If there is one word I hate to hear used in this industry it's "compliance." To me it's like fingernails down a blackboard, and frankly if I never hear it used again then I would be a happy man... Let me be among the first to point out that the Compliance Emperor often has no clothes.
If there is one word I hate to hear used in this industry it's "compliance."
To me it's like fingernails down a blackboard, and frankly if I never hear it used again then I would be a happy man. Of course I have to endure the word in virtually every article and vendor press release I read. I don't like the word because it is a blanket term that used without context is totally meaningless, yet it's a word (much like governance) that sounds impressive and few people in the room will admit that they don't really understand it. Well let me be among the first to point out that the Compliance Emperor often has no clothes.The first question we should ask when the C word is used is: with what, exactly, do you expect to comply? It could be one of three things:
Policy Compliance - to meet the needs of internal procedures and policies
Regulatory Compliance - to meet the needs of a specific regulation such as the Federal Rules of Civil Procedure
Legal Compliance - readiness to meet any particular legal challenge that may impact your enterprise.
These are three increasingly stringent compliance types, all quite different and all typically requiring different strategies, technologies, and skill sets to support.
When vendors blithely talk about compliance, it's incumbent on you to ask specifically to what compliance needs they are referencing. And also for you to consider, doyou have the patience and resources to manage such potentially granular compliance needs? It all looks so easy on a PPT presentation, but it can rapidly become near impossible to manage in reality. Many of the people I have been talking to over the past few months are in the most regulated industries out there, and virtually all of them tell me that despite very expensive compliance software investments, they have reverted to the most basic policies possible for retention and disposition. Pretty much what they had and were doing prior to buying yet more fancy technology.
Think about it. If you are trying to justify the purchase of archiving or content management technology using compliance as the driver, you are very likely to fail. Sure, if you are a brokerage on Wall Street then theoretically at least you have to be compliant with certain regulations (such as SEC 17A) or you cannot trade. But outside of such places, most people wing it - be it in Pharmaceuticals, Energy, Aerospace or any other highly regulated sector you can think of. In fact, most enterprises have, at best, a cavalier attitude toward compliance. They know there are very few inspectors around (internally or externally), they know they have to do something spectacularly criminal or stupid to be audited, and they figure that ultimately it's just not that big of an issue. Frightening, and maybe hard to swallow, but true.
My point - if I have one beyond the need to rant - is that simple retention and disposition makes a whole lot of sense. It may only meet the minimal needs of compliance requirements, but in most cases it's enough. Mix this with the added benefits of promptly destroying content that you have no need to keep, and you can gain quick server and storage optimization advantages, over and above the increased ability to actually find stuff. Getting bedazzled by a technology pitch usually leads to a dead-end. You buy the tool, then you see the enormity of the task ahead, then you walk away. While anathema to many, simply doing something is nearly always better than doing nothing, but doing nothing and wasting a lot of money in the process really stinks.If there is one word I hate to hear used in this industry it's "compliance." To me it's like fingernails down a blackboard, and frankly if I never hear it used again then I would be a happy man... Let me be among the first to point out that the Compliance Emperor often has no clothes.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.