As data volumes increase and information is generated by more and more sources, organisations have a pressing need to gain better control of their data, particularly data housed on-site and in hybrid or cloud-based solutions, says Chris Hathaway, director at Soarsoft International.

This has become increasingly important in light of the fact that a plethora of imminent laws and legislation that require this control. One such example is the Protection of Personal Information (POPI) Act, which was approved by the President in November 2013 and is due to come into effect during the course of 2014. In addition, the King III report also provides recommendations for ensuring information privacy, which all listed companies are compelled to comply with.

In order to gain the necessary control of data to comply with POPI and other legislation, it is vital to first build insight into the existing information an organisation is already storing. Only then can this data be effectively managed. Given the number of data sources in a typical organisation, both structured and unstructured, and the added complexity of cloud-based data sources, effective data governance and control cannot be an ‘after the fact’ process.
Organisations need to focus on governing the information where it exists, at its source and within the applications that the data resides, in order to not only comply but also to enable effective analytics to provide the information that people require to do their jobs.

Unstructured data has become a large proportion of the information that exists within many organisations today, and is received from a variety of sources. This includes emails and exchange servers such as Microsoft Exchange, public folders, file sharing systems like SharePoint, and even cloud-based solutions such as Office 365, Box, Dropbox and Onedrive.

Information governance requires that rules, such as security, business and legal rules, be applied to organisational data, including unstructured information, which is often more prolific and difficult to manage compared to data within structured financial systems.

Good corporate governance requires process and policy around the management and defensible deletion of information, which needs to be demonstrated to prove that information is not just randomly removed, deleted or lost.

The impending POPI Act will require organisations to process and store personal information in a manner that is fair, secure and responsible. The onus is on organisations to prove that this has been done, at the risk of penalties for non-compliance.

The King III report also emphasises the protection of personal information, specifically stating that “The board should ensure that there are systems in place for the management of information, which should include information security, information management and information privacy”, wherever the data may exist.

Policies and processes need to be applied for good corporate governance, as well as to prepare for the enactment of POPI and comply with other existing legislation. However, manually applying and enforcing rules across multiple data sources is not only inefficient, but impractical given the need for an available audit trail and the volumes of data generated by the majority of organisations and their users.

Unless the rules can be automated into the infrastructure with precision, ever-increasing data volumes that remain uncontrolled will eventually overwhelm an organisation, leaving them unable to prove compliance or manage their risks.

However, while new Information Governance tools are available to assist with this process, they are simply an enabler to action policies – the policies themselves are the foundation. Using an appropriate solution from an experienced service provider partner will enable organisations to better manage and govern their unstructured data for improved insight and data governance.

Advanced technology now allows organisations to maintain a catalogue of all of their unstructured content, while leaving the data itself in place within the applications they reside in, negating the need to move or copy vast quantities of data to archives or similar dated solutions.

This catalogue can then be used to provide a unified view of all unstructured data within the organisation, and allow for rules to be automatically applied. This will ensure business and security policies are put into place at the data source for more effective management and governance.

Imposing information governance controls on data at its source not only allows for the simplified automation of policies, but also enables organisations to maintain insight over the vast volumes of data without the need for complex infrastructure and expensive processing and storage.

Action can be taken using alerts, in-place holds, defensible deletion, eDiscovery and export of specific information. This can then be implemented around the necessary security and compliance elements with a full audit trail. In addition, full-text indexes and regular expressions (like Credit Card and ID numbers) enable keyword searching, which simplifies eDiscovery, since precise data sets can be easily identified within vast data volumes.

With new regulations such as POPI due to come into effect, and recommendations such as King III, data governance is more important than ever. In today’s information-driven world, where unstructured data is becoming increasingly prevalent, governing data at its source is a necessity to avoid over-complexity and unnecessary costs, especially when cloud and hybrid solutions are in use or on the roadmap as they are today for most organisations.

This requires constant insight into the information within an enterprise, as well as awareness of what information exists across a variety of unstructured data sources. By governing data at its source organisations can gain enhanced visibility as well as the ability to impose targeted controls with speed and precision, enabling them to always keep ahead of changing compliance regulations and laws while also controlling the associated costs to achieve this.