Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

IIIS: Data governance, risk and compliance

IDC vice-president of storage/Big Data urges IT managers to see GRC as an asset, not a law issue

Data governance, risk and compliance (GRC) should be viewed by IT managers as a business asset rather than something for the law firm to deal with, according to an IDC US senior analyst.

Speaking at the Implementing Information Infrastructure Symposium (IIIS) in Sydney this week, IDC US vice-president of storage and Big Data, Benjamin Woo, said that IT managers and CIOs need to understand the GRC — not because they want to be lawyers or paper pushers but because every day they are enabling an organisation to do its work.

Read more on the IIIS event

View pictures from IIIS

"GRC is not about keeping data, but how we enable the data that we keep, and the information that we generate, and how we use that in corporations," Woo said.

"How does the data that I keep impact my business? And that's not something that we always think about as IT people." He cited IDC US statistics from 2009 that showed 800 exabytes of data was generated globally. However, this did not include stored data.

"In 10 years we are going to grow that data amount 44 times to 35 zettabytes by 2020 and almost 50 per cent of new data generated will be in the Cloud within 10 years, which means someone else is going to be touching your information along the way," Woo said.

"This is not about a scare tactic and frightening you into buying security products. The good thing is that only 30 per cent of the data generated is in corporations but there will still be 10 zettabytes to take care of and it will mean a huge impact on the world."

He also said delegates should think of GRC as not something that has to be "beaten into your organisation", but as a business process.

According to Woo, when IT staff think about GRC they think about cost mitigation and how to avoid being sued.

"If you understand how to take the risk out of your environment and how to follow the compliance rules, you can than use Big Data technologies to create situations in which you are proactively mining your data and discovering your data for profit and revenue opportunities," he said.

"That's the key point where organisations turn from understanding that they become record keepers to be taking the data and saying they have digital assets."

Woo drew attention to a website called Qurora which is a crowdsourced collection of questions and answers.

According to Woo, the principles of Qurora made up points which would help IT staff understand GRC

These were:

  • Quality of data.

  • Reliability.

  • Accessibility/availability of the data.

  • Deleting data.

  • Asset ownership in the Cloud.

Woo highlighted a major issue with data in the Cloud which IT managers needed to remember, that of data erasure.

"Many Cloud providers don't actually delete data when you ask them to. There are backup copies," he said.

The IIIS is co-hosted by Storage Networking Industry Association A/NZ and Computerworld Australia.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: IDC, Storage Networking Industry Association
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Big Data, IIIS 2011, Implementing Information Infrastructure Symposium (IIIS), storage
Latest Blog Posts
Whitepapers
  • Prepare Your Enterprise for the Mobile Revolution: Boost the Bottom Line with Mobile UC
    This white paper will highlight the changes in the mobile workplace; outline the benefits of unified communications (UC) and Fixed-Mobile Convergence (FMC) for mobile workers; identify the key market trends and business challenges IT managers must pay attention to now and into the future; and offer best practices for choosing a solution that will deliver clear ROI.
    Learn more »
  • Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
    Service-oriented architecture (SOA) has moved beyond hype to widespread acceptance as an IT strategy for delivering business value. SOA promotes the notion of modularity, providing overwhelming flexibility and superior economics for addressing business demands. However, undertaking the transformation to SOA is not without its challenges. If left unchecked, your inventory of SOA assets will become unmanageable; the reuse of services will diminish in favor of custom development; or even worse, modifications will be made to your existing services that break other business processes. The purpose of SOA governance is to help you ensure that this does not happen. This paper outlines the most compelling reasons for you to establish SOA governance within your organization.
    Learn more »
  • Optimizing Data Quality in the Enterprise - How to Tackle Your Bad Information
    Data quality – the measure of data accuracy, completeness, and consistency across a business – has become the core focus of information management efforts among many of today’s organizations. Problems with data quality continue to plague corporations of all types and sizes. In this paper, we will discuss some techniques companies can implement to enhance data quality across the entire enterprise. We will also highlight data quality management solutions, which provide businesses with the ability to effectively and economically enhance the correctness, completeness, and consistency of information in each and every system within their technology infrastructure.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments