Cloud Content Management & Governance A Primer. Silicon Valley & Mount Diablo ARMA Chapters

Transcription

1 Cloud Content Management & Governance A Primer Silicon Valley & Mount Diablo ARMA Chapters

2 John P. Frost, CRM FAI Senior Information Governance Specialist for Box years of Enterprise Content Management (ECM) and Information Governance (IG) experience including information security and content analytics Roles Served: Corporate Records Manager ECM and Governance Technical Consultant Governance Technical Seller Worldwide Services Practice Lead Vice President of Sales and Operations Certified Records Manager (CRM) Fellow of ARMA International (FAI) Customers Served: Global corporations Foreign governments Fortune 500 companies

3 Josh Rosenberg Group Product Marketing Manager for Box 3 8+ years of Enterprise SaaS security, analytics, content management, and information governance Current responsibilities: Product marketing lead Pre/post sale support Customer research Product roadmap AIIM Certified Modern Records Management Specialist Worked with customers of all sizes on their cloud content management and content governance requirements

4 Agenda / What is Cloud Content Management and Governance? / Why Govern Cloud Content? / Case Study 1: Large Insurance Company / Cloud Deployment Best Practices for Governance / Summary and Questions

5 What is Cloud Content Management?

6 6 Cloud Content Management is... / The combination of centralized, cloudnative content services with advanced security and governance / Collaboration across the entire extended enterprise becomes seamless / The latest machine learning technologies help you maximize the value of every piece of content

7 7 Cloud Application Types Cloud-Native Built for cloud and mobile Integration needed for most robust feature set Generally stronger security and performance Managed Hosted Service On-Prem solution that is virtually hosted Built for On-Prem Mobility may be limited We are not focused on building yesterday s apps faster; we re focused on building tomorrow s apps faster. Johan den Haan, Mendix

8 8 What Information Governance Encompasses Source: IGInitiative.com

9 Why Cloud Content Management and Governance?

10 Presentation title: Go to first Master Slide to edit 10 Cloud computing is often far more secure than traditional computing, because companies like Google and Amazon can attract and retain cybersecurity personnel of a higher quality than many governmental agencies. Vivek Kundra, VP at Salesforce and former federal CIO of the United States

11 11 Why legacy content management no longer works Employees expect a digital workplace Agile internal and external team collaboration Access to information anytime, anywhere on any device Support for work across a best-of-breed cloud stack Businesses need to evolve in the digital age Accelerate process across the extended enterprise Deliver modern digital experiences for customers Automate processes and drive efficiency with AI Cyber threats and regulations are constantly changing Protect the flow of content across the extended enterprise Shadow IT creating security and compliance gaps Address complicated global regulations (e.g., GDPR)

12 12 The wrong mix provides inefficiencies for business Creation Internal collaboration External collaboration Publishing Governing Kick off process Share content with an internal team Share content with partners and vendors Publish to internal and external teams Retain and govern content

13 13 Why Content is Moving to Cloud Cost Infrastructure (hardware, backup, storage, licensing) Human Investment Security Portability Long-term growth and maintenance Scalability Transparent updates Leverage location Acceptance App Culture

14 14 Value of Information Over its lifecycle Maximum usage includes: Analytics Archiving Disposal Source: CGOC.com

15 15 IG Scope With Overlapping IG Drivers Privacy & Security Risk GDPR (EU) Privacy Act (AU) GB/T (CN) Computer Crime Law California Consumer Privacy Act (CCPA) OSHA Freedom of Information US DoD Operational Risk DOMEA (DE) Anti-terrorism Act (UK) ISO Legal Admissibility HIPAA/HiTECH PATRIOT Act PIPEDA ISO 9000 Quality Basel III (EU) SEC 17a-4 CobiT Solvency II (EU) FINRA 2210 ISO Information Security New York Cyber Regs Gramm-Leach-Bliley Companies Act (UK) Dodd-Frank 21 CFR Part 11 Sarbanes-Oxley 47 CFR Part 42 Tread Act Audit AML / KYC ISO Records MoReq2010 (EU) Governance Geopolitical Specific Regulation Industry Specific Regulations

16 16 Cloud Usage

17 17 Cloud Initiatives

18 18 Information Lifecycle (or Zone) Model Composition of information in an organization 5% 25% Information on HOLD 1% Transitory (Purposed Served) 70% Work-In-Progress Records

19 19 Cloud Content Management and Governance An Architecture API Foundation (PaaS) Governance Content Security Insights Metadata Workflow AI Apps Native Integrations Customizations

20 Case Studies for Deploying Information Governance in the Cloud Extend Compliance 20

21 Presentation title: Go to first Master Slide to edit 21 Case Study 1 Small Cancer Smart Medicine Developer

22 22 Overview of Medical Governance Need to have Cloud Content Management solution as a System of Record 262,000 files (approximately 800 GB) Regulations GDPR, SOX, 21 CFR Part 11, etc. Retention - Disposition

23 23 Solution Drivers Secure content needing governance File shares Limited standards, unknown amount of data

24 24 Tools of the Solution Box Box Governance

25 25 Lessons Learned C-Level approval and support was critical Governance leads should have training on the content platform as well as the governance application Build playbooks for tool usage for super users (records coordinators) Ask vendor if there are existing guide resources that may be shared

26 26 Successes Over 400 users with content being governed 800 GB of content being governed and growing 80 retention policies deployed 3 legal holds deployed 7 security classification policies deployed

27 Presentation title: Go to first Master Slide to edit 27 Case Study 2 Large U.S. Insurance Company

28 28 Overview of Governance Needed to update and build an effective Information Governance framework to mitigate risks related to records retention, legal holds, privacy and other challenges with clear, digestible policies and well defined initiatives Needed to ensure organic, full support from the units and staff of the organization through relationship building and education Needed a less is more approach to ensure compliance and reduce information overload on staff Began planning in 2015 with organizational realignment, analysis and roadmap, creation of an Information Governance committee, and a roadshow to learn more about the business and educate on the benefits and necessity of governance Hired a new team and expertise to fulfill the vision Updated policies and schedules, and provided training and awareness to the organization Decided on and deployed new information governance technology *Source: Box

29 29 Solution Drivers Organization moving to cloud technologies Need to replace and de-commission a large legacy, on-premise ECM and Governance solution Clean, organize and migrate over 20 TB (approx. 325 million files) of content and metadata to cloud Develop and deploy a new, more efficient taxonomy for the organization Ensure internal development team well skilled on cloud solution technologies for any future enhancement *Source: Box

30 30 Tools of the Solution Box Box Governance Virgo Zapproved *Source: Box

31 31 Lessons Learned Mapping configuration and design decisions accurately against the company s strategic initiative and goals Ensuring appropriate migration speeds to meet objectives Data quality, errors and issues in the legacy system Managing many dependencies in a large, complex project Migrating large data volumes to the cloud *Source: Box

32 32 Successes Hired a strong IG strategy leader to can push through initiatives and develop strong organizational relationships Leader hired the right talent to execute on the vision and deploy the initiatives Built a toolset that is efficient and defensible Built a practical roadmap with tangible, achievable milestones Built simple, easy to follow policies that require minimal updates over time Leveraged simple, big bucket retention Destroy information when it meets its required obligation *Source: Box

33 33 Best Practices Level set on goals and objectives with ALL relevant groups and stakeholders during project kickoff Consider dividing your organizational applications into Systems of Engagement and Systems of Record; this will help determine how to apply retention Retention in cloud systems needs to accommodate record and non-record content Help the client paint the big picture, then stakeholders through the steps on how to achieve the big picture Align on the vision for how the cloud content and governance tool will be used at your organization (i.e. what business processes and content will be powered by cloud content management) Agreement from Compliance, IT, Legal, Records Management, and Security on the policies and requirements necessary for content that is, or will be, stored in cloud content solution

34 34 Best Practices Define record retention strategy and policy before technology deployment Help stakeholders understand the available functionalities in each solution component and how they can be utilized to address immediate needs/pain points Conduct knowledge transfer and training with the users to properly enable them own their solution Test the solution build in a sandbox environment before production deployment. Even cloud solutions have sandbox or Test environments Have a strategy to handle the content and records should your organization cancel the contract with the cloud content provider Use simple, big bucket retention; use event-based calculation on critical records Destroy information when it meets its required obligation

35 35 Working with Cloud Providers Accessibility Data Security Data Location Data Segregation Data Integrity Data Ownership Experience of SaaS Provider Qualifications of Provider s Staff Financial Stability of Provider Bankruptcy?

36 ROI/Payback for Information Governance 36 Data Reduction and IT Costs ediscovery Risk Reduction Storage Volume and Cost by Business Reduction of Discoverable Data Volume Actual Risk/Burden v Target Reduction for Period

37 37 ROI/Payback The Numbers ediscovery: $18,000 per GB for review and productionº Total Storage Volume X % Estimated Reduction Breach Cost and Reputation Risk: Average cost of a data breach is $3.86M* # Documents Affected X $141*, OR # Customers X $151* Storage Costs Reduction: $2.5M/per year to store 1 PB plus cost significantly add to run rate Storage Cost X Storage Volume X % Estimated Reduction *Source: Ponemon Institute ºSource: Rand Institute

38 38 In summary... / Organizations are moving to cloud at a rapid rate / Clean your data before moving to cloud / These are two of many organizations successfully governing in the cloud / Know your cloud vendor / You will govern MORE than just records / Simple is the key / ROI is out there!

39 <TRACK NAME> Next session: Maximizing GDPR and Global Data Protection Compliance 1:45 PM RM 2004/2006 John Frost Josh Rosenberg On the exhibit floor: Visit our demo's of Relay Visit IBM on the Exhibit Floor Visit us online: Box.com/Apps