Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

ActiveNav 2023 Predictions: Why 'User-Centric Compliance' Will Falter in 2023

Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.

Why 'User-Centric Compliance' Will Falter in 2023

By Rich Hale, CTO, ActiveNav

We ask a lot of employees these days. Whether it's asking them to meticulously track their time or to define quarterly objectives, most knowledge workers have a never-ending list of tasks to complete every week. On top of all their daily responsibilities, many organizations have placed yet another burden on their rank and file employees - to provide assurance that all of the data they come in contact with is properly classified, tagged, and in compliance with prevailing data governance, privacy and security policies.

Over the past decade, enterprise organizations have found themselves overwhelmed by the massive volume of data that its users generate on a daily basis. The data challenge has been exacerbated by the rapid adoption of the cloud and a broad array of online collaboration tools that took hold in the wake of the global pandemic. Data now moves seamlessly between on-premise and cloud environments and is automatically replicated across geographic regions to ensure resilience in the event of a disruption.

While these innovations have been a boon to productivity and innovation, it comes at a price.

Beyond having to worry about protecting all of this data from threat actors or unintentional spillage, legal and compliance departments also must ensure that all of this data is easily discoverable so that in the event of a potential legal action they can respond to legal hold and preservation requests in a timely manner.

As these demands for data hygiene grew, a solution arrived in the guise of ‘user-centric compliance' - which as the name implies, promotes the idea of giving users the tools to organize and manage data and content on their own.

These days, most if not all of the mainstream online productivity and collaboration suites such as Microsoft365 include user-based tagging capabilities that allow users to organize content by adding their own tags or labels to data. While this can be an effective strategy for organizing content in some cases, many organizations have come to learn the hard way that asking their users to also be content taxonomy experts creates a range of short and long-term operational and legal headaches. Most notably, the vast majority of everyday users simply don't possess the proper training or the requisite time to do the job correctly. Since every user will intrinsically have a different perspective on how to label a piece of content, experience shows that it will be done inconsistently, if not at all.

It begs the question: why is it that, despite the frequent headlines of high-profile data breaches that cost companies millions of dollars in losses and untold reputational damage, user-based tagging continues to serve as one of the core pillars of compliance? I believe it boils down to a combination of the following three factors:

A broad unwillingness to invest in the proper governance roles and enabling technology necessary to oversee and support compliance of user-generated unstructured data;
A mistaken belief that the average user can be adequately equipped to tag and label data with information governance principles in mind
The general de-prioritization of user-generated unstructured data in organizations' compliance efforts and erroneous idea that taking care of unstructured data is a months-long process.

Unstructured data which lacks the formatting and schema found in structured data is far more difficult to search and analyze and typically requires the use of specific tools to capture and transform into actionable intelligence. Given that an estimated 80 to 90% of enterprise data is unstructured data, such as emails, internal messages, social media, and multimedia files that further complicate data discovery efforts, and the fact that data volumes will continue to grow at exponential rates, it's evident that burdening users with compliance demands is neither viable or scalable - especially since the much of the data generated by the enterprise is legacy data or created in bulk. And with the revised California Privacy Right Act (CPRA) now in effect, which for the first time now has funded an enforcement arm - the California Privacy Protection Agency (CPPA) - there's little doubt that we are going to see a significant uptick in data privacy litigation in the year ahead.

For these and many other reasons, we expect to see a significant number of enterprise organizations abandon user-centric compliance tools in 2023 and begin to replace them with dedicated and experienced compliance teams. By arming these expert teams with purpose-built data technologies that are light-weight and easy to deploy, organizations will be able to provide far greater assurance that their sensitive data is both properly safeguarded and remains in compliance with an evolving regulatory framework.

ABOUT THE AUTHOR

Rich Hale is the Chief Technology Officer of ActiveNav where he focuses on developing their market leading File Analysis software. Rich spent 16 years as a Royal Air Force Engineer Officer deployed around the world. His career in the Royal Air Force not only spanned over a decade, but also numerous countries including the US, Saudi Arabia, Kuwait, and Canada. He is a product and information evangelist, with experience hard won through many years' developing information governance programs in enterprise and government agencies. Rich holds a B.Eng. Honors Degree in Aeronautical Engineering from London University, as well as an MBA from the British Open University.