The council was formed in November of 2004. It was formed because a lot of organizations recognize that data is one of the most valuable assets that companies have. Companies increasingly are looking at how you manage that information and how you make it free. Lots of IT departments are trying to find ways to get more information out to more individuals, standardizing the way they write information, whether it's structured or unstructured data, audio or video. Everybody wants to get ideas out into the marketplace. But people recognize that when you aggregate that information, when you combine it with lots of different stove-piped databases across the organization, it used to be protected by the very nature of the proprietary database format that was used. The data is not just valuable to the organization. It's valuable to lots of people that you don't want to give access to. It also creates lots of new complicated social responsibilities about how an organization governs an effective appropriate use of that data. It's too big of a job for one group in an organization. We saw the need for a more participatory governance framework for different parties in an organization to work together and resolve issues. The data governance council has 45 organizations that are looking at just that. Are these mostly vendor partners participating?
They're actually about 25 IBM customers, including 12 vendor partners and three universities. It's a very diverse group. Many of them are very large banks, credit card companies, telecommunications organizations, retailers, some public sector governments. Just to get a better understanding of the goal of the group, does IBM use it to fill white spaces in its product portfolio? Is it about developing standards or creating interoperability between vendor partners and IBM?
In the beginning it was just to understand the space. Our customers were coming to us and saying "we've got a complex new field here. We see regulatory compliance, we see security issues, we see data privacy and data protection issues, we see data quality issues, and we see data management." We've got all these different stove pipes in the organization and they're not talking to each other. We recognize that there is this new space that combines all these different disciplines. Data is an enterprise asset and everybody has to be involved to figure out how to leverage it to its potential and yet protect it. As the group got to know each other, the group began to realize that the group had a unique opportunity to influence how the field developed. A lot of the organizations felt that this would be an important opportunity to help identify different levels of maturity in data governance. What's the status of the maturity model?
We started working on the maturity model last year. It's a very big model. It has 11 categories and five levels of maturity for each category and lots of content in each area. Between members in the council and IBM, there are probably close to 70 people working on this maturity model. There's a tremendous amount of passion in this group. We've transformed it into an assessment because a maturity model is a benchmark so you can use it to conduct an internal analysis. We have had members assess themselves using the model in October and after that experience we felt that while it isn't perfect yet, it's really good. Is there any way for enterprises to use this model?
When we felt like we had a stable and standardized model, we decided that it would be appropriate to start sharing it with the rest of the world. The first thing we did was take the lessons we learned from working with the council developing the model and we transformed it into a formal assessment offering which we announced in December. It was the first product that was delivered from this council. Now other organizations that want to take advantage of this work can come to IBM Global Services and get a data governance assessment. The second step will come later this year as we start rolling out some white papers and descriptions of the rest of the maturity model. Are companies saving too much data or failing to understand the valuable data versus the data that doesn't need to be stored?
That becomes a retention issue. It's another area of data governance that's information lifecycle management and figuring out how long data should be retained. It's becoming a growing concern for many companies. A lot of organizations back up everything and they don't know from their back ups how long they need to save it. Is this why we're seeing more data breaches today?
I think we're seeing more data breaches because we've got more data. I think it's because our entire economy is changing today. Between 30 million and 48 million Americans work at home. Large portions of the employee population travel a great deal. When they travel around the world they carry BlackBerrys and cell phones and PDAs and laptops that contain hundreds of gigabytes of data. This is only going to increase. We're going to start seeing portable drives with terabytes on them. That proliferation of data creates increased exposures and increased opportunities for loss. It only increases the obligation of an organization to control those losses and mitigate them. You've got to be in a position where you can analyze past behavior, consider present circumstances and forecast future losses and prevent them.