“Data on the edge” gives me a mental picture of stressed-out data. That’s my juvenile sense of humor talking, but stress is a common state of affairs for the IT pros who manage that data.
Even when you narrow down remote management to governance alone, IT is still faced with a hard task and major consequences for failure. This risk applies across the board, not just for highly regulated industries like financial, healthcare, manufacturing, or government. For example, your business may not be a financial services firm that must toe the regulatory line. But you may easily be the defendant in a lawsuit, where poor remote data governance will lose you the case.
Before we talk more about governing data at the edge, let’s define a few terms. Corporate governance is a big topic and people will use the same terms to mean different things.
The biggest mistake that people make is believing that security and compliance are the same thing. Being in compliance means complying with security regulations, but the two are different animals. While security protects data from intrusion or destructive mistakes, governance keeps data visible to eDiscovery and compliance processes, and proves data integrity.
Governance is composed of three major elements: data protection, user access control, and safe file sharing.
- Compliance-driven data protection: Backup and restore procedures must be in place for all data, with specific policies for data that is subject to regulation. For example, policies can automate data-specific retention requirements, or track physical locations of data that is subject to privacy laws. In all cases, IT should be able to search for and retrieve data quickly in response to a litigation request or audit.
- Protected user access: Compliant access offers different levels of data access to approved users and roles/groups. One group may not be able to access certain data at all. Others may be able to view it, still another to modify or share it, and others to delete it.
- Safe file sharing: It is very common for users to share data between their devices and with each other. However, shared data must be compliant with security and access regulations. IT should automate these procedures and not trust them to end-users, who — believe me — will not see the need to carry out irritating manual procedures.
Governance and Why People Care About It
In order to govern data for compliance and eDiscovery, IT should ideally be able to automate flexible policies, create rules around different compliance requirements, and report activity to prove compliance. IT also need audit trails and activity logs for governance including versioning records for shared editing. And it has to be able to do these things without adding a lot of overhead and complexity for IT or impacting user productivity.
Let’s look at some of the specifics to look for when governing data on the edge.
- System-wide policies: Endpoint data may be subject to restrictions around IP, financial data, privacy protection, and more; yet device-level data is hard to manage for visibility and control. Customizable global policies give IT the control and visibility they need across multiple devices including eDiscovery readiness, data protection and retention, and compliant security.
- Controlled access: User access control primarily protects against internal mistakes and intrusion. (A recent Ponemon Institute survey reported that 69% of companies with serious data security breaches blamed malicious employee actions and non-malicious employee error.) Controlled user access has strong benefits for the corporate network, and is crucial for governing remote data. (Hint: Slapping an “Everyone” group on each user may be common practice but is a terrible idea.)
- Efficient search for eDiscovery and audits: Searching for relevant data across hundreds to thousands of devices is a recipe for litigation disaster. Centralizing remote data for effective search is a huge step forward. A best practice for centralized data storage is true federated search across the centralized store. A repository makes not just searching, but collection, legal hold, and preservation vastly easier.
- Monitor, analyze, report: Governing remote data includes proving compliance and preserving chain of custody. This requires the ability to monitor and report on a variety of regulated activities including user access, administrator activities, policies, devices, data movement, data modification and retention, file sharing, and encryption. Ideally the same tool will also offer analytics for system improvement as well as compliance reporting.
Endpoint data needs to be governed in the same way as centrally stored data, especially as corporate data moves to endpoints in big quantities. With today’s huge numbers of remote devices, it is not possible to effectively govern data on a per-device level. Only holistic endpoint management enables IT to effectively govern growing data on the edge.