It used to be straightforward for organizations to understand what happened with their data. Data was stored on servers within the company's physical boundaries and access to this data was controlled by IT staff. Bob, Bill and Jane all worked from a single location and they only needed a PC with a LAN connection to other resources. Because organizations controlled the devices and the network, it was relatively simple to also control the data.
Today the corporate environment looks much different: Bob has a new MacBook Air and works remotely, Bill just got a new iPhone, and Jane has a strange new device which she calls a phablet. It is more difficult for corporations to not only control their data, but to also understand how that data is handled. Yet there is the same need to protect corporate data and to ensure that any compliance requirements are met. How can we do this when IT no longer controls the devices or the network?
Just as in the past, we do this by building and maintaining a data of record repository - a single, authoritative source of all data from PCs, laptops, tablets, and smartphones. This means that wherever corporate data is created or accessed, it is still within the reach of IT. Once IT has visibility into this data, it can then protect and govern it.
Creating this endpoint data of record begins with a strong remote backup program. This makes it possible for an organization to maintain a copy of all its data. By ensuring that all endpoint data is securely backed up, administrators are able to build additional protection into their data management practices. Tools such as remote wipe can be used to delete information off of a missing device without the risk of losing the only copy of critical information. Employees can get back to work more quickly on new devices, without lost productivity due to missing files.
This single authoritative repository makes it possible for IT staff to better govern data. Only by understanding where data is and how it is used can they assess current practices and determine if there is a need for new or different policies. Activity streams provide usage information that can be used to demonstrate compliance with internal policies and external regulations. Because there is an authoritative source for all endpoint data, it also is straightforward to provide information if required for e-Discovery purposes or other legal purposes.
Ultimately, the corporate environment has changed, but the responsibility of IT to manage corporate data remains the same. Data may no longer only live within the walls of a company's datacenter, but with visibility into that data we can protect and govern it as if it does.