Kevin Roden Executive Vice President and CIO Iron Mountain
As compliance regulations grow, issues related to document storage have taken on increasing importance. In particular, digital document storage is becoming the kind of pressing concern that keeps CIOs up at night. Iron Mountain's CIO, Kevin Roden, tackles some of the questions facing today's CIOs.
How can a CIO determine which digital data is most at risk for damage or exposure? It's not about media or modality. It's about the information contained in these records, which require consistent protection (access control and recoverability) and retention (how long to keep) whether they're digital or physical. Triage is a first step - you need to identify your high risk records. Records that contain sensitive information include personal secrets - you are dealing with records that need to be safely managed for compliance, regulatory or risk purposes. Once you've identified these high risk records, you need to understand the risk factors. Start by focusing on these high risk records. Unfortunately, it's not a "one size fits all" strategy. Often times things like backup tape retention and transaction history inside systems are not kept in synch with record retention. This creates an inconsistency in your environment.
Once I've developed a digital data protection policy, how do I ensure all my employees comply with it? To what extent should the policy even rely on employee compliance - what's my alternative?
If there are opportunities to automate a process, it's in your best interest to do so. We all know you're not going to be able to do that for all processes - that's part of the challenge! For processes that are not centrally managed or automated, hold management training sessions so that everyone understands their specific role - and its importance to the company.
Should my document be centralized, distributed or some combination of the two - and then do I store it onsite, offsite, or both? There are tradeoffs for each method, but let's just accept the fact that it's impossible to centralize everything. You have implement standard practices around security, backups, classifications and taxonomy, regardless of where the data lives or what form it's in.
How should my digital documents be stored? How do I choose among the possible media, locations, tracking systems and - most of all - vendors? Take a long-term view. Go with the technologies that simplify your ability to effectively manage the records. Pick a vendor who can store, control and archive large numbers of assets safely. Most importantly, choose someone who's going to be in the marketplace for a long time so your data doesn't simply vanish. Think carefully about "cutting edge" options - you don't want your digital documents to end up as the 2006 version of Betamax.
How can I be sure my stored documents are both secure and easily accessible?
Again, it starts with appropriate classification of the information. All plans should include ways to eliminate opportunity for unauthorized access; for example, you want a clear structure for access rights and privileges for digital data. As for accessibility, you have to know exactly where each piece of data resides based on its classification. For digital data, choose technology that provides automated backups, encrypted transmission to and from the off-site location and rapid recovery for uninterrupted access to the information.
Kevin Roden Executive Vice President and CIO Iron Mountain Kevin B. Roden joined Iron Mountain as executive vice president and chief information officer in 1999. Previously, Roden was CIO with Fleet Boston Financial, for the banking subsidiary. He has held numerous technology and management positions in a 20-year career at BankBoston, including executive director of U.S. technology.