|
|
eWorld
-
Interview
Web Extras
-
Information Technology
Information governance, a Board-level imperative
D. Murali
|
Treat information as an asset as valuable and as capable as money, stresses this expert..
|
"Corporate IT is under a lot of pressure to deliver more with less."
Alok Ohrie
Information management is increasingly evolving into information governance, as an enabler of better corporate governance, finds Alok Ohrie, President-India & SAARC, EMC Data Storage Systems (India) P Ltd, Bangalore (www.emc.com).
"Amid the turmoil of the global economy and questions surrounding the failure of large financial institutions, we are advising our customers' senior leadership not to delay implementing companywide information governance strategies that can help corporations address many preventable risks to sensitive business information," he sombrely observes, during a recent lunch-hour interaction with eWorld.
The continued explosive growth of digital information has made enterprises around the world aware of the need to develop policies designed to protect the valuable and sensitive information of their customers and shareholders, Ohrie explains.
"A developing trend among organisations worldwide is to go beyond simply protecting information, treating it instead as an asset as valuable and as capable as money. In applying this new mindset, organisations see the need to balance tradeoffs between the costs, risks and business value of their information assets."
Information governance demands fundamental shifts in the areas of information growth, security, compliance and management, paving the way for better corporate governance, he elaborates.
"Information governance is not just an IT (information technology) or CIO (chief information officer) issue. It is a Board-level imperative that if implemented enterprise-wide, can help businesses," Ohrie advises.
He tries out a sample of idli milagai podi (`gun-powder') rice with relish, before laying out the information governance recipe, thus: Design and implement formal policies defining how information is stored and shared among employees and stakeholders; address preventable risks to sensitive information; better prepare for new compliance mandates; ensure quality, compliance, and protection of information; and increase business value of information.
Our conversation continues over e-mail.
Excerpts from the interview.
What do you see as the hurdles in the execution of a transformation towards information governance?
One of the key challenges facing organisations today is how to account for all of their information assets. They need to start developing and implementing an `information governance framework'. This will define the policies, responsibilities, and decision-making structures and processes controlling the use of information owned or accessed by companies.
Just as good corporate governance standards encompass all aspects of the business, information governance provides an organisation-wide view of the most important asset, viz. information. Some of the questions that companies should ask are:
What are our organisation-wide policies for handling information?
How do we train employees on the proper methods for handling information?
What processes do we have in place to assess the most pressing risks to sensitive information?
What are the roles and responsibilities regarding information?
How do we balance the need to reduce risk, create value and contain costs when it comes to information? How do we balance the legal and ethical requirements with the business opportunity that information presents?
How do we define what information to keep and what to delete?
Amongst the various challenges that organisations face while implementing a strategy for information governance are the gaining of support of various departmental heads, and the enforcing of governance policies across the business spectrum.
Another daunting challenge is the ability of the organisation to accurately evaluate the costs involved, risks and the return on investment (ROI) incurred while enforcing a system for managing information. Once enforced, gaining the support of employees towards adoption of the information management system remains a cause of concern, as people tend to resist change.
Large enterprises, particularly those with significant exposure to financial markets (for example, telecom, IT/ITES and BFSI), benefit from the costs associated with a reduction in compliance issues and associated legal expenses.
Are CIOs getting a due hearing in boardrooms? Are they successful in demonstrating a case for IT investments?
From the feedback that I receive from the customers, it is becoming evident that the focus on IT investments is increasingly rising in the priority list among the Indian CIOs, and they are also able to make a stronger case for IT infrastructure to the Board/ senior management.
However, what still concerns me is the lack of distinction between IT infrastructure and an overall information-centric strategy among this target group.
Information management, coupled with other aspects such as compliance and security, forms the foundation for information governance, and hence corporate governance, which cannot achieve realisation without a clear information-focussed strategy. The risks involved in the failure of corporate governance have become clear to us in the recent past. It is important that we tie-in these learnings with our approach to make a larger impact.
On the brighter side, as a country we have pioneered when it comes to acceptance of technology, and I am very optimistic about seeing a change. In fact, according to a recent study that we initiated with a third-party across 150 IT CIOs in India, the majority of respondents are firmly convinced that an enterprise-wide information management strategy is critical. They are already seriously thinking on the lines of working on unstructured data and providing access to the right employees.
With a greater pressure on budgets, is IT investment happening in the hosted space, rather than through the traditional capex (capital expenditure) route?
IT budgets are either shrinking or stagnating, while businesses and users are demanding more services. Corporate IT is under a lot of pressure to deliver more with less and this is a key driver for the adoption of hosted or cloud computing in the enterprise.
There are three different types of clouds, from EMC's perspective:
External Cloud, which utilises resources external to the enterprise.
Internal Cloud, which utilises resources internal to the enterprise in a virtualised data centre.
Private Cloud, a hybrid of the external and internal cloud that utilises resources from both the internal and external pools.
While cloud computing offers a lot of benefits such as reduced costs, increased storage, increased automation and reduced administration, there are unresolved issues associated with cloud computing, as for example, security and availability. Businesses are, therefore, reluctant to adopt hosted services for all their IT requirements.
Compliance and regulatory requirements, along with basic business needs with regard to availability and security, are forcing companies to maintain their own IT infrastructure despite the benefits that cloud computing offers.
There are, therefore, two considerations any organisation must factor in, when embarking on a cloud computing strategy:
(1) The service must be cheaper and easier to manage; and
(2) There must be pre-agreed performance guarantees, and guarantees on security and confidentiality of information stored in the cloud.
Service providers such as telecom players have been helping enterprises manage their networks and infrastructure for many years by satisfying these requirements. The question is whether the same can be replicated for the information infrastructure of the enterprise.
The answer is yes, with a private cloud computing strategy. A private cloud blends together the best of both worlds: information and process security requirements, built in a private cloud for normal workloads, along with the flexibility to use resources for peak workloads when necessary; and greater efficiency than the current method of buying and building for peak workloads.
With a private cloud, enterprises have secure control over their critical assets like information and business process, with the advantage of utilising cost-effective services from external providers.
Private clouds will also broaden the appeal for hosted services, from the traditional storage and server infrastructure to user experiences such as the ability to package up a user experience and push it to multiple devices, and manage it all centrally. A private cloud strategy will help users reap the benefits of cloud computing in this age of budget cuts without sacrificing security and availability.
dmurali@thehindu.co.in
Related Stories:
IT: A more vulnerable sector?
Find toxic assets with analytics
More Stories on :
Interview |
Information Technology
Article
E-Mail
::
Comment
::
Syndication
::
Printer Friendly Page
|
|
