The perceived low-cost and practical nature of File Shares has led to an uncontrolled growth of File Shares usage. The result is a mess. Most organizations lack knowledge, insight, and governance of the information in their File Shares. Compounding this challenge is that File Shares tend to include a lot of duplicates, and orphaned or abandoned file spaces (old projects, departed employees, etc.).
The messy nature of File Shares is leading to high IT costs, increased legal and non-compliance risks, and a loss of value and insight about information, hence the need to remediate the contents of File Shares.
How Organizations Manage Digital Content
It is true that organizations have taken a pragmatic view when it comes to the management of their digital business content.
Consider the following:
- Enterprise content management (ECM) solutions manage high-value and process-centric content.
- The majority of content is scattered in “low-cost” File Shares (Shared Drives), under the control of end-users.
- And more recently, many organizations have started using cloud-based Enterprise File Syncing and Sharing systems or EFSS (e.g. Dropbox, OneDrive, Google Drive, etc.).
With the emergence of EFSS systems, the business case for doing the remediation work BEFORE migrating content to the EFSS systems has become very compelling.
Most organizations believe the work involved in remediating File Shares is unique to them. It is true that every organization is different. However, the framework, methodologies, and tools required are fairly consistent across the board.
Identifying Information Categories
Before defining this framework, it is important to note that information tends to fall into four (or more) broad classes. Your organizations must define the characteristics of each class and the actions you need to take on the information belonging to them.
- Business Records: Must be brought under formal Records Management process controls
- Business Content: This content has business value but does not fit (yet) the definition of Business Records (there may be several subclasses depending on the varying degrees of business relevance)
- ROT (Redundant, Obsolete and Trivial): Content with no legal or business value to the organization and thus can be deleted
- ESI (Electronically Stored Information per FRCP (Federal Rules of Civil Procedure) definition): Content that is responsive to active litigation and must be placed on hold. Ultimately you need to produce it.
The File Shares Remediation Process
The purpose of utilizing technology tools (File Analytics, eDiscovery, etc.) to “power” the remediation process is to assist in automating the discovery, inventorying, identification of the Information Asset class and the actual processing of the actions defined for that class.
Step 1: Define Remediation Policies and Rules
- Define the Information Asset classes and the characteristics of each class
- Define the remediation policies and rules for content belonging to each class (the actions)
- Define what constitutes a golden copy versus mere duplicate copy
- Define the audit trail requirements to establish a legally defensible process
Step 2: Define Remediation Execution Process
- Identify and inventory the File Shares within the organization
- Assess the volume of content within each File Share
- Identify the business nature of the content within each File Share
- Determine the final state of each File Share (decommission or continue to use)
- Define a batch-based process (define batches and batch groups)
- Prioritize the processing of batch groups based on budget, risk, and value
Step 3: Execute Remediation Process
- Process the File Shares batches based on the priorities established in Step 2
- Identify Business Records according to defined policies, classified and submitted to RM systems
- Delete or quarantine ROT (minus golden copies) content, depending on the policies
- Leave other Business Content in place or migrate it to cloud-based EFSS systems or SharePoint
- Once processed, a File Share either remains in use or is decommissioned (based on rule)
- Manage, monitor and report about the batch processing
Step 4: Maintain
- You will need to reprocess File Shares that remain in use on a regular basis
- Your organization will determine the frequency of reprocessing (e.g. weekly, monthly, quarterly)
In my next column, I will talk about how File Share remediation is an integral part of the organization’s efforts to achieve GDPR Compliance (due by May 2018). You can configure the same File Analytics tool you use to identify classes of Information Assets to support GDPR compliance. Your File Analytics tool can configure pattern recognition definitions to (i) identify personal data located within the content, (ii) trigger consent requests, (iii) generate notifications and (iv) perform other types of actions as mandated by this EU Regulation.