Thinking about data in terms of its "life" isn't a complicated idea, but it's a powerful one. Acknowledging that information lives, grows and dies can help a company focus its security and business continuity efforts in the right places. And that's an increasingly important task, given the bumper crops of information that businesses produce every day.
To help, we've developed a botanist's guide of sorts to the life of data - from germination to the compost heap, bonfire or fossil record - with the help of Jay White, global information protection architect at Chevron. We hope that the parallels between the information lifecycle and the plant lifecycle will play some small part in putting the need for information protection into context at your company. Because data, as you know, has a life all of its own.
Someone gets an idea; something happens.
Data starts to grow. It can sprout either in a structured place, such as an ERP system - the orderly English gardens of the information ecosystem - or in the wily and unstructured jungles of e-mail, instant messaging, word processing and spreadsheet software.
STEMS AND ROOTS
Information takes on its defining characteristics. Consider three main criteria for identifying its genus and species:
How important is the information? Is it a small edging plant, or an oak tree that keeps down air-conditioning expenses and houses birds? Would losing it affect anyone's health and safety, the environment, the company's finances or corporate reputation? All the information on your corporate systems can be ranked. (Well, there might be a few weeds.)
- • Low
- • Moderate
- • Significant
- • Mission-critical
How carefully must the information be tended? Can it grow anywhere, or is it fussy about moisture or prone to infestation? Governments often have official and elaborate hierarchies for classifying information, but corporations may break things down more simply.
Public information - Information that's meant to be readily available, such as press releases or recommendations on how to purchase goods and services.
Business information - This might include daily transactions, training materials, policy manuals and telephone directories - anything that isn't meant for the public but that doesn't need special protection, either.
Confidential information - The bulk of information that needs to be protected, such as large financial transactions, regulatory actions, employee evaluations, unpublished market research or internal audit reports.
Classified information - Reserved for the most sensitive information, which requires more time-consuming and expensive protection. It might include personnel information (with salaries), corporate-level strategic plans, passwords, trade secrets, and information about mergers and acquisitions.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.