In today's information-driven society, organizations are collecting and accumulating more electronic information than ever before. Such information may form the basis for key decisions in business operations and other critical activities. Ensuring that the information is available and readily accessible is therefore vital. Such information may also be confidential and sensitive, and therefore should be carefully protected from improper disclosure. Moreover, a growing portion of the information is often subject to regulations that specify how it should be managed. An organization often needs to properly dispose of information that is no longer useful to the organization and have passed any mandated retention period.
The rapidly growing volume of accumulated information is increasingly distributed among and replicated on many computing devices including servers, workstations, personal computers (PCs), and mobile devices such as tablet PCs, laptops, personal digital assistants (PDAs), cellular telephones, etc.
FIG. 1 shows a typical data management system in an organization. Access to a data center 116 is accomplished over networks 110b and/or 110a and a firewall 118. The information that resides in the data center 116 tends to be managed by information technology (IT) personnel 112 and 114, but a lot of the information in an organization increasingly resides on devices such as PCs, laptops, etc. which are under the control of the end-users 102, 104, 106, and 108. In many cases, the data center comprises servers, some of which are physically distributed, often across geographic distances.
It is thus very difficult to manage all the information in an organization. In fact, simply determining what information exists in an organization, where it is maintained, and how it is being maintained is a major challenge. This means, for example, that an object (e.g., file, document, record, table, database) that should have been disposed of could continue to exist somewhere in the organization (e.g., on somebody's laptop). The organization may have guidelines and policies on how the information should be managed but there is generally no capability to audit or enforce the guidelines and policies. For example, the organization may have a policy that confidential information should only be placed on laptop computers on an as-needed basis, but it would not be able to easily check for compliance with the policy. The result is that if a laptop computer is lost or stolen, confidential information could be unnecessarily exposed. As more information is stored and moved on portable devices, this is a huge and growing problem.
In view of the foregoing, there is a need for a more efficient and intelligent method of managing information governance, which includes ensuring the quality, consistency, usability, security, privacy, availability, etc. of an organization's information.