© Copyright 2011 EMC Corporation. All rights reserved.
1
Practical eGRC: The First Step in Bringing eDiscovery, Investigations, and Governance Together with Archer and EMC SourceOne – Kazeon Prashanth Shetty General Manager, EMC SourceOne Kazeon Chris Dale eDisclosure Information Project Michael Teschner Business Development, RSA
© Copyright 2011 EMC Corporation. All rights reserved.
2
Agenda The Legal GRC Imperative What is Kazeon? New Solutions Discussion
© Copyright 2011 EMC Corporation. All rights reserved.
3
The Business Problem • Challenge: Just spoke with IT and there’s data scattered in network that I need to manage • The content is scattered across:
• • • • •
SharePoint (loosely managed at best) Email (PSTs/attachments) Lotus Notes (unique environment) File Shares (unmanaged, wild mess) Laptops (risk laden)
THE DATA POSES AN UNKNOWN RISK AND COMPLIANCE PROBLEM THAT NEEDS A MITIGATION PLAN
© Copyright 2011 EMC Corporation. All rights reserved.
4
Defining eGRC What is it? Enterprise Governance, Risk and Compliance (eGRC) is focused how an organization: • Defines the objectives, policies, procedures and standards • Manages risk within appetites set by the business • Demonstrates adherence to laws, regulations, policies, contractual obligations and industry standards • Protects the confidentiality, integrity and availability of information assets
Why it gaining momentum? • • • •
Information explosion in the enterprise Avalanche of regulations, globally and locally Hyper extended, virtual enterprise Heightened need for real-time visibility into exposures from stakeholders
© Copyright 2011 EMC Corporation. All rights reserved.
5
Governance Categories • Financial GRC – Chief Financial Officer •Operational GRC – Chief Operating Officer •Legal /reputation GRC – General Counsel, Chief Compliance Officer •IT GRC – Chief Information Officer/ Information Security Officer
EMC Information Governance solutions directly address legal and IT GRC
© Copyright 2011 EMC Corporation. All rights reserved.
6
Governance, Risk, and Compliance is complex! Law, Regulation, and Privacy Competition •1995 Data Protective Directive 95/43 EU •UK Civil Procedure Rules of England and Wales Part 31 & Data Protection Act 1998 •USA Federal Rules of Civil Procedure amendments - Dec 2006 •Canada - Personal Information Protection and Electronic Documents Act •UK Bribery Act
United States
Common Law Broad, expansive discovery (eDiscovery) Generally each party bears fees and costs No Employee Privacy Data Ownership ‐ Employer
Canada
Common Law Broad, includes e‐data Strong Employee Privacy Protection Data Ownership – Employee
© Copyright 2011 EMC Corporation. All rights reserved.
United Kingdom
Common Law Reasonable discovery (eDisclosure) Loser pays discovery costs Strong Employee Privacy Protection Data Ownership ‐ Employee
France and Germany
Civil Code Limited disclosure Strict Individual Privacy Rights Data Ownership ‐ Employee
7
What's the worst that can happen? • Fines accorded to non-compliance • Costs of inefficient & ineffective eDiscovery/eDisclosure • Risk of sensitive information getting in the wrong hands • Risk of official records going unmanaged, getting lost or altered without notice
© Copyright 2011 EMC Corporation. All rights reserved.
8
EMC SourceOne Kazeon eDiscovery and File Intelligence An information management platform to identify, collect, search and discover information from unstructured data sources
© Copyright 2011 EMC Corporation. All rights reserved.
What does Kazeon do? • Identify and gain knowledge of electronic assets for file visibility and remediation • Define policies and processes to manage electronic information • Respond cost-effectively to eDiscovery, eDisclosure, and Regulatory requests and investigations with defensible process and chain of custody
9
Intelligent Information Governance with EMC EMC SourceOne Kazeon Enables educated decision-making and policy creation Laptops and desktops
Identify, Collect, Deduplicate Legal Review
File systems
Analyze, Review, Build Policies E-mail servers Documentum
Documentum Microsoft SharePoint Third-party archives
© Copyright 2011 EMC Corporation. All rights reserved.
Copy/move to enable records retention Copy/move to archive storage
EMC VNX, Data Domain, Centera
10
Records Remediation USE CASE
Business challenge • The process of manually searching through vast sums of content, identifying them as records, and processing them does not scale • Organizations do not have the resources to keep up with the huge volumes of content Solution EMC Kazeon’s full-text indexing and classification identifies content that needs to be managed as formal records and migrates it to EMC Documentum Records Manager
© Copyright 2011 EMC Corporation. All rights reserved.
11
Storage Utilization USE CASE
Business challenge Unmanaged file content uses valuable storage resources • How much is out there? • What is it costing the organization? • How do we know what to charge back? Solution IT can quickly understand how storage is being utilized with meta data indexing, and reporting capabilities of EMC SourceOne File Intelligence EMC SourceOne File Intelligence can then systematically migrate content to EMC VNX Centera or Data Domain storage
© Copyright 2011 EMC Corporation. All rights reserved.
12
New Solution: Advanced eDiscovery (EMC Legal Hold Management)
Archer For better collaboration and visibility across legal, risk and finance executives
SourceOne Kazeon eDiscovery Early case assessment, bridges legal and IT
• Combining best of breed capabilities of EMC Kazeon and RSA Archer • Kazeon collection and custodian management with Archer survey/workflow functionality with analytics • Addresses legal risk and rules of civil procedure by enabling best process preservation, legal notifications, survey management and tracking
© Copyright 2011 EMC Corporation. All rights reserved.
13
Case Study – Large Financial Services Firm EMC SourceOne Kazeon- File Intelligence automates information risk management using content indexing and policy-based remediation Third largest home mortgage provider in U.S Before Before
After After
Unlimited Unlimitedaccess accesstotodata data
Reduction Reductionininpotential potentialfor forlost/stolen lost/stolendata data
100 100TB TBofofunclassified unclassifieddata datainin99locations locations
PII* PII*located locatedand andrisk riskmitigated mitigated
Risk Riskofoflost lostdata, data,lost lostcustomers customers
Data Dataisissecured, secured,customer customerpiece pieceofofmind mind
*Personally Identifiable Information
© Copyright 2011 EMC Corporation. All rights reserved.
14
Practical Approach to eGRC Where is your business on the Info.Gov maturity curve?
Past • Adhoc • Home Grown • Manual • Outsourced • Reactive
Next Gen eGRC • Process & Metrics Driven Today • Platform based • Advanced Automation • Adhoc • Packaged Software • In-house • Limited Automation • Proactive • Context driven decision support • Reactive
Time © Copyright 2011 EMC Corporation. All rights reserved.
15
An Actionable 5-Step eGRC Plan • Identify your top risks - what prevents the achievement of corporate objectives? • Design policies and controls - what checks and balances should be put in place to mitigate risk?
• Re-engineer business processes - optimize for scale and competing interests
• Identify owners and accountability - Which stakeholders shall own the risk?
• Automate the execution, management and measurement - deploy EMC Kazeon for best-in-class information management © Copyright 2011 EMC Corporation. All rights reserved.
16
SourceOne Kazeon/File Intelligence Benefits • “Drop-in” appliance • Minimize legal and information risk • Reduces the cost of risk management and compliance • Flexibility of deployment
© Copyright 2011 EMC Corporation. All rights reserved.
17
THANK YOU
© Copyright 2011 EMC Corporation. All rights reserved.
18
