloud application for board communication, this will send an unambiguous signal to their employees all over the world to select any cloud app that might fit their needs.

The value of information: Yes, you don’t know it (most of the times). There are only rare occasions where the value of information can be calculated. However, it will be crucial that you understand that any strategic initiative you will undertake has an information component.

7.    Ignore Data Privacy

Yes the Siren servers are a reality, but they are also threatened by issues which are not under their control (not yet). Data privacy or better personal privacy is an important issue which is currently neglected by most users and companies. However, the right to privacy is a constitutional right which is one of the pillars of modern democracy. Only totalitarian regimes (or the NSA) are in control of your private information. If organizations are  building business models using „free“ personal data, this might become a big problem. Sooner or later, the value of personal data will rise. This is a market and the Siren servers will try to control personal data, e.g. your business model will rely on data which is not under your control.

If governments will put more pressure on Siren servers (and this will happen), your business advantage might disappear from one moment to the other. Best example: Swiss banking secrecy, billions were kept illegally because a law which was used to protect refugees was misused to protect the money sent in to Swiss bank accounts by dictators from all over the world.

8.    Don’t involve the User

Yes the industry has capitulated from the user. “Customerization” dominates the discussion. People (mainly ECM vendors) try to convince customers that the „0 click“ solution will work and people must not be involved as part of the information classification function. This is NONSENSE. Why? Instead of explaining why this doesn’t work, let me give you an example. If the the self driving car makes the way to a street near you (and it won’t take many years from now), most people will be commuting to work with the aid of the „artificial driver“. But during weekends, a significant number still loves to hit the road without the electronic assistant. So do you think these people won’t need to know the rules? Surely not, because if the want to keep a very small amount of freedom, they will have to know how to follow the rules. The same is true of information management and information security. You need to follow a minimal standard, otherwise you will be replaced by a robot. Because robots don’t make mistakes.

If people are free to decide what they do with your company data, you can fire your management. Because if people don’t have to follow rules, they won’t need to be managed. The self-organizing company hasn’t been invented yet (and will never work, because 80% of all employees want to be guided and are unhappy if they aren’t).

9.    Put all your money into Data Security

Data security is the field which has attracted billions of dollars in the last 20 years. Most of it has been wasted. It was thrown at useless technology and exaggerated standards which didn’t deliver any proof that the risk situation was improved. Instead of monitoring the threats and set up an adequate organization, useless technology was bought, mostly sold by vendors which sold preventive products.

Companies should have focused on information valuation, focusing security initiatives on valuable information only. This was even written on most security standards. But, this approach is to clumsy, top down and was bound to fail (see Threat # 5). Instead, tons of expensive medicine were thrown at minor or irrelevant symptoms. What’s the reason for this behavior? Simple, if you don’t know the diagnosis you take some broadband medicaments. Or as my grandfather used to say: „With medicine, your flu will be over in 7 days, without .. in a week.“ (and the pharma industry prefers the first solution).

So rethink your security strategy, cut the budget by half and spend this money on Information Governance. The biggest threat to your information doesn’t come from outside. It is still you, supporting business cases which deliver your data to Siren servers (Threat #1).

10.Treat Information as a Technology issue

Everybody understands that information is valuable. Information can be stored in different forms, the most obvious storage place being your brain. However, many decision makers treat informations as it would be sold in tins or as Spam (oh yes..).

But Information Management is a traditional business, It has been done by businesses long before IT was invented – and it will still exist by the time nobody remembers the meaning of „IT“. Information must be treated as one of your most vital production factors. It is important to keep it to yourself unless there is a business case in giving it away. Data means power, if handed out, it’s gone.

Verbinden wir uns!

Oh, hallo 👋
Schön, Sie zu treffen!

Mein Newsletter mit aktuellen Sicherheitsfragen und Themen rund um die Datenstrategie. Bitte melden Sie sich hier an.

Wir senden keinen Spam! Erfahre mehr in unserer Datenschutzerklärung.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert