A Short Guide to Content Governance

The COVID-19 pandemic pushed more employees to work from home than ever before. While this shift has many advantages—including reduced office space costs and more geographic flexibility—it also leads workers to access data from a variety of entry points.

Even after the pandemic, this trend looks likely to continue: A report from McKinsey about the future of work after COVID-19 found that “about 20 to 25 percent of the workforces in advanced economies could work from home between three and five days a week.”

Companies now have their data spread across more clouds, platforms, and devices than ever, creating new security risks and posing challenges for IT departments and executive teams concerned about managing the spread of company content. We interviewed over 400 CIOs and IT leaders for our 2020 Data Governance Trends Report and found that 76 percent of them were concerned about this content sprawl.

To mitigate the risk that content sprawl poses, enterprise companies need to put an effective and secure content governance strategy in place.

What is content governance?

To understand the basics of content governance, we first need to define what content is in a business setting.

Data exists in two forms: structured and unstructured. Structured data is in a fixed field within a record (like a spreadsheet or a database) and is easy to organize and search. Unstructured data, also called content, is everything else: emails, PDFs, images, documents, internal messages, videos, or even schematics and 3D renderings. This data is not designed for easy parsing by machine—it’s designed for human beings. And that’s why content is harder to sort and classify than structured data.

Content governance is the architecture, policies, and processes enterprise companies use to store, manage, and secure all of this unstructured data.

Content governance keeps your data secure

With the right infrastructures and processes in place, it’s easier to protect enterprise data from malware, phishing attacks, and data breaches. In the past, content governance strategies looked at preventing data from leaving the secure on-premise environment with firewalls and data loss prevention (DLP).

With the shift to cloud architecture and increased remote collaboration, these tactics are no longer effective ways to ensure data security. The underlying technology is fundamentally different—content governance best practices need to include securing data at the source as well as tracking and flagging unusual user behavior.

Content governance supports employee productivity

When you have a smart content governance process in place, employees can easily and securely access relevant files, share them with their coworkers, and work remotely without hindering collaboration or compromising security. This decreases employee frustration by streamlining the experience of working together via the cloud.

Content governance helps maintain data compliance

An increasing number of local, national, and industry-specific laws govern the protection and disposal of sensitive data, including the GDPR, HIPAA, CCPA, and many more. According to the United Nations Conference on Trade and Development (UNCTAD), 128 out of 194 countries have data protection laws in place as of the time of writing.

Having an easy, automatic process in place to comply with all of these different legal requirements for data management and storage can save your IT and legal departments both time and resources.

Why content is so hard to secure

Companies have an easier time monitoring and securing structured data, such as SQL databases, than unstructured data sources. Knowing how to protect and sort content across emails, collaboration apps, and cloud storage without hindering productivity and collaboration is a different challenge.

Humans produce an astronomical amount of data: According to IBM, 2.5 quintillion bytes of data are generated globally each day. Most of the data is generated by individuals, but global business data still doubles every one to two years. What’s more, content is the largest source of data growth for businesses.

With the growth in the amount of content that enterprise companies manage and produce, the risk of data leaks or breaches increases. In the past, when companies were handling more manageable amounts of content, it was feasible—or at least possible—to manually tag, sort, and categorize content as it was generated so that sensitive information was analyzed and then protected. But this always left the door open for human error, and the sheer amount of unstructured content now created every day makes that impossible without making it a full-time job for all of your employees.

In addition, enterprise content spans an increasing number of storage solutions, platforms, email folders, drives, and cloud apps, often spread across different locations and sometimes even different continents. This makes it both harder and more expensive to track. The end-users for content are humans: We don’t need an algorithm or a program to interpret it for us, which is one of the reasons why content is an especially valuable form of data. But it’s also part of what makes it vulnerable.

It’s also much harder to surface and define what content is sensitive and needs to be secured than it is with structured data. Content can often be moved, misused, copied, read, or shared easily—often, all it takes is hitting “forward” on an email or “share” on a cloud file.

Endpoint protection platforms and firewalls simply aren’t enough to prevent sophisticated attacks. Increasingly, cyberattacks are successful by compromising a single user account: Once they gain access, they can use anything that account has the authorization to see. Content governance allows you to manage and restrict the risks of an incursion.

What does great content governance look like?

Given the amount of content that modern businesses generate, meeting only minimal compliance requirements leads to lost opportunities, security risks, and productivity delays. Add in the potential for legal trouble down the line if regulations change and your company falls out of compliance, and passable content governance policies just won’t cut it.

Most companies already have some basic content governance framework in place, including things like guidelines for their employees on how they access data, permissions, and protections to limit access to sensitive content. But in a digital-first world, forward-thinking enterprise businesses need to move past basic content governance in favor of great content governance. So, what does that look like?

For starters, great content governance finds and secures sensitive data at its source. Rather than relying solely on firewalls and outside protections, it has security built directly into the content environment that accompanies the data both in transit and at rest.

Successful content governance both promotes and depends on good data hygiene practices: Keeping duplicate records, outdated data, and errors out of your business content makes it easier to keep your content secure. At the same time, putting effective content governance frameworks into place also makes it easier to find and eliminate dirty data.

Because of the sheer amount of sprawling content generated by enterprise businesses, modern content governance uses AI and machine automation to find, flag, and classify sensitive content like PII (personal identification information), credit card numbers, and birth dates, rather than relying on manual processes. Similarly, if a user account is possibly compromised and displaying unusual behavior, machine automation will flag it for review.

Great content governance also minimizes data: Regulations like the GDPR and business necessities do require keeping content for a certain amount of time, but keeping vast amounts of unchecked business data can also become a liability, exposing your enterprise company to increased risk. A good content governance policy minimizes the length of time and amount of data that is kept active and has processes in place to dispose of or archive the content after a determined retention period.

Finally, for enterprise content governance to be successful, it also needs to be ongoing—regulations change, business priorities shift, and technology evolves at a rapid clip. Great content governance will include regularly reviewing and updating strategies in place.

How to get started with content governance

Now that you have a deeper understanding of what content governance is and what successful content governance looks like, the next step is to assess your company’s current practices for managing content and the technologies you use to achieve it. Our smart content guide can help you evaluate your current policies and begin to put comprehensive, practical content governance in place.

‍