You can’t save everything for forever, but how do you find all the policies and regulations needed to factor into your policy plans? How do you decide and prioritize these competing requirements? Learn how to answer these questions and develop a successful data retention policy.
Want to follow along with the webinar replay? Download it here for free: http://info.aiim.org/developing-your-information-management-policies
4. Underwri(en by: Presented by:
We’re pretty sure we are not providing all
responsive data, since we don’t know what
we don’t know!
We really don’t even know what we have, let alone where it is!
There is probably a lot of PII on our shared drives that we really need to purge.
Could be devastating if we are ever breached.
Our workforce is so mobile, we know our employees are saving stuff to unsanctioned cloud
storage. This ‘shadow IT’ will sabotage our efforts at comprehensive disposition.
I only have 24 hours to respond to a
regulatory request, yet it will take me 4 times
that amount of time to sift through all the
garbage.
8. Underwri(en by: Presented by:
Organizational silos obstruct
comprehensive approach
…But LiTered with Obstacles
!
! No internal sponsor / champion
! Lack of budget & resources
!
Communication gaps
between
Legal, IT and the
business
!
“Software-as-Savior”
turns into
“Software-as-Shelfware”
!
Don’t know where
the data is or what it
contains
! Change management?
! Bleeding out
17. Underwri(en by: Presented by:
What is File Analysis?
Two Primary Levels of Analysis
§ File System Metadata
§ Includes informaVon about individual files
§ Examples include contextual metadata about associated servers, volumes, shares,
folders, and idenVty related informaVon such as company / department / group / user
permissions and ownership; as well as file specific metadata such as file owner, last
author, author, file extension / item type, and create, last modified, and last accessed
dates
§ File Content
§ Includes informaVon within individual files
§ Represents a much more granular level of detail, and subsequently a larger data
footprint and supporVng set of infrastructure requirements
§ Repositories
§ Email, File Shares, ERM / EDM / ECM Systems, SharePoint, File sync and share sites
such as Box.net or Dropbox, Data Archives, Business Intelligence (BI) / Data Warehouse
Environments
18. Underwri(en by: Presented by:
Representa(ve Vendors
Primary Use Cases Supported by 2016 List Vendors
• AcVve NavigaVon
• Adlib Soeware
• BeyondRecogniVon
• Bloomberg
• Controle
• Cryptzone
• Druva
• Exterro
• SailPoint
• Titus
• HPE
• IBM
• ZL Technologies
• Capax Discovery
• Data Global
• Egnyte
• Index Engines
• Spirion
• STEALTHbits
• Varonis
• Veritas
Source: Gartner: Market Guide for File Analysis Soeware (19 September 2016)
Gartner’s Note: Though most vendors support some elements of each use case, vendors are listed in
the above diagram according to the major use case supported and what customers acquire the soluVon
for.
Governance/Policy
Management
Risk MiVgaVon
AnalyVcs
Efficiency/
OpVmizaVon
• Kazoup
• Condrey
• Haystac
22. Underwri(en by: Presented by:
How Do We BeTer Connect Legal Regula(ons and
Opera(onal Requirements to Our Content?
The first and last mile of retention
The First Mile:
Retention
Considerations
The Last Mile:
Policy Execution
Government
regulations
Industry specific
regulations
IT Operations
Business Needs
Email
Cloud
Desktop
Physical
Content
SAP
Structured
Repositories
Unstructured
repositories
File Shares
Auto
collection
of laws
Translate to
retention
rules
Centralized
policy
Apply at
scale
Audit logs
Connect
25. Underwri(en by: Presented by:
What Challenges Does GDPR Create?
§ Understand of the scope of PII
§ IdenVfy PII, determine format locate it within IT real estate
§ Isolate and classify PII
§ Appreciate the retenVon Vmes for personal data and contact informaVon
§ Obtain and retain explicit consent of data subjects
§ Limit access of PII based upon scope of consent
§ Facilitate the “right to erasure” of personal data
30. Underwri(en by: Presented by:
Methodology
• Survey and
confirm
• Index metadata
and content of
documents
• Extract named
entities (SSN,
emails,
phones…)
• « ROT »
analysis
• « Technical »
analysis (size,
type, age…)
• Redundant
• Obsolete
• Trivial
• Creation of
Categories
based on
entities,
metadata and/or
content
• Apply tags
• Move
• Secure
• Archive
• Review
31. Underwri(en by: Presented by:
Content Manager Component Overview
Ingested Policy Center data stays
in Content Manager
• Retention laws, jurisdictions and
vertical industry information is
mapped
• Policy Center is polled for updates
• Updates are ingested and managed
permanently
Content Manager is licensed
perpetually
• All components remain active
• Annual support renewal
• Connector that
extracts and ingests
Retention
Requirements into
Electronic Content
Manager
• Mapping of data
• Classifications
• Retention schedules
HPE CM
Policy Center
Connector
• Trained on existing
content or BCS
• Holding node prior to
classification
• Automatic folder
creation
• Linked security &
retention
HPE CM Auto-
Classification
Module
• Information lifecycle
management
• Governance-based
ECM
• Access defined by
authorized seats
• Perpetual license +
annual maintenance
HPE Content
Manager
(ECM +
Retention)