The Need for Governance Automation #CollabTalk TweetJam
#CollabTalk TweetJam "The Need for Governance Automation"

The Need for Governance Automation #CollabTalk TweetJam

March 22nd 2023 brought us a number of holidays – here are some of my favorites:

  • The Start of Ramadan (Eid Mubarak, my friends)
  • International Talk like William Shatner Day (I’m so upset I missed this)
  • National Water Day
  • Coq Au Vin Day (so much yum)
  • and of course … CollabTalk TweetJam Wednesday!!!!

What is a TweetJam?

As a reminder, if you’re new to the #TweetJam concept, Tweets are short. Currently, Twitter restricts comments to 280 characters and, where URLs are present, using URL shortening to help get the most out of this limited space. If you jump into the conversation, you may see “(1/2)” in a post, which means the poster needed more than 280 characters, so check out that person’s Twitter stream to see the rest of the message.

#CollabTalk does some great stuff helping organize the hundreds of posts that come through in an hour by breaking up the topic into seven questions and requesting everyone use #collabtalk and A1 where the number matches the question. Good stuff if you’re trying to keep up.

Below are my answers to today’s seven questions, and a few of my favorites from the community (way too many to share them all!). I welcome your feedback either in the comments or on Twitter! But if you do join us on Twitter make sure you follow the rules!! Use #CollabTalk A$ where $ is the question number (e.g., “#CollabTalk A3”).

Q1: What are the top 3 challenges that organizations encounter when implementing information governance, in general?

You my notice in my answers today: to me, technology is PART of the solution, but orgnizations HAVE to invest in the people and process around that technology for it to solve the problems it is intended to solve. Setting the tone with answers focused on scope creep, definitions, and funding. Not technology.

What’s everyone else have to say? Here’s a few to set the tone for the day:

https://twitter.com/magrom/status/1638574495865683970

It’s a pretty common theme: there are some technical advancements, few people are really excited by this, and the problem that this is trying to solve does not have a significant cost to NOT implement it to too many people. Don’t get me wrong, information governance is HUGELY important. A properly implemented information governance program can support:

  • Regulatory requirements,
  • Data and ransomware protection
  • Data security,
  • storage optimization,
  • search optimiztion,
  • … so much …

Yet, organizations time-and-time-again deprioritize information governance because, with the culture of do-more-with-less, it simply doesn’t come with the highest immediate cost for not solving – until it does.

Q2: Within your own organization (or customer), where are the greatest opportunities for information governance automation?

My personal focus on Information Governance tends to focus on records management – why? Thank you for asking. Because if you’re in a regulated space, you have to have a records management plan before you can successfully decide how to organize your information and how to dispose of information. If you don’t – how will you know what is safe to dispose of? How will you know how to organize your content? Step 1: know what your records are and know what to do with them. (ok, maybe … step … 2?)

OH! Treb with the first mention (that I saw) of #MicrosoftCoPilot! If you haven’t see this, check out the release from earlier this week. What an AMAZING opportunity to how much effort we put into creating and instead letting us focus on curating and editing. LOVE THIS direction, Microsoft. Hopefully it doesn’t price itself out of being useful.

Kevin – you get me. You can’t just delete ANYTHING, you have to know what you’re deleting and aid your users in knowing if it’s ok to delete something. #recordsmanagement

So much opportunity for technological advancement – and so much process that needs to go into supporting it.

Q3: How can automation help organizations improve compliance with regulations and policies related to data management and protection?

What do you think, what did I miss?

https://twitter.com/KoprowskiT/status/1638582007084064781

Click through here – Tobias and Wes Preston have a great back and forth with additional feedback from the community on the idea of auto-classifying content. I’m a HUGE fan of location-based classification; as a starting point, it helps to bucket your content so you can focus on the exception, not the rule.

HOWEVER, you have to be careful when you decide to do it. First, does the technology configuration SUPPORT overriding the exception, or will it fight you by reclassifying things? Second, don’t OVER classify too much, or you make it too hard for users to get their job done.

I recommend shrinking the bucket and focusing on the most sensitive information. For example, ITAR data, or Export Control data, is a great place to start. If you know a Team or SharePoint Site will have ITAR data, the safe bet is to classify the entire workspace as ITAR. However, if your workspace is “all of IT” then perhaps your workspace is too broad.

Without using any statistical analysis, this was the most re-tweeted and liked post of the TweetJam (ok, this is hyperbole, I get it). But seriously … #this … automation is GREAT, when implemented carefully. It is not the answer for everything. In fact, if you setup automation in a regulated space, chances are the records managers will not want you to automate disposition. They’ll want it as an option, but they’ll likely want final say on any and all disposition. Why? Because programmatic rules are fallible. They can be written wrong. They can be overly inclusive. They can miss a variable. They can be too simple. They can be too complex. Still a lot to learn here.

Q4: How can organizations ensure that automated information governance processes align with their overall business goals and objectives?

I cannot say this enough: if you are an IT professional creating solutions for the business and you are not engaged in the business WHAT ARE YOU EVEN DOING? Who is checking your work? Who is confirming your solution actually solves the problem? Get out of your silo, have a business partner, and engage them THROUGHOUT the process.

Our host with one of my favorite automation discussions: automation is GREAT, but what about the exceptions? How do we catch them all?

Well, you don’t. You can’t. You shouldn’t even try. Instead, make sure you have a process for someone to REPORT exceptions, and then treat them as one-offs until you get enough groundswell to see it as a common issue that you can programmatically support.

Thank you Adnan! Say it with me, everyone: BREAK DOWN THE SILOS! BREAK DOWN THE SILOS! BREAK DOWN THE SILOS!

Hey John, here we go! Let me highlight hat for you all: CONTINUALLY REVIEW. Governance, of any kind, is not a one-and-done thing. This is an investment, over and over, to ensure it CONTINUES to meet your needs, not that it met your needs that one day 10 years ago.

Q5: What is Microsoft doing to help customers improve their information governance practices?

This three-part conversation hit home for me. You do have to understand the technology to know what you can implement. However, you can’t assume your process from 10 years ago is the best process for the way technology is written today. Too often I see a Records Manager put their foot down that something has to be implemented a specific way because that’s how the regulation is written (e.g., “when the record is no longer relevant”); and I get it, the regulation is what drives the requirement. However, how can we interpret that?

In a world where MILLIONS of records are being created a year, exponentially, how do we know when something is no longer relevant? You have to find ways to modify your process. For example, the “relevance” rule is also, typically, tied to a “or 7 years, whichever comes first”. Great, 7 years gives me a starting point! Working with our customers, we have found most willing to say “if something hasn’t been touched for half the years listed, let’s mark it for disposition”. And, to ensure we aren’t deleting anything earlier, marked for disposition is step one where step two is “have a data steward confirm before disposition occurs”.

And where we are looking for technology to solve our problems, Martina comes in with a few great examples!

https://twitter.com/magrom/status/1638581916294160386

Q6: What features or capabilities do you believe are missing from Microsoft’s information governance solutions?

Most of my customers are large, centrally supported tenants that have a history of being segregated in their own networks. The tools natively available today still do not give the level of “virtual tenancy” required to allow 5, 10, or 50 components work together in a single tenant while having the level of control and management that they desire without over-privileging a local administrator with access over another component. It’s ok, that’s why third party solutions like AvePoint’s Operational Governance capabilities exist with tools like Entrust and Cloud Governance!

A few thoughts on technical direction for Microsoft from the community:

https://twitter.com/magrom/status/1638584721998323714
https://twitter.com/KoprowskiT/status/1638584280568799242

On #GPT – this truly has the opportunity to change how we work, but Eric is right! It is only as good as our ability to curate what it creates. My wife is a high school and college English teacher and has already come across her first ChatGPT-created paper. That’s not your work, student, and in high school and college that matters. In the professional world, however, if it solves the ask, does it matter? I’d love your thoughts on my post on the subject on LinkedIn!

Q7: For organizations at the start of their information governance planning, what guidance or recommendations would you provide?

So – Let’s take us home and wrap us up.

Data and container ownership – yes! Best practice is to enforce no less than two owners – but something else to consider: is “Owner” the right way to manage it? Microsoft’s owner is a TECHNICAL ADMINISTRATOR. That’s why AvePoint has implemented the concept of “contact” or “business owner” in our governance technology!

Too true, Stacy. You do NOT have to do this on your own. Find a partner, a consultant, someone who can help guide your journey. AND do it in chunks! YES! #lovethis #allofthis

Get started. Somewhere. Show success, then build. And KEEP 👏 IT 👏 SIMPLE 👏!!!!

Leave a Reply