Countering The Cost Of Compliance

Compliance

Controlling compliance costs continues to be one of the top priorities for businesses today. The ultimate challenge is how to keep the right data in the right place at the right time. Unfortunately, legacy solutions often only serve to turn archives into permanent storage pools and certainly don’t address long-term retention cost-effectively. It’s no surprise then that discussions in the boardroom are focused on how to balance long-term retention with bottom line economics.

How much of what the business is paying to store has real business value? Could the information that is being kept pose a potential risk? What do you know about your data and, more importantly, what don’t you know? Can you be confident that the right content can be found on demand? How much budget is being set aside annually in long-term vaulting costs and how is this managed?

The added complication in the era of Big Data is that many companies are erring too heavily on the side of caution. With regulations and requirements changing year on year, they are now at risk of saving too much information and in effect becoming data hoarders. The bigger issue here is that costs and risks escalate when businesses blindly save everything.

Growing file shares, emails, desktops and laptops mean that there is a never ending source of new data to manage, but does the old data rapidly become redundant, outdated and stale or does it remain just as business critical as the day it was generated? It comes down to the level of understanding, intelligence and knowledge about which data is being stored, where and why.

This need for information is leading many companies to adopt a “keep everything” strategy in order to play it safe but, according to a survey at the Compliance, Governance and Oversight Counsel, up to 69 percent of retained data has no value to the enterprise. Not only is this content taking up valuable and expensive storage space, but it can also become a liability if not properly managed.

The demand for heightened compliance – whether for regulatory, corporate, legal or even security reasons – clearly means that organisations need to think far more strategically about what they pay to keep, as well as where and how they keep it. Using legacy methods to keep everything is no longer acceptable or practical.

There is, however, a realisation that the solution is content-based retention because it helps control the cost, risk and complexity of managing and retaining compliant data. In other words, it enables companies to gain a much clearer understanding about what data has governance, evidentiary or other business value and therefore makes retention policies about what data to keep, why and for how long far easier to define and enforce.

It also means that once retention policies are agreed, data can be automatically classified and organised according to business value. This eliminates time consuming and error-prone manual processes and by putting data collection and long-term retention on automatic pilot, it also means that data is more effectively managed throughout its lifecycle.

There are content-based retention solutions out there that can index and systematically move only relevant data to the most cost-effective storage and defensibly delete everything that is irrelevant to the business. This ultimately increases the likelihood that significant reductions in long-term storage costs can be achieved overall which obviously reduces the cost of compliance.

However perhaps the most important point to note is that combining content-based retention with a storage-agnostic, centralised virtual repository as well as enterprise wide search and self-service access also reduces risk to the business because everyone, including legal and compliance teams, can quickly find the right information when the clock is ticking. Intelligent indexing of both backup and archive data simplifies information retrieval, even if it is stored in the cloud.

Companies are beginning to understand that any mistakes in handing over emails and documents during court proceedings and inadequate implementation of legal/hold preservation can lead to hefty fines, sanctions and brand degradation but yet, according to Gartner, 62 percent of companies are still not using tools to retain and understand data. It understandably says that “Challenges exist and may seem insurmountable at times. However, the results of good data management will support an agile business that understands its data and empowers its businesses to use it.”

Proponents of content-based retention naturally promote its ability to:

  • Reduce long-term retention storage costs and capacity needs by up to 70 percent by eliminating data that has no value.
  • Streamline information lifecycle management with automated policies to classify, organise, retain and delete information.
  • Enable efficient online archives with seamless cloud storage integration for faster business access & insight.
  • Reduce the burden on end-users for classification.
  • Simplify discovery, legal holds and review for file and email data to reduce risk.

However, organisations that would like to counter the cost of compliance would be wise to consider the following three points if they want to deliver greater insight and increased value to the business.

1. Compliance changes and there is no crystal ball. It’s safe to say that new regulations will appear, existing ones will change and a few will go away so if you want to build an agile and responsive business, consider leveraging a scalable and adaptable technology to keep pace with the business as it evolves.

2. Don’t blindly “save everything” without considering what value lies within the data. It can be a problem from both a cost and risk perspective. A content based approach to information management will allow you to manage data intelligently, automatically and cost-effectively throughout its lifecycle.

3. Listen to the advice of experts. Gartner suggests that “When possible, seek solutions that leverage a common infrastructure.” A single data repository and a central deletion point will provide a more cost-effective, risk adverse, defensible compliance solution.

Emily Wojcik

Emily Wojcik is Senior Product Marketing Manager for the Information Management business at CommVault. Emily has specialised in Information Management technologies for more than 13 years and has developed significant experience in the areas of archiving, compliance, eDiscovery, enterprise search and retention lifecycle management. Emily graduated with honours from Michigan State University with a bachelor’s degree in Communications. Emily is a member of ARMA, EDRM and ACEDS.