Informational lifecycle: How long we retain information should be less and less of an issue as disk storage has become cheaper and cheaper, with cloud storage further lessening the need to expand burgeoning corporate server rooms.
But I haven't come across many organisations in past years that retain corporate records (documents, emails, online conversations) for the statutory seven years. (I'm sure they're out there -- but compliance is not commonplace.)
In fact, I've generally found most co-workers unable to retrieve an email from more than a couple of months ago as they (or the systems and processes) would have deleted these as part of some monthly purge process.
There are a number of excellent solutions available to effectively optimise and archive emails, whilst still have them retrievable for as many years as you wish (think Commvault, KMS, etc.). I remain bemused as to why email retention per se is still not being addressed as a serious corporate issue and why it is not monitored as de rigueur by company boards from a compliance perspective.
Informational protection: With the availability of file synching tools such as Dropbox readily available in the public domain, a number of businesses will see these as threats to corporate information rather than opportunities.
For instance, locking down the corporate desktop may prevent a user from installing Dropbox and therefore prevent the synchronisation of files outside the corporate network.
Yet this can also impede the cost of convenient access by the user to necessary documentation on devices such as iPads during meetings or when working remotely.
These situations could be an enormous hidden productivity burden to the business. Even with a locked down desktop, if an employee was really intent on stealing information they could take screen shots then save these into an MS Word document, encrypt and compress this document, then email the file outside the corporate network.
In other words, security should never be seen as a blunt instrument but as a trade-off -- safekeeping versus convenience, security versus productivity.
But balance is required. You'd never use a $1000 lock to secure a $10 asset.
Informational integrity: Keeping data integrous is probably the most under-recognised and yet most critical area.
Once information has been stored, secured and validated, it can quickly become tainted through inadvertent changes by users who may have no malicious intent but who also have no formal guidance or governance over their actions.
How many CIOs could honestly say every new employee who joins their organisation (whether permanent, part-time or contractor) will be fully trained in core systems usage and information entry before being allowed access to maintain the information contained within the system?
Sign up for CIO Asia eNewsletters.