What to do about ROT

What the heck is ROT and what do you do about it?

We’ve all heard about ROT… Redundant, Obsolete and Trivial Content. We’ve also heard that ROT should be “remedied”. What is exactly is it? Why should we be concerned about it? How do we find it? And finally, what should we do about it once we do find it?

Quick Note: This blog is part of Bassam’s series on File Analytics and File Share Remediation.

What ROT is and is not

ROT is superfluous content that is laying around in the infrastructure (file shares, SharePoint, etc.). It is content that you don’t need and can delete – in a legally defensible manner. (See also Kevin Parker’s definition on the AIIM Community Blog).

Organizations may have different definitions what is and what is not ROT, but in a nutshell, it is as follows:

  • Any content found to be responsive to litigation and ediscovery situations (ESI) is not ROT (by definition).
  • Of what is left, ROT is content that is not needed for business, not needed for compliance reasons, not accessed for a long time, is an exact or a near duplicate, etc.

People often underestimate the amount of ROT they have. Some Global Fortune 500 corporations have reported that more than 30% of their content (in volume) as redundant, obsolete or trivial.

Who really cares about ROT?

One might say… Why should we worry about ROT? Haven’t we been told that storage is cheap?

Having too much ROT is like having high BMI (Body Mass Index), it leads to health risks and health problems (just for a business). It:

  • Increases storage costs… the loaded cost of storage can be several thousand/TB per year (overhead, backups, infrastructure, DR, etc.)
  • May lead to lead to high operating and maintenance expenses (resources, license renewals, maintenance, etc.) when stored in obsolete systems, and it may interfere with IT’s application decommissioning strategies.
  • Could represent legal risks and can lead to unwanted legal eDiscovery costs, which can be significant.
  • Has the potential to represent regulatory compliance risks. For example, information protected by the EU GDPR Privacy Regulation (a topic I’ll cover in a future Blog).

The ROT equivalent of dieting and going to the gym is to establish a ROT clean up strategy and function:

  • Define a ROT remediation strategy
  • Specify policies that define the characteristics of ROT and the actions to take on it once it is found.
  • Deploy File Analysis tools to find ROT and apply or assist in applying the actions prescribed in the policies.
    • Move ROT off-line
    • Quarantine it for a duration of time
    • Delete it outright
    • Etc.

The right file analytics is required

The File Analysis technology component must be able to provide the following capabilities:

  • Connect to various content sources within the infrastructure (File Shares, SharePoint, ECM systems, etc.).
  • Index the metadata and the content.
  • Apply analytics on that index: metadata patterns, named entities, classifications, semantic fields, etc.
  • Identify ROT candidates within that content, using policy configuration settings.
  • Enable authorized users to perform on that content the actions prescribed in the policies.
  • Generate a legally defensible audit trail about these activities.

ROT clean up is not a one time event. The File Analysis must be configured to sweep the infrastructure on regular basis and deal with the recurring ROT delta.

Sorry to brag, but Everteam has a File Analytics tool you should check out.

Don’t forget…

In closing, I would like to highlight two important points:

  1. When multiple duplicates of a document are found, one of these duplicates may have specific business significance and deemed “Golden” due to its location, the nature of its custodian party, its legal hold status, etc. The Golden Copy is not ROT of course, although it is a duplicate. The File Analysis tool should assist with the identification and handling of Golden Copies.
  2. The File Analysis tool may also assist in identifying PII, PCI, and PHI content within the documents… something that is needed for compliance with privacy laws like GDPR.

Fun Game: We counted the number of times the word ROT was used in this article. We want you to do the same and tell us on Twitter. Make sure to mention Bassam’s article. If you get the number right, we’ll put you in a draw for a cool gift (and no it’s not an Amazon gift card – we’re more cool than that!). And no – Everteam employees can’t play… Look forward to seeing your response!