August 26, 2021

Last Updated on January 16, 2024

Information governance is generally associated with “value preservation;” i.e., it’s viewed as a form of risk management. But what about value creation to help drive business success?

Can information governance improve organizational efficiency and effectiveness, or otherwise strengthen the brand? Or is it just a cost you pay to keep regulators at bay?

To explain why embracing information governance shouldn’t feel like a forced marriage, we invited David Gould, Chief Customer Officer at EncompaaS, to headline a recent episode of The Virtual CISO Podcast. Pivot Point Security CISO and Managing Partner, John Verry, hosts the show.

The total cost of retaining data

In David’s view, the three legs on the data governance bar stool are preservation/risk management, cost and productivity.

“I have commissioned organizations to study what it actually costs to manage information, especially on the unstructured side,” David shares. “Back four or five years ago, we did a pretty in-depth study, and the answer came back, it’s $25 a gigabyte basically to manage information on-premises.

“Now, somebody can say, ‘Well, I can go down to Best Buy and buy a 2TB hard drive for $99 and plug it into my PC.’ But the reality is the cost of storing the information is only about 12% to 15% of the overall cost. The other 85% relates to the people who are involved, the policies that have to be enforced, the infrastructure that has to be built and managed, and all of the operational costs. So that’s where you really save money [when you dispose of data],” emphasizes David.

The productivity benefits of information governance

“How does information governance support productivity?” David posits. “Real simply: The more you classify information, the more you analyze information, the easier it is to search. And it gets you back the right answer, for anybody doing some knowledge management application at work, answering something from a customer, whatever. The better you have your data stored, the more classification you have on that data, whether it’s structured or unstructured, the better your search is going to be, which really goes to the heart of productivity.”

In other words, time spent retrieving is inversely proportional to time spent storing. You just can’t get around those universal laws.

“Think about how much time everybody spends during the day looking up stuff,” David continues. “If you could take back 15%, 20% or 30% of that time, because the data is better classified, any expert on productivity would grab that kind of metric in a heartbeat and put it into motion.”

eDiscovery alone can justify information governance initiatives

As a prime example of rescuing productivity, saving costs and eliminating huge business risk at the same time, John mentions the dreaded specter of eDiscovery in civil litigation.

“I know of organizations that are taking a ruthless approach to emptying peoples’ inboxes of their mail and everything, just from that eDiscovery cost perspective,” echoes David. “And I’ve worked with some very large organizations where the primary driver behind why they needed to put better retention management on data was strictly to support the eDiscovery cost.”

Then there’s the ongoing productivity value of capturing and categorizing high-value information to build “organizational wisdom” and hone competitiveness.

David mentions an engagement with one of the world’s largest car manufacturers: “We were storing most of their car crash test data in our application. The reason we stored it was for e-Discovery purposes primarily, but secondarily also for productivity, where the next generation of brake designers could learn what the first generation of brake designers had worked on, on a specific car or a specific model.”

If you’re under pressure to get your org’s data under control, you’ll greatly appreciate this podcast episode with information governance authority David Gould.

To hear this episode all the way through, subscribe to The Virtual CISO Podcast on Apple Podcasts, Spotify, or our website.

Successful vCISO = All Security Roles Filled

This document outlines the 3 critical roles and responsibilities of a Virtual Chief Information Security Officer: Architect, Builder, and Operator.
Download the free inforgaphic now!