06/30/2011

GRC Forcing Function: The Digital Universe

EMC has been sponsoring the annual IDC Digital Universe Study for five years – and we’ve been saying the horrendous growth in information is one of the main Five Forcing Functions driving growth and adoption of GRC. The 2011 Digital universe Study is in – and the numbers will shock you. Here's a taste:

  • Digital information in the world is doubling every two years.
  • In 2011, the amount of information created and replicated will surpass 1.8 zettabytes (1.8 trillion gigabytes) - growing by a factor of 9 in just five years.
  • Growth is not keeping pace with staffing - by 2020 we will have only 1.5 times the number of IT staff we have today.

Trust, which is really shorthand for GRC, is a big factor here.  The amount of information that needs to be secured is growing faster than our ability to secure it. When we consider the ‘digital shadow’ – how personal information is expanded through mobile device apps and social networking – not to mention corporate information that is stored, replicated, and transformed - it is even more difficult to manage privacy and protect sensitive information – we simply don’t know where it all is.  At the same time, online data collection is on the rise as we move into a world where analytics and big data can be the difference between knowing your customer, or not.

 What to do?

  • First of all, read the study.
  • Second, get started with Information Governance and Classification policies and schema and build this as a foundation of your GRC program. Understand what information, structured or unstructured, is sensitive, and build automatic or user driven classification into your information landscape as much as possible.
  • Third, conduct an Information Risk Assessment leveraging technologies that scan for information by keywords and see where it resides, and where it is moving. You’ll be surprised by what you find.
  • Fourth, start enforcing policies at the point of use with technologies for data loss protection, blocking sites and other “Information taming” technologies that drive down the cost of creating, capturing, managing and storing information.
  • Fifth, build Information Governance and Assessments into the operating fabric of your organization – regulators, employees and customers are beginning to demand that you demonstrate you are in control of corporate and personal information privacy and protection.

Digital Information is going to continue to grow. As an industry, although we’ve come a distance in driving down the cost of creating, capturing, managing and storing information—one-sixth the cost in 2011 versus 2005 – we have a very long way to go.

 

Jun 30, 2011 8:01:29 AM | Cloud Computing, Governance, Risk and Compliance, governance, risk, compliance, security, controls, infrastructure, GRC, GRC, Information Governance, Information Security Risk Management, IT GRC, Risk Manangement

The comments to this entry are closed.

NEXT POST
Privacy and GRC – What the New Ponemon Study and the GAPP is Telling Us Many organizations get their first taste of the promise and power of a GRC program when they begin to implement a Privacy Program. Why? Because privacy is an enterprise issue that spans legal, IT, compliance and business operations. The latest Ponemon Study and Generally Accepted Privacy Principles (GAAP) tell us a great deal about why and how to set up Privacy as part of a GRC Program.Privacy is a core GRC use case that is broad in its application, constantly evolving, delivered through many channels, and as a result needs to be managed as a program
PREVIOUS POST
Why do we need GRC? Five Forcing Functions - Video! Why do we have governance, risk, and compliance? here is an interactive video on why GRC is so important supported by an overview of the 5 forcing functions of governance, risk, and compliance.

Yo Delmar

A MetricStream exec with a passion for Governance, Risk and Compliance

The Typepad Team

Search

My Other Accounts

Recent Comments