Five Initial Steps to Meet the Governance, Risk and Compliance Obligations Brought on by Today’s Big Data File Stores

The accelerating increase in the amount of unstructured Electronically Stored Information (ESI) is leaving IT organizations struggling with how to store and manage all of this new information. Aside from just providing the underlying storage infrastructure to host this amount of data, companies are also faced with the task of properly managing their Big Data file stores to meet existing governance, risk and compliance obligations. To do so, there are five steps they can take now to position their organization to meet them.


According to a 2010
report by IDC, the amount of information created, captured or replicated has exceeded available storage for the first time since 2007. The size of the digital universe this year will be tenfold what it was just five years earlier. According to this same IDC report, the volume of unstructured ESI is expected to grow at over 60% CAGR (Compounded Annual Growth Rate).

According to Forrester Research and as reported in an article that appeared on Forbes website last week:

  • The average organization will grow their data by 50 percent in the coming year
  • Overall corporate data will grow by a staggering 94 percent
  • Database systems will grow by 97 percent
  • Server backups for disaster recovery and continuity will expand by 89 percent
Overseeing the expansion of storage space and ensuring that the data is protected has become a minor part of the overall task of Big Data file storage and management. Business stakeholders and the Information Technology (IT) organizations from enterprises of all sizes and across all industries must now face a list of Governance, Risk and Compliance (GRC) regulations to which they have to legally comply or face potentially fatal financial penalties to the enterprise. 

The most obvious laws to which they are subject include:

  • Sarbanes-Oxley (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley (GLBA)
  • Federal Information Security Management Act (FISMA)
  • Consumer Information Protection Laws
  • Federal Rules of Civil Procedure (FRCP)

Further, the list of new regulations is growing. The passage of The Patient Protection and Affordable Care Act (PPACA) will result in the US Government adding 159 new agencies, programs, and bureaucracies to assist with the compliance of over 12,000 pages of new regulations. Over the past ten years, in response to the threat of international terrorism, the US Department of Homeland Security (DHS) has added hundreds of new regulations. Finally, cyber terrorism, including acts of deliberate, large-scale disruption of enterprise computer networks, is now a reality that all businesses must face.

In the face of this, Big Data file storage and management vendors, along with the associated industry consultants, have developed a list of hardware and software requirements and associated value propositions to help enterprise buyers decide which Big Data file storage and management platforms to purchase.

But before they buy, there are five steps that buyers should take first to ensure they are prepared to meet the governance, risk and compliance obligations brought on by today’s Big Data file stores:

  • Internal Collaboration: File management and Governance, Risk and Compliance (GRC) requirements affect business stakeholders from the boardroom to IT to the manufacturing floor and loading dock to the accounting office. The development of cross functional workgroups and the promotion of internal collaboration between functional experts is the key to successfully identifying, understanding and addressing all of the requirements and issues involved in Big Data file management across the entire enterprise.
  • Network Architecture Planning:  Over the past 25 years, enterprise architectures grew with little or no planning resulting in wasteful redundancy and little or no access to all the enterprise data as may be required to comply with today’s GRC requirements. The advent of the Internet and now cloud computing has brought this decades of poorly planned networks to light resulting in them become more of an enterprise liability than an asset. The time is now for IT to hit the restart button and explore new options such as virtualization, hybrid cloud architectures and the use of cloud service providers (CSPs) that enable them to better leverage, manage and optimize their existing infrastructure..
  • Security:  The introduction and proliferation of portable storage devices, Wireless Internet, mobile computing devices, enterprise Software-as-as-Service (SaaS) applications, cloud storage, blogs and social media such as Facebook, LinkedIn and Twitter, data theft and cyber attacks are a real issue for which many (and arguably most) companies do not have a good answer. Now is the time for IT to take a serious look at their internal file access policies and move as quickly as possible to address any existing shortcomings.
  • Data Retention Policy Development and Implementation: Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Rules of Civil Procedure (FRCP) all have very specific data retention guidelines for what types of ESI data an enterprise has to keep and how long to keep it.  Enterprises must investigate and document these requirements, development data retention policies and acquire the appropriate software to ensure compliance.
  • Technology Vendors and Consulting Partners: Business stakeholders and IT management may be overwhelmed with the task of addressing the issues of successfully meeting the GRC obligations of big file storage and management. If this is the case, reach out to the hardware and software vendor community and askhow their solutions support these issues. If required, engage the services of vendor independent consulting partners to act as trusted advisors to assist in the successful navigation of the required cultural transitions and the acquisition of the best technology platforms.

The accelerating increase in the amount of unstructured Electronically Stored Information (ESI) is putting IT organizations on the defensive as they struggle to figure out how to store and manage all of this new information. However, overseeing the expansion of storage space and ensuring that appropriate backups are completed has become a minor part of the overall task of big file storage and management.

Rather business stakeholders and IT staff need to act now to first bring their infrastructure under control so they can get in front of the growing list of GRC regulations to which they are subject. By following the five steps outlined above, enterprises will be in a position so that when they purchase a product, they will have a good grasp of what their true enterprise challenges are and have a high probability of bringing in a product that addresses them.

About Charles Skamser
Charles Skamser is an internationally recognized technology sales, marketing and product management leader with over 25 years of experience in Information Governance, eDiscovery, Machine Learning, Computer Assisted Analytics, Cloud Computing, Big Data Analytics, IT Automation and ITOA. Charles is the founder and Senior Analyst for eDiscovery Solutions Group, a global provider of information management consulting, market intelligence and advisory services specializing in information governance, eDiscovery, Big Data analytics and cloud computing solutions. Previously, Charles served in various executive roles with disruptive technology start ups and well known industry technology providers. Charles is a prolific author and a regular speaker on the technology that the Global 2000 require to manage the accelerating increase in Electronically Stored Information (ESI). Charles holds a BA in Political Science and Economics from Macalester College.