BYOD: the Impact on Information Governance

BYOD: the Impact on Information Governance

In a recent article in BetaNews, Ian Barker wrote that the “shift to mobile computing has led to some major changes for enterprises, not least in how the security and confidentiality of data is governed.” He referenced a new report from Forrester Consulting that surveyed 205 IT and legal professionals in enterprises in the US and UK, which suggests that 20 percent of CIOs could lose their jobs in 2016 for failing to implement information governance.

Forrester’s analysis reveals a rise in the understanding that mobile computing is highlighting weaknesses in existing governance infrastructures. Forty-four percent of survey participants believe that endpoint data remains at risk despite security and governance controls already in place. The top three challenges are:

  • Proliferation of file shares (45 %)
  • Lack of coordinated governance (42 %)
  • Mobile devices (41 %)

The results show that 89 percent of respondents plan to invest more in information governance programs, with 44 percent expecting increases of between 10 and 20 percent.

The impact mobile computing/BYOD is placing on IT relative to data/information governance is not unexpected. Adding new distribution endpoints for data (mobile devices) on top of legacy data sources that IT is still trying to get its arms around adds significant complexity. It’s important to note that this is as much an issue for the CEO as it is for the CIO. The CIO and IT are typically not in the position to define and establish the regulatory, privacy and security policies determining what data can be distributed. It requires collaboration between all the data governance stakeholders including legal, records, privacy, security, business leaders and IT.

Only the CEO has the authority across all these groups to get them to the table and ensure they work together to put a robust governance infrastructure in place. Given recent, high profile data breaches the importance of information governance has risen sharply and the urgency becomes more acute. Implementing BYOD means more corporate data is going to be distributed and stored in many more locations, which only increases the risk of a breach. Ensuring a robust information governance program is a challenge that necessitates commitment and support from the top of an organization. The cost and risk to the reputation and goodwill of an organization due to information not being managed and protected sufficiently is too great.