Christopher Surdak is an Engineer, Juris Doctor, Strategist, Tech Evangelist, 2015 Benjamin Franklin Innovator of the Year, and Honored Consultant to the FutureTrek Community, Beijing, China. He is also the author of Data Crush: How the Information Tidal Wave is Driving New Business Opportunities, which is GetAbstract’s International Book of the Year for 2014.
- How do you explain the concept of good information governance and management to business people who are not engaged in the area?
Information is replacing capital as the basis of wealth and power in the world. As such, look around your organization at all of the investments you have made in managing the ebb and flow of capital. It is likely that every process, every system, every report and every metric has been designed to support clear, concise and timely management of capital. Going forward, you’ll need at least that same degree of control over your data; ALL of your data. The only major difference will be that your processes and decision making will have to operate about a million times faster than they did in a capital-centric world.
- What are the three biggest information-related problems facing businesses today?
Gartner began defining “Big Data” by the three “V’s” of velocity, volume and variety. These are primarily technical drivers and hurdles and so we keep improving our technology. These old three “V’s” are still an issue but as we eclipse them we face three new challenges: Veracity, Viability and Value. Veracity is the question of whether our data, our mathematics, our questions and the insights that they create are accurate. Viability is the question of what, if anything, can we do with these insights to generate new outcomes. Finally, Value is the question: Do these new insights lead to new outcomes that customers actually value? These new three V’s focus upon the application of Big Data, which is directly driven and determined by the effectiveness of your Information Governance structures.
- What first steps do you typically recommend for established companies that are trying to get their data house in order?
Focus on supply and demand. Everything in our world today is being driven by the Digital Trinity of Mobility, Social Media and Analytics. So, on the demand side, look to your own use of the apps on your smart phone. Which apps do you use all of the time versus you have never used after you first downloaded them? What characteristics do your favorite apps have that made them so? What grabs and holds your attention throughout your day? Your own behaviors and preferences are a good guide as to what your customers want, and expect.
On the supply side, you need to understand what information you have across your whole value chain, not just within your own organization. Find it; catalog it; understand how it’s presently being used. Compare all of this with what you discovered on the demand side, and then ask yourself what’s the gap between the two. This will tell you what additional information you need to obtain, what new questions you need to ask, and what sorts of disruptive outcomes your organization needs to achieve, before someone else does it to you.
- What first steps do you typically recommend for start-ups or younger companies that want to appropriately govern their information from the outset?
This is generally not a problem as most startups these days are data-centric by their very nature. They understand that data is the basis of whatever value chain they intend to deliver. They don’t have to retrofit analytics, information governance, or things like predictive technologies into their business model because these things ARE their business model. Few startups are doing anything really new. Rather, they’re applying the Digital Trinity of mobility, social media and analytics to existing, legacy businesses much faster than the incumbents are choosing to do themselves. Existing companies are simply paving the way for startups to eclipse them by not moving fast enough, or worrying about first having some phony ROI before they’re willing to make a change.
- What is your favorite information governance success story?
There are so many to choose from! My favorite would be either the analytics effort that showed that pre-positioning of strawberry Pop Tarts ahead of a natural disaster (like a hurricane) was a great business move, or the story of Zubulake v UBS Warburg from the eDiscovery world.
In Zubulake, a $40+ million court decision turned on one email. That email consisted of two words: “Got it.” It wasn’t that these two words were particularly relevant, it was all of the metadata around that message that drove the fate of the case. The key lesson from that was to be careful when you’re trying to categorize data as “Relevant” or “Irrelevant;” as a “Record” or as “Delete-able.” Anyone using a manual, self-declaration process for records retention is basically asking Al Capone to enforce temperance regulations; good luck with that.
Our law says that you need to keep what you “know or should have known,” might be valuable in the future. Unless you’ve hired Yoda to write your code I have yet to see a system that retains what you “SHOULD have known MIGHT be valuable” at some point in the future. That’s the gaping disconnect between the law and the state of our technical art.
- What has been the most unexpected / surprising aspect of managing information in your experience and how have you responded to it?
I’ve been in the Information Technology world for almost 25 years. My father, a retired IT executive from Corning, Inc., preceded me in IT by another 25 years. When he and I talk about the problems today’s organizations are facing, the technical, political and organizational challenges that we’re trying to work through, his comment is always, “Nothing’s changed.”
I have to agree with him because he’s right; nothing really changes. The technology constantly changes; improving, speeding up, evolving, moving in directions we may have never anticipated. But, in that picture one thing never changes: us. We’re still the same old humans living and working in the same old social orders and following the same old expected norms. Our technology advances dramatically faster than our ability to do anything with it. So, nearly all of the issues I see organizations blame on their technology are actually issues of their humanity. We don’t like change; we love to play games; we’re motivated more by fear than by desire or purpose or principle, and so on.
As we move deeper into the data era of our society we’ll likely keep on blaming technology for our failures and shortcomings (It’s not MY fault my clan died, my flint and stone stopped working), but in reality it’s our own prejudices, predilections and peccadillos that are holding us back.
- In your experience, which corporate stakeholder is the leading voice for information governance initiatives?
Whoever feels the greatest present risk due to how they are managing their information (or aren’t managing it as the case may be)! In the past, nearly all Information Governance efforts were viewed as a necessary evil; as an unfortunate cost of doing business. Usually, most people invest in IG when and only when they are forced to do so by some major catastrophe. So, whoever perceives the most present risk or pain is likely to be the sponsor.
This is changing, by the way, because as data becomes more and more important, you’re starting to see organizations create roles like Chief Data Officer or Chief Analytics Officer, who recognize the criticality of putting data to work. The last thing that is obvious to me is that the best stakeholder is almost never the CIO. Many Chief Information Officers are actually “Chief Infrastructure Officers.” They are far more focused on evaluating, selecting, implementing and maintaining our tools, rather than our information. When I meet a CIO who wants to talk about the tech specs of some piece of hardware or the speeds and feeds of some piece of software, I immediately know which type of CIO I’m speaking with.
- How engaged are corporate boards and the C-Suite in Information Governance efforts?
Historically, not nearly enough, because for at least two hundred years our organizations have been myopically-focused upon capital governance. The first half-century of the information revolution was spent in using data to better organize and manage capital. Now, we’ve reach the point where data is more valuable than capital, and this change is accelerating.
Because of these changes, IG is becoming more of a boardroom topic of conversation, whether the board likes it or not. These leaders are leaders and executives because they have been experts at capital governance, not information governance. The IG discussions are totally new, totally strange, and in many ways completely foreign to them. These discussions are awash in technical jargon, foreign, abstract concepts like social media, cloud this or that, firewalls, cyber terrorists, and so on. Guess how eager these old-school leaders are to have these conversations, about things they know little or nothing about?
Old-School executives are now like NASA astronauts being asked to teach a class on how to farm wheat… in Portuguese. I don’t care how good you are at what you do, or how long you’ve been doing it. This is a new world operating in new ways, in which you have no experience, and you’ll have to admit to this lack of knowledge. If you do this it’ll likely be pretty discomforting. That discomfort is your signal that you’re doing this change-management thing correctly. Conversely, if you’re leaping into this all full of confidence and bluster you’re almost certainly going to fail spectacularly.
Nevertheless, these conversations ARE taking place, because boards and executives have no other option. Perhaps 80% or more of global organizations have had their IT systems compromised by cyber-criminals, cyber-terrorists, or nation-states, and over 60% of the companies that were on Fortune’s 500 list in 2000 no longer are in 2015. If these captains of capitalism don’t catch up with the information age, and soon, the future doesn’t bode well for the organizations they’re trying to lead.
- Are companies motivated more by avoidance of risk (such as fear of data breaches, regulatory scrutiny, litigation) or by reaping rewards (such as lower storage costs, reduced eDiscovery burdens, insights from data analytics) when they’re undertaking Information Governance projects?
Humans are motivated by two things: Desire and fear. Desire, we can put off for a while, fear is pretty much right here, right now. For almost twenty years I have watched organizations mess around with information governance infrastructures, and most of the time they have not been successful. Usually, they were too small, too focused and too project-based (think knowledge management, document management, collaboration, etc.), or were so grandiose that they were ahead of the technology and beyond management’s willingness to fund them.
Those projects that did move forward were typically very small implementations of things that were mandated by legal or regulatory requirements, and represented the least-costly option for ensuring minimal compliance. Usually, these examples moved forward and were funded only after some very bad event took place; either to the organization itself or some other organization close to them.
So, I’d say that fear has been the primary motivator for IG investment, which is too bad. With effective IG there are definite cost benefits. But beyond that, putting data to work as a strategic asset can completely transform your business. This is why Apple, which is a data company (NOT a product company) is the most valuable company in human history. Don’t agree that Apple is a data company? Fine, look at Google, which is emphatically a data company and they’re the third most valuable company in history. Still not convinced? This week, Facebook just exceeded General Electric in market capitalization (over $300 billion). Facebook is unquestionably a data company, while General Electric is doing everything it can to become one, while they still have time.
If your organization still thinks of Information Governance as an inconvenience or a necessary evil, please let me know. I’d love to start shorting your company’s stock.
- How are Big Data and the Internet of Things impacting your clients’ business plans and cybersecurity profiles?
Most organizations think that Big Data is the same old thing they’ve always done with data, it’s just bigger. Those that have this belief are the ones who necessarily fail at Big Data. The reason is simple: if you’re asking the same old questions of the same old data (just more of it), and doing the same old things with the results, what’s the likelihood that your effort is going to lead to ANYTHING new from your organization?
However, I see company after company doing the same old thing with the same old data, while expecting some breakthrough result. This is crazy behavior. To make Big Data work you need to look at new data that you’ve never analyzed before, and ask of it questions that you’ve never asked before. That’s how you get new insights. But this, too, is not enough. Insight without action is the worst possible scenario; you’ve absorbed all of the cost and effort yet generated no new benefit. Acting on new insights is the whole point of Big Data; it’s not what you know, it’s what you DO with what you know that matters. Many of us in business have trained ourselves to believe that a report is a business output. It isn’t. A report is an input. What you DO with reports and metrics is an output.
As for IoT, this “Thingification” of our world is interesting, as it will generate astronomical amounts of data, most of which is completely and utterly useless. Soon we will have billions of sensors all over the world, creating quintillions of rows of data every day. Nearly all of these rows will say, “Nothing just happened.” However, every once in a blue moon there will be a row that says, “Something just happened.” When that occurs, we’ll need to see it and act upon it immediately. That’s a big challenge, and it’s something completely new in the world of IT and of regulation of information.
Security is a whole other animal. Basically, there no longer is information security in our world, there is merely information policing and information catastrophe-response. When I meet with an organization that claims that their information assets are secure, again, I short their stock when I get out to their parking lot. Thingification means that there will be billions of additional points of infiltration and infection, yet not participating in this revolution is not an option.
- Do you have any predictions regarding how the proliferation will affect business over the next 3 to 5 years?
Deep, fundamental, compelling, disruptive and comprehensive change, but not because of the technologies. These changes will come because of our new expectations derived from these changes. Many people think we’re experiencing a huge technology change right now. We’re not. We’re experiencing a huge behavioral and social change. Our perpetual connectedness, the data that this generates, and the solutions that can be deployed as a result are all hugely compelling and very much like a drug. Some of us are repelled by the results, others of us are completely addicted to them.
What seems clear to me is that the Digital Trinity does indeed change everything around us. These results put at risk any company that is reorienting from a capital-centric to a data-centric economy. And fundamental to this shift is the proper application of effective information governance. What exactly is that, you may ask? Sounds like another installment!