Click to learn more about author Russ Ernst.
The word “agile” is defined in one dictionary as “quick and well-coordinated in movement; lithe.” During the last two years, however, the word has taken on an entirely different meaning for companies navigating the complexities of a pandemic. As the realities of a highly contagious virus set in and hundreds of thousands of employees began to work from home, IT departments found themselves rushing to equip newly remote workforces with computers, laptops, and smartphones.
Of course, much more needed to be done than simply handing out equipment. Forward-thinking enterprises also quickly embraced and put in place new operational, IT, and employee policies. Their agility has allowed them to maintain a high-efficiency, high-output workforce that runs leaner and meaner.
As company executives now chart the course for post-pandemic recovery, many are considering whether to continue operating with a remote workforce or bring employees back to their corporate desks. Some organizations are embracing a hybrid option that allows for a split between remote and in-office work. Whatever they decide, businesses will still need to keep that agile mindset – especially when it comes to determining how to manage critical data assets.
Corralling Enterprise Data
One consequence of pandemic-driven work-from-home scenarios is that critical enterprise data is more likely to be spread across and stored in many more places – home and office computers, an employee’s personal devices, in the cloud – than pre-COVID-19. And although Data Management and data retention policies may not be top of mind for organizations right now, they should be. The lack of attention to these policies is short-sighted and could come back to haunt companies, especially if a data breach exposes personal customer data that could result in costly fines or even lawsuits.
In other words, a big challenge that companies must grapple with now as they realize that there is no “new normal” but just a continuation of a very fluid and uncertain situation is how to balance a more flexible, agile workplace with stringent Data Management policies and a secure-data culture. The desire to be agile must never supersede data security.
Updating Data Policies
Accommodating this balance begins with IT managers, who should ensure they employ the following four strategies to make sure their Data Management and retention policies are up to date and meet the moment:
1. Do not put data retention policies on the back burner. While the data being generated now isn’t drastically different than prior to 2020, the way it is created and stored is likely much different. With employees working from home, or outside of the office and off the company domain, more files are being stored locally or saved to a local disk versus on the corporate network or via file share. This hodgepodge approach to document management is why IT managers should not procrastinate on addressing the volumes of data that have been created both in and out of the office. If data retention policies are not modernized to address the hybrid nature of work, organizations will find themselves facing a high level of data chaos when corporate data is stored locally on home computers, in file sharing apps, on office servers, and in a myriad of public and private clouds. IT managers must assess the location and type of data that’s been piling up and make sure the data is secured through stringent endpoint security and regular back-ups.
2. Do not let a data lake turn into a data swamp. Companies are sitting on an enormous amount of data – much of which they don’t need – in part because their attention has been on dealing with the pandemic crisis. Again, don’t procrastinate. Determine the data that must be kept for legal, financial, and tax reasons, and then regularly weed out the Redundant, Obsolete, and Trivial (ROT) data to stop the data lake from turning into a data swamp. Why? Once the lake transforms into a swamp, the determination as to whether the data is necessary, is unstructured or structured, and so on, becomes a labor-intensive and time-consuming task, which takes IT staff away from higher priority responsibilities in order to review and classify every document and file. Keeping up with the process and ensuring unneeded ROT data is securely erased immediately significantly decreases the threat footprint and mitigates the potential for data breaches.
3. Consider the IT asset chain of custody. PC shipments soared at the end of 2020, driven in large part by the need to equip remote workers. Worldwide shipments totalled 79.4 million units, a 10.7% increase from the last quarter of 2019. Now that many employees are heading back to the office, some hardware purchased in early 2020 may no longer be needed. This is when organizations must take the chain of custody of used and end-of-life IT assets seriously. Dropping a laptop in the mail with a tracking number isn’t sufficient anymore. A missing or stolen laptop could threaten an entire organization as well as compromise compliance with data privacy rules and regulations. Therefore, every single IT asset must be remotely erased and sanitized of all corporate data before it leaves the employee’s home office – whether it is being returned for reuse or targeted for end-of-life disposal. Once an asset is sanitized, a certificate of erasure ensures the data chain of custody is intact, even if gets lost in transit.
4. Enforce Data Management policies. Policies will always fail without enforcement and, yes, enforcement has grown more complicated given the dispersed workforce. When updating data retention and Data Management policies, be sure to include strict enforcement criteria. This includes assigning specific IT personnel to enforce the policies and require quarterly “report cards.” Do designate the classification of data to determine how long it will be stored. For example, email may not warrant lengthy retention; however, documents related to legal actions, contracts, or financial information may need to be archived for years. For companies in financial services and health care, compliance with a variety of regulations is critical to a company’s viability. While the work landscape has changed, the need to comply with industry-specific regulations has not.
As we move into a new phase of the global pandemic, and companies must consider a variety of issues from whether to mandate vaccines to the lack of skilled labor and filling open positions, organizations must still prioritize the security and management of corporate and customer data. Therefore, to make enterprise agility a reality, it’s critical that IT organizations establish, implement, and enforce data policies that protect sensitive information and make cybersecurity investments that reduce the attack surface and decrease the potential for data breaches and ransomware attacks.