Making decisions on ROT content

Now that you found ROT, do you delete it or quarantine it?

In one of my last blogs, I covered the subject of Redundant, Obsolete and Trivial Content (ROT), and the need to perform remediation actions on it. As a reminder, ROT is superfluous content that is laying around in the infrastructure (file shares, SharePoint, etc.). It is content that is not needed and can be deleted.

The question is “is all ROT the same,” and if not, should the remediation action be tailored for each type?

Different types of ROT

There are indeed different types of ROT, for example:

  • Information Assets that are no longer needed
  • Duplicates in both Golden and non-Golden varieties
  • Files based on specific extensions known to contain non-content based information
  • Other – TBD

There are also different kinds of remediation actions you can apply (from most drastic to least drastic):

  • Delete there and then.
  • Move to a quarantine area and delete later (after a predefined period).
  • Quarantine in-place and delete later.
  • Do nothing. Just index it in a knowledge base and maintain awareness of its presence.

The question is how do you decide which remediation actions to apply to which type of ROT, and on what basis?

Defining remediation actions for ROT

The answer is “it depends” on your organization and its business drivers and priorities:

  • IT cost pressures
  • Cloud adoption strategy
  • Appetite for legal risk
  • Legal and compliance obligations, example GDPR
  • Willingness to part with content which one day may have future value
  • Other -TBD

The table below provides an example of such a mapping:

Types of ROT  Remediation Actions Delete There and Then (1)Move to Quarantine then delete Quarantine In-place then deleteDo Nothing (2)
[Information Assets not needed for business or any other purpose] AND [their lifecycle does not de-pend on an event] AND [are not responsive to any litigation] AND [any mix of the following…] • Not accessed for a specific period • Older than a certain age • Older than the farthest-reaching litigation XX (3)X
Golden duplicate copy (4)Submit to RM
Non-golden duplicate copyXX
Files with specific extensions (de-NIST)XX
Other (TBD)TBDTBDTBDTBD

Notes:

  1. This action may be appropriate if there is no reason to keep the ROT or if deleting it (in a legally defensible manner) reduces legal and regulatory exposure.
  2. Doing nothing may be appropriate in certain situations, for example when the source repository is about to be decommissioned.
  3. This action refers to moving the ROT to another storage location (on-premises or cloud) that is less-easily accessible by end-users (or perhaps not at all) and less expensive to maintain.
  4. In reality, this is not ROT.

The key technology to identify the ROT and perform the remediation actions is File Analysis. It is also a tool that is key to establishing visibility through Dark Content laying around in the infrastructure – something you need for compliance with privacy laws such as GDPR.

Note: Follow Bassam’s full series here.