Industry interview with iManage: Resetting storage
This article was also featured as an industry interview in the March 2016 issue of Briefing. To read the issue in full, download Briefing.
The latest plans for a new EU General Data Protection Regulation – negotiations taking place in December last year – see the prospect of a fine equating to 4% of global turnover for infringements that affect “the rights of data subjects”.
“Clearly, clients are very, very sensitive to how professional services firms handle their data in any case,” says Neil Araujo, CEO of iManage. “But in the current landscape, this is also one of those things with the potential to bite firms badly when it’s already too late – if they haven’t made plans proactively.
“There are huge cost implications to how firms safeguard client information – not just the storage cost, but also the risk that it might get breached. You simply can’t keep things safe forever – and you need some strong governance around how you deal with that. Governance means applying the right policies for the circumstances – whether that’s security surrounding what’s kept, where data is archived, or whether it’s returned to the client or safely disposed of.”
Efficiency gain This is the background to iManage’s very recent investment in a new R&D and support centre in Belfast, dedicated to the evolution of the business’s iManage Govern software. Including iManage Records Manager and iManage Archive Manager products, the team will focus on how processes can be further enhanced, such as Record Manager’s addition of a new feature that manages disposition workflow, return to clients or transfer to other firms by adding notes that reflect specific circumstances.
“It’s very important that we’re resourcing all our activities of this type appropriately,” says Araujo. "You need sufficient firepower – and of the right quality – to approach governance holistically. Personally, I’ve always wanted a stronger development presence in Europe, and we’re very excited by the potential of a big new talent pool.”
The top priorities they’ll be working on? First, providing the tools to enable firms to track where client data is located across myriad systems so that it can be governed, he says. "Second is enabling firms to track what they’re signing up for when data-handling rules are agreed with clients. They need a better way of tracking these to enforce them.”
Number three, says Araujo, is a focus on operationalising data policy choices most efficiently – improving workflow for archiving, for example, or reducing the cost of long-term storage.
“On top of that, we’re very focused on leveraging reporting and analytics to monitor access to documents. Despite all the security to protect documents residing on servers using encryption technologies, most security breaches occur when end user credentials are compromised and the ‘bad guys’ enter the system looking like a valid user,” says Araujo. “The only way to identify something amiss may be to detect activity patterns at odds with how a user commonly works."
iManage Govern is available on-premises or as a cloud solution – and in February the business announced a series of enhancements to its cloud version. As well as faster performance through hyper-converged infrastructure and new technology, there are new tools for monitoring and alerting security events and failures – and data is encrypted at rest and in transit using customerunique encryption keys.
“Professionals are very heavy information creators and consumers, so performance and bandwidth are a very big deal – and desktop integration is also key,” says Araujo.
“But I also think you need the flexibility of a hybrid model. No firm really wants to be in a position where they must turn clients away because the client isn’t comfortable with having data in the cloud. With iManage you can easily have some data on-premises and other data in the cloud. Decisions can be based on the individual needs of the business – they can move as little or as much as they wish.
"As with the governance processes surrounding storage, transfer and removal of information, it is an area where the need for tight control and oversight needn’t be at the cost of flexibility to fit the specific circumstances.”