The State of Secure Content Management in the Enterprise CONTENTS 2 Introduction 3 Survey Results 3 Not all Companies Have a Centralized Approach to Content Management 4 ECM Software Most Used 5 Duplication Problematic in Current Systems 6 Finding and Securing Data Top Goals 7 Multiple Standards Driving Content Management Strategies 8 Data Governance Strategies Lacking 9 Data Leakage Tops Biggest Concerns 10 Data Integrity Concerns Loom 11 Compliance, Audit Confidence Runs High 12 Integration, Security Key Issues with Current Systems 13 Regulatory Compliance Needs are Steady 14 Compliance/Risk Officers Rule Content Management Efforts 15 Conclusion
Introduction In today s threat-laden business landscape, securing content has never been more imperative. Malware, phishing and other methodologies for extracting sensitive company and customer information are becoming more commonplace, and data breaches and threats loom ever-present. The need to ensure that data remains secure, whether in transit or at rest, requires companies to adopt technologies that emphasize security along with simplicity and efficiency. At the same time, mounting regulatory requirements are putting pressure on companies to ensure their data is not only safe, but also compliant with myriad financial, privacy and international regulations. While content management systems can do much to ensure companies have access to the data they need today and in the future, many current systems don t have the proper security controls in place to ensure data remains secure. Still others don t work effectively to reduce redundant or duplicate information, which can tax infrastructures with unnecessary data storage and related costs. A recent survey of 125 technology influencers and decision-makers by BizTechInsights on behalf of Micro Focus reveals the most common factors that impact organizations implementation and use of secure content management, what they consider to be the most pressing issues regarding their Secure Content Management (SCM) solution, and more. 2
SURVEY RESULTS Not all Companies Have a Centralized Approach to Content Management The survey sought to uncover the approach instituted by companies to manage content. Surprisingly, the survey revealed that 41% of respondents don t have formal management of all content, have information spread across various systems, or are merely archiving data. In fact, less than half of survey respondents (41%) currently use a centralized approach of management for all types of content. 5 Fig. 1: Which of the following best describes your current approach to records management/content management? 4 41% 18% 17% 14% 8% We have centralized policy management, which applies to all information All/most electronic information is proactively managed in an EDRMS/ECM There is formal management of paper records only Information is archived/backed up All information is managed ad-hoc across multiple systems 3
ECM Software Most Used Among respondents who currently manage their content, the largest percentage (31%) use enterprise content management software, followed by records management software (26%). File analysis and information archiving were cited by 17% and 16% of respondents, respectively, while 9% reported not having any software products to manage their information. Only 1% cited using security and access controls for business and sensitive information, which implies current content management techniques may not include an adequate level of security. 4 Fig. 2: What software products do you use to manage your content? 31% 26% 17% 16% 9% Enterprise content management Records management File analysis Information Archiving/ backups N/A we do not have software products to manage our information 1% Security and access controls for business and sensitive information 4
Duplication Problematic in Current Systems About one-third () of respondents reported duplicate and redundant information is their most pressing challenge with their current systems, while slightly less than one-quarter (22%) cited security and access controls for their business and sensitive information. A similar amount (21%) reported extracting business insight as their most pressing content management challenge. Combined, these challenges can be costly to a business in terms of high infrastructure costs, potential security breaches and lost opportunities. Fig. 3: What are your most pressing content management challenges? 4 22% 21% 15% 12% Duplicate and redundant information Security and access controls for business and sensitive information Extracting business insight from your data Siloed information repositories Identifying and classifying high-risk or sensitive data 5
Finding and Securing Data Top Goals Perhaps recognizing the need for security and realizing you can t secure what you don t know you have the largest percentage of respondents (26%) cited identifying dark data and securing sensitive data in system repositories as their top content management goal. Improving their compliance state and audit reporting was the second-most important goal, at 19%. Improving efficiency of information processes and optimizing information and storage to reduce costs were third and fourth, respectively, with each cited by 16% of respondents. These goals address the issues of lost opportunities, unsecure data and high infrastructure costs cited in the previous question. Fig. 4: What are your goals related to your content management strategy/solution? 4 26% 18% 16% 16% 15% 8% Identify dark data and secure sensitive data in system repositories Improve compliance state and audit reporting Improve efficiency of information processes Optimize information and storage to reduce costs Reduce cost and risk associated with managing archived data and applications Improve information delivery and services 6
Multiple Standards Driving Content Management Strategies Among the regulations driving most companies, DoD5015.2 stood above the others. DoD5015.2 controls what type of information must be retained and for how long. The impending GDPR came in second, followed by Dodd Frank. Selections ranged from regulations regarding privacy to data integrity and were both national and international in scope. Fig. 5: Which of the following regulations do you need to comply with when managing content? 25% 15% 14% 11% 9% 9% 8% 5% 6% 6% 4% 2% DoD5015.2 GDPR (General Data Protection Regulation) Dodd Frank Safe Harbor EU HIPAA VERS Sarbanes Oxley FDA 21 CFR MiFID 2 Federal Rules of Civil Procedure Privacy Act (region specific) 7
Data Governance Strategies Lacking When it comes to having a successful data governance strategy, companies are lacking. Less than onequarter (24%) report having a strategy in place that they consider to be working well, and an almost equal percentage (22%) have a strategy in place that they do not consider to be working well. Another 15% have a strategy in place, but they don t know how well it is working. While are developing a strategy, 8% don t have a strategy at all. Fig. 6: Do you have a data governance strategy in place? 4 24% 22% 15% 8% We are developing a strategy We have a strategy in place, and it's working well We have a strategy in place, but it isn't working well We have a strategy in place, but we don't know how well it's working We don't have a strategy 8
Data Leakage Tops Biggest Concerns Among respondents who currently have a content management system, the largest number (27%) report data leakage keeping sensitive data from leaving the organization as their biggest pain point. This was followed closely by inconsistent and manual application of policy, at 25%. Both responses underscore the problems enterprises today face in ensuring critical data is managed effectively and securely. Fig. 7: What is your biggest pain point with your current content management system? 27% 25% 19% 9% Keeping sensitive data from leaving the organization Inconsistent and manual application of policy Difficulty in accessing and managing large volumes of legacy data Cost of maintaining legacy applications Complying with regulatory requirements 9
Data Integrity Concerns Loom Keeping data from being compromised is a major issue among respondents: Two-thirds (66%) said they are concerned or very concerned with the integrity of their organization s data. Another 25% are somewhat concerned, while only 1 out of 10 respondents said they are not concerned. Fig. 8: How concerned are you about the integrity of your organization s data? 4 33% 32% 25% Very concerned Concerned Somewhat concerned Not concerned 10
Compliance, Audit Confidence Runs High When it comes to their organization s current compliance and auditing practices, only about a third of the respondents (36%) felt very confident. The vast majority nearly two thirds of the respondents expressed varying levels of confidence, with 1 in 4 respondents saying they are not very confident or not at all confident in their organization s current compliance and auditing practices. Fig. 9: How confident are you in your organization s current compliance and auditing practices? 4 38% 36% 18% 8% Not at all confident Not very confident Somewhat confident Very confident 11
Integration, Security Key Issues with Current Systems Current content management solutions suffer from integration and security issues, according to survey respondents. More than a quarter (27%) noted their current solution does not integrate with their core systems. Slightly fewer (23%) reported their solution does not have adequate security. Both factors can have a dramatic impact on both the integrity and efficiency of the data, which ultimately can impact a company s bottom line. Fig. 10: How would you describe your current content management solution? 27% 25% 23% 14% 11% Does not integrate with our core systems Adequately addresses our needs Does not have adequate security Complex and has low user adoption Outdated and unwieldy 12
Regulatory Compliance Needs are Steady When assessing what companies seek to achieve with regard to regulatory compliance, no one issue stood out among others. Corporate transparency garnered the most responses (24%), followed closely by public sector regulations (22%) and security (21%). These results imply that overall, companies are regarding their current compliance issues with equal respect. Fig. 11: What do you seek to achieve with regard to regulatory compliance? 24% 22% 21% 14% Corporate transparency Public sector regulations Security Privacy Financial services regulation 13
Compliance/Risk Officers Rule Content Management Efforts Perhaps unsurprisingly, the chief compliance/risk officer has ultimate responsibility for content management among 35% of respondents. The general counsel or legal officer holds the responsibility among the second largest group of respondents (21%). The presence of a chief compliance/risk officer in more than one-third of organizations implies a growing focus on content management within businesses to ensure data is managed correctly and securely. Fig. 12: Who has ultimate responsibility for this function within your organization? 4 35% 16% 12% 9% 4% 3% Chief Compliance/ Risk Officer General Counsel/ Legal Officer Chief Information Officer Director of Records Management Data Protection Officer Director of Information Services Chief Governance Officer 14
Conclusion Content management is an integral part of any company s strategy to understand its data flow and ensure information governance. At the same time, today s threat landscape makes securing critical and sensitive information imperative. Businesses need a solution that can offer effective and secure content management. The importance of a well-designed secure content management solution is well-understood, yet current solutions aren t instilling confidence in their users. Two-thirds of survey respondents (66%) said they are concerned or very concerned with the integrity of their organization s data, with redundant or duplicate data and security and access controls for sensitive information listed as major points of issue. While a growing number of companies have adopted some type of content management solution, most are not comprehensive solutions that address both security and information governance. It is the combination of these two critical issues that will continue to drive the demand for secure content management solutions. n About Micro Focus Micro Focus and HPE Software have joined to become the seventh largest pure-play software company in the world. Bringing together two leaders in the software industry, Micro Focus is uniquely positioned to help customers maximize existing software investments and embrace innovation in a world of hybrid IT from mainframe to mobile to cloud. We are a pure-play software company focused from the ground up on building, selling, and supporting software. This focus allows us to deliver on our mission to put customers at the center of innovation and deliver high-quality, enterprise-grade scalable software that our teams can be proud of. We help customers bridge the old and the new by maximizing the ROI on existing software investments and enabling innovation in the new hybrid model for enterprise IT. Learn more at www.microfocus.com/securecontent Micro Focus solutions help manage and protect your data in accordance with the General Data Protection Regulation (GDPR), enabling you to grow your business with confidence. Learn more at https://software.microfocus.com/en-us/marketing/gdpr 15