White Paper

Understanding and Investing in Information Intelligence

By Brian Babineau & Katey Wood

February, 2011

This ESG White Paper was commissioned by StoredIQ and is distributed under license from ESG.
2011, Enterprise Strategy Group, Inc. All Rights Reserved

White Paper: Understanding and Investing in Information Intelligence

Contents
Executive Summary ...................................................................................................................................... 3 The Information Balancing Act ..................................................................................................................... 4
External Influences ................................................................................................................................................... 4 Discerning the Value ................................................................................................................................................. 5 The Real Cost ............................................................................................................................................................ 5

Better Techniques are Required ................................................................................................................... 6

Data Sources Complicate Strategies ......................................................................................................................... 6 Broad Strategies are Ineffective ............................................................................................................................... 6 Precision is Better ..................................................................................................................................................... 6

Information Intelligence: The Missing Ingredient ........................................................................................ 7

How Much Should You (Want to) Know? ................................................................................................................. 7 It is Feasible Today ................................................................................................................................................... 7

Measuring the Business Value Impact.......................................................................................................... 7

Business Leader Beneficiaries................................................................................................................................... 7 Create and Automate New Processes ...................................................................................................................... 8

The Bigger Truth ........................................................................................................................................... 9

All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at (508) 482-0188.

2011, Enterprise Strategy Group, Inc. All Rights Reserved.

White Paper: Understanding and Investing in Information Intelligence

Executive Summary
Many organizations continue to stockpile information, hanging on to it as if it would someday run out. Although this seems like an absurd theory, it sums up a significant portion of information management strategies employed today: save all data forever. Yes, some information is retained as a strategic asset for business intelligence and decision support. Other content is kept for legal, compliance, or corporate governance purposes. But information with extremely low business value is also being hoarded for no real reason. Most information as a business asset discussions tend to focus on structured data sources referencing traditional business applications like data analytics and business intelligence systems. But the rapid explosion of unstructured content (e-mails, blogs, wikis, spreadsheets, web pages, videos, etc.) creates even more opportunities to use information more strategically. The challenge for most is figuring out how to better understand all of the data and then design business processes to extract value. The great news is that most organizations have plenty of unstructured information to begin opportunistically leveraging. However, there are tradeoffs that must be measured against the potential benefits of using this data. Until a few years ago, the biggest downside of having all this information has been IT-related: generating additional expenses for storage, servers, and other resources to maintain it. It still seemed less risky and labor-intensive for many organizations to blindly retain data indefinitely, rather than trying to understand and manage it proactively. The downside has now become much more significant in terms of hard dollar costs, opportunity costs, and risk. Increased electronic discovery and investigations in recent years combined with data growth means higher expenses to retrieve and produce information in response to legal or regulatory requestsas well as the risk of unknown unknowns lurking in those unmanaged terabytes. Compliance requirements for the privacy and security of specialized information dictate stricter security, too, and potential for significant liability for failure to enforce it. As supported by ESGs 2011 IT spending trends research, balancing the opportunities to be gained by using information in existing or new business processes with the cost and risk of keeping it is top of mind. The top five business initiatives (see Figure 1) that will impact IT spending can be directly associated with managing information to achieve the appropriate balance. 1 Figure 1. Top Five Business Initiatives Impacting IT Spending Priorities Over the Next 12-18 Months Which of the following business initiatives do you believe will have the greatest impact on your organizations IT spending decisions over the next 12-18 months? (Percent of respondents, N=611, three responses accepted)
Cost reduction initiatives Business process improvement initiatives Security, risk management initiatives Regulatory compliance Improved business intelligence, realtime information delivery
0% 10% 20%

54% 31% 25% 24% 21%

30% 40% 50% 60%

Source: Enterprise Strategy Group, 2011.

ESG Research Report, 2011 IT Spending Intentions Survey, January 2011.

2011, Enterprise Strategy Group, Inc. All Rights Reserved.

White Paper: Understanding and Investing in Information Intelligence

In order to actually leverage information as an asset while preventing it from becoming a liability, the first step is to figure out whats there. How can one improve records management to address a compliance and legal need if no one knows where all the electronic records are? How can a company design a repeatable privacy audit process if it does not know how to quickly scan data sources to seek out confidential data? After obtaining a deeper understanding of what information exists, the next logical task would be to start managing this information more discretely via policies such as applying a retention policy to business records or moving business records to a centralized system deployed to automate records management. The list of opportunities to improve management is endless when organizations actually know what information they have. New business processes can be designed around specific types of information or existing processes can be augmented to include unstructured data. This paper describes why organizations should strive for better information intelligence strategies and the benefits that can result from more detailed management and augmentation or creation of business processes that include ever-expanding amounts of unstructured information.

The Information Balancing Act

Deciding how to best manage information across an organization is full of conflicting operational objectives:

Improved accessibility vs. enhanced security Long-term retention vs. storage and other related IT infrastructure costs Consistent data expiration/deletion vs. legal risk management

There are several other examples, but it is safe to assume that no information management decision is simple, creating the need to examine both sides of any given equation and take into account variables such as external influences, the perceived and real value of information, and actual management (securing, sharing, integrating, retaining, etc.) costs.

External Influences
Most companies are aware of the stricter influences on information management strategies such a record retention and privacy compliance, electronic discovery procedures, and corporate governance mandates. These factors force or strongly guide how certain data has to be managed. For example, for those companies that capture credit card information, their data is subject to the Payment Card Industry (PCI) Standard. Any organization going through a litigation matter involving Microsoft Office documents, e-mail, and other electronically stored information (ESI) know that preserving relevant data (not allowing deletion or modification) is imperative. Companies have little choice in following these requirements as the penalties can be severe in terms of fines, unfavorable legal outcomes, and irreparable brand damage. Examining the privacy risk and costs, recent estimates suggest the average cost of a data breach in the United States increased by 48% between 2005 and 2009 with the overall cost per breach across the globe exceeding $3.4M in 2009. 2 On the more positive side, companies are increasing technology investments that support information-centric business processes such as knowledge management and workforce collaboration. These efforts are designed to improve expansion into new markets, reduce internal travel expenses, and minimize hiring and training costs. A critical success factor for these business processes is ensuring that all relevant information is located and incorporated into the systems.

http://www.databreaches.net/?p=11421, http://privacylaw.proskauer.com/2010/01/articles/data-breaches/2009-ponemon-institute-costof-a-data-breach-study-released/

2011, Enterprise Strategy Group, Inc. All Rights Reserved.

White Paper: Understanding and Investing in Information Intelligence

Figure 2. 12-18 Month Information Management Investment Plans With regards to specific spending plans for information management solutions, in which of the following areas will your organization make the most significant investments over the next 12-18 months? (Percent of respondents, N=186, three responses accepted
Content management / document management Collaboration platforms and tools (e.g., Microsoft SharePoint, etc.) Data integration solutions (i.e., connecting and merging multiple data sources) Information archive and retrieval Knowledge management solutions Electronic data discovery / litigation support Enterprise search
0% 5%

45% 42% 31% 31% 24% 18% 10%

10% 15% 20% 25% 30% 35% 40% 45% 50%

Source: Enterprise Strategy Group, 2011.

Discerning the Value

Few question that corporate information has valuethis is why most organizations stockpile it. The challenge is being able to figure out what the value is, what constituents (employees, partners, customers, etc.) benefit from having access to that information, and then connecting the data with the people who need it. To date, few companies have actually done this across all corporate information, especially unstructured data that resides in crowded file shares, on PCs, and in overcrowded document management systems, e-mail applications, emerging social media applications, and other locations. The alternative situation comes when a company is actually able to determine if information has no particular value. Some data is kept even if it cannot help the business and is not needed to address compliance, legal, or governance reasons.

The Real Cost

Whether data has meaningful value or not, there is real cost and risk inherent in keeping it. IT departments usually bear the most expense as they have to maintain the applications and supporting infrastructure where data resides. Hopefully, if the information is valuable, IT is regularly backing up the data to mitigate the risk of loss or corruption. Security also has to be addressed when the information is considered confidential or non-public. Security, legal hold, and other mandated management tasks apply no matter if the information is useful to the business or not. The more information that has to be managed, the higher the risk and the cost.

2011, Enterprise Strategy Group, Inc. All Rights Reserved.

White Paper: Understanding and Investing in Information Intelligence

Better Techniques are Required

Data Sources Complicate Strategies
Making information management decisions more difficult is ongoing data growth. This concept may be the most overused in IT discussions and solution rationalization today because every company is experiencing it. ESG fundamentally agrees that new information continues to be generated regularly, but this is usually not the crux of the management issue. The bigger problem lies within the sources of information that are growing the fastest. As briefly referenced, when information is created and stored outside of a structured (database) application, it is very hard to find, never mind manage. Unstructured data sources are the primary catalysts for information growth stressing existing management methodologies. As proof points, a recent ESG research survey indicated that 40% of e-mail users were expecting a 20% or more increase in their e-mail capacity in the next 12 months. A few years ago, SharePoint deployments were growing at an estimated 25% per yearand this is before the data explosion resulting from SharePoint 2010 adoption. 3

Broad Strategies are Ineffective

Data growth, coupled with so many requirements, has driven many companies to broad information management approaches: over-retaining, securing everything, etc. This is done because companies either do not want or do not have the means to understand more about their data to implement more discrete information management strategies. These approaches are inadequate (and, increasingly, unfeasible) because:

Storage capital and operating expenses prevent companies from saving all information forever. Data has different requirements for timely accessibility, particularly for litigation or regulatory requests. Encrypting all possible sensitive and confidential information will significantly hamper access, potentially impact system performance, and dis-incent employees to use more data during the normal course of business. Legal and IT teams do not want to collect, preserve, review, or produce more information than necessary for e-discovery and regulatory requests because of the costs and risks associated. Data subject to preservation for legal proceedings must by law be secured, often beyond normal records management retention and deletion schedules.

Precision is Better
The alternative is policy-based management where management rules such as retention, disposition, storage location, and access permissions are determined by content, its relevancy and value, and potential risk and cost to the company. This is not as far-stretched as it may sound: most companies already have systems and business processes in place to execute some management tasks. As an example, an organization may already have a records management system to assist with compliance or an identity and access management software package to facilitate security across an entire enterprise application portfolio. In these systems, rules are establishedhow long to keep a file generated by a certain department, who has permission to read and modify contracts, etc. The real questions are these: Is all of the information that should be in these systems actually there (and is this regularly verified)? What happens to the data companies do not want to put in these systems despite putting some form of policybased controls in place around it? The missing ingredient is the ability to actually understand content in a comprehensive and unified manner across multiple systems, organizing or categorizing it so it can be managed according to more specific policies and put to the best business utility.
3

Source: ESG Research Report, E-mail Archiving Market Trends, May 2010; ESG Research Report, Microsoft SharePoint Adoption, Market Drivers, & IT Impact, March 2009.

2011, Enterprise Strategy Group, Inc. All Rights Reserved.

White Paper: Understanding and Investing in Information Intelligence

Information Intelligence: The Missing Ingredient

Organizations have piles of mismanaged, unstructured information and plenty of reasons to alter their approaches based on policies that take into account the requirements that impact management strategies. What is left is the ability to glean intelligence from the content to determine what Information Intelligence Basics policies should be applied based on relevance and value as well as potential costs and risk. Without this intelligence, it is very hard to Understand the contents, concepts, and know exactly how to manage certain types of information. properties of files, e-mails, and other unstructured data How Much Should You (Want to) Know?
Determine the relationship between When presented with the opportunity, any company will take this insight and information advantage of knowing more about their information assets management requirements determining when enough intelligence is available should be Develop and enforce discrete, precise based on how an organization wants or needs to manage its data. policies that can take action and If records managers believe that all spreadsheets created by the manage information finance department with the word budget in them are subject to specific retention requirements, then the appropriate pieces of metadata to search across all data sources are file type, file owner/creator, and keywords. Without this information, it would be impossible to locate all of the content that should be managed according to a specific policy.

Taking another perspective, the more intelligence that can actually be gained from content such as related concepts, the greater the potential for more specific policy development and accurate enforcement. This flexibility is ideal for companies facing significant external factors such as frequent electronic discovery events that impact information management policies. As an example, if an organization is asked to preserve any documents related to a real-estate project in New York City, some of the content may have concepts that infer the location (such as The Big Apple). Preserving data based on a keyword of New York City will omit the ones containing The Big Apple, creating a situation where it appears a company is hiding, intentionally or unintentionally, relevant information.

It is Feasible Today
Technology is available to provide much sought after intelligence by scanning sources and building an index of metadata as well as the contents of a file. This index provides the foundation for understanding more about corporate data sources. Rather than querying data sources one by one to see if certain files meet specific policy criteria, a query can be run against the index representing all information originally scanned. Some companies could set up pre-defined queries which are repeated to see if newly indexed content needs to be managed or controlled. The index enables an organization to gather intelligence without centralizing unstructured data sources something that will never be done because too much information is dispersed in different locations. Organizations can begin reporting on information that meets specific criteria, moving the data from its original source to a location where policies can be enforced (such as a secure file server or content management system). Audits can be completed to prove that confidential information has been removed from unsecure locations and data that is not subject to legal or regulatory-related management policies can be expired. If information isnt valuable but does need to be retained for compliance reasons, IT could investigate moving the data to lowest cost storage device to minimize infrastructure costs. All of these actions can be taken against the right data, not all data, because companies have the intelligence to make more precise management decisions.

Measuring the Business Value Impact

Business Leader Beneficiaries
The easiest way to determine the business impact of improving information management with better insight and intelligence is to see how the latter enables business leaders to accelerate the key initiatives outlined in the
2011, Enterprise Strategy Group, Inc. All Rights Reserved.

White Paper: Understanding and Investing in Information Intelligence

executive summary: lower costs and improved business processes focused on improved compliance, security, and risk management. Business leaders also have the opportunity to develop and enhance data analytics, reporting, and decision support functions based on unstructured information. ESG believes that information intelligence allows:

CISOs to institute regular procedures to identify sensitive and confidential information and move to a secure system. Having a more consistent process to locate unstructured data subject to privacy mandates mitigates risk and represents a control process that most companies do not have in place today. Records managers to implement comprehensive retention and disposition strategies across the organization. Most records managers rely on employees to designate certain content as a business record and place it into an existing system for proper management. While this trusted method may work for some business records, it is likely that more vital business content is stored outside the defined system, increasing the risk of non-compliance. Corporate counsel to access organized information in real time, enabling discovery processes to commence immediately after receiving a request. This capability facilitates more timely case strategy development, reduces the amount of data to be reviewed by attorneys, and minimizes the risk of spoliation. All of these directly reduce cost and risk in the discovery process. Knowledge management/business intelligence leaders to bring information to where they can work with it most effectively by moving dispersed content into an existing knowledge management or collaboration platform. CIOs to make more information available to the right people and control storage costs. Identifying dispersed information and bringing it into collaboration and knowledge management platforms improves productivity. Alternatively, if information is not valuable and isnt needed for compliance and legal reasons, it can be deleted to reduce storage as well other IT infrastructure and operating costs.

Create and Automate New Processes

When companies have existing information management systems such as content management applications, information intelligence helps extend these investments by identifying data that belongs with them. However, some emerging business processes do not have formal systems in place to manage data. As an example, there isnt a massive application which defines how attorneys and compliance officers work. Even records managers are struggling to enforce retention for data outside of existing document management systems as copying all the data into these solutions is not always feasible. More functional information intelligence platforms can actually become the means by which legal and compliance departments automate discovery, controls, and reporting processes via the insight these solutions provide. For example, corporate counsel may want to use the platform to set up templates for handling discovery of particular litigation types and data based on cases they are working on; compliance officers may define policies based on types of sensitive data (credit card number, social security or medical record number, home address, etc.). In order for such deployments to be feasible, the platform must:

Connect to all relevant data sources. Business users cannot afford to miss any information. Unidentified content could result in legal consequences, fines, and other damages. Operate at scale. Any delays resulting from scanning, indexing, or categorizing file systems can slow down the audit or discovery processes. Timeliness could mean settling a case faster or satisfying a compliance inquiry within a given deadline. Support in-place data management. Attorneys and compliance officers are likely going to want to manage (i.e., search, preserve, tag, encrypt, etc.) information as they move through their respective business processes from as early a stage as possible. Rather than using disparate tools to do so, some of this could be executed directly from within the information intelligence platform to potentially limit downstream costs for review and production of the data.

2011, Enterprise Strategy Group, Inc. All Rights Reserved.

White Paper: Understanding and Investing in Information Intelligence

Support concept, entity, text pattern, and other sophisticated indexing techniques. This allows for more detailed and accurate information categorization. Compliance officers worried about credit card numbers can set criteria to look for and segregate any files with 16 digits followed by a month and a year numerical valuethe cards full number and expiration date.

Information intelligence is a critical component for companies to shift from broad-based information management strategies to ones based on more precise policies. It can also define an application to support information-intensive processes where polices must be constantly updated based on external requirements. Lastly, companies can create information-centric business processes to help departments currently in need of better ways to optimize and control unstructured data.

The Bigger Truth

Information management should be a discipline in todays enterprise. Those that get it right will benefit by leveraging data to make real-time, well-informed decisions based on structured AND unstructured data while lowering costs and risks associated with legal, compliance, and IT infrastructure operational requirements that impact how it has to be managed. Those that fail to improve information management will likely experience repercussions when a business opportunity is missed, a regulatory audit fails, or a legal matter has to be unnecessarily settled. It is hard to a put an exact figure on these costs, but they are expenses that no business leader wants to deal with. Information intelligence can easily expand information management disciplines to address evolving business, regulatory, and legal requirements. It also supports existing business processes or helps to create new ones. These benefits minimize the tradeoffs of unbalanced information management decisions made today where companies utilize a one size fits all approach to controlling unstructured data. The biggest challenge companies may face when implementing information intelligence strategies is fighting internal beliefs that relevant data stewards already know all that there is to know. One only has to talk to corporate counsel experiencing rapidly growing electronic discovery costs, CIOs constantly buying more storage, or CISOs tracking down sensitive data residing on stolen laptops to understand there is a lot to learn about corporate information. Building this intelligence is a worthwhile exercise for any company prioritizing information management to cut costs and risks while improving business processes.

2011, Enterprise Strategy Group, Inc. All Rights Reserved.

20 Asylum Street | Milford, MA 01757 | Tel:508.482.0188 Fax: 508.482.0218 | www.enterprisestrategygroup.com