AI-infused data governance needs to become a core part of the enterprise toolset to counter content chaos and carefully manage information risk.
The impact of Artificial Intelligence (AI) on business operations has been a matter of great debate for years. Some view AI tools as a core driver of digital transformation initiatives enabling the modernization of nearly all aspects of business. For others, AI is simply the latest piece of over-hyped technology that promises the world but fails to deliver tangible results.
Regardless of which side of this debate you fall, the reality is that the AI-based software segment is poised to generate $62.5 billion in revenues this year — and this number looks set to climb more in the future.
AI use cases such as self-driving cars and virtual assistants dominate the headlines, but one of the most down-to-earth yet potent ways AI can add value to organizations is as a protector. By acting as a digital doorman, AI can help safeguard what is arguably the most valuable asset a business has – its data.
Structured Data vs. Unstructured Data
Not all data is the same, and organizations must govern different data types accordingly.
Structured data is the raw, qualitative information organizations rely on to run most business systems and is often what comes to mind when most people hear the word ‘data.’ Structured data is typically stored in fields and tables within databases — for example, a customer purchase price within a CRM system or supplier invoice amounts within an ERP system. The high degree of clarity in structured data makes this information relatively easy to control and keep secure.
Industry analysts estimate that structured data accounts for approximately 20% of the actual data organizations store and maintain. The remaining 80% of data is unstructured.
What is unstructured data? The most straightforward answer is that it contains everything that doesn’t meet the definition of structured data. Unstructured data includes documents, files, spreadsheets, presentation decks, images, audio and video files, and any other data that does not reside within a table, form, or database application.
The volume, variety, and velocity at which unstructured data is created are exploding — each individual generates approximately 1.7MB of data per second, with over 4.66 billion active internet users as of 2022. Without careful management, this array of unstructured data can result in a chaotic content environment. However, uncontrolled unstructured content can also be full of risk. Everything from corporate secrets to your customers’ personally identifiable information (PII) can be (and often is) stored in corporate documents and content assets. Often, this data lacks a clear owner, has no audit trail of access and edits, and most likely will not be stored and secured appropriately. This lack of data governance can expose organizations to substantial compliance, privacy, and legal risks — and open the door to potential financial, brand, and reputational damage.
Taming the unstructured data beast isn’t a simple matter. Modern enterprises manage massive volumes of unstructured data. Studies indicate that the average enterprise stores well over 300TB of data within its various systems, with more generated each day. Furthermore, unstructured data typically isn’t sorted into consistent formats or file types, making even the seemingly straightforward processes of accurately identifying, categorizing, and organizing this information daunting and error-prone for most organizations.
Introducing Artificial Intelligence
Today, many enterprises use AI to automate the identification, organization, and enforcement of security provisions for unstructured data. AI tools and models can rapidly process vast numbers of files and documents and perform a wide range of activities to benefit the enterprise. These benefits vary, but the process followed to deliver them typically breaks down into three distinct areas: discovery, classification, and quantification.
Discovery consists of accessing the files within an organization and performing simple analysis to identify what kind of data the AI is working with. Automated governance solutions can automatically discover data properties such as file type, size, location, user permissions, and any existing metadata. While this is only enough to build a basic profile of the data, this data footprint assists the AI massively in the next step in the process — classification.
Classification is where the strengths of modern AI begin to kick in. Depending on the software used, the AI model might be used to identify:
- The type of the document — e.g., a contract or an invoice
- The language of the document
- Whether the document contains personally identifiable information (PII)
- If a document includes sensitive corporate information
Classification, and the data extracted as part of the discovery phase, provides detailed information about the unstructured data that exists within a business and precisely what it contains. Yet, while some organizations may simply want their governance tools to identify potentially problematic files as high risk, powerful AI tools can do much more than apply a label.
Modern AI technology is smart enough to intelligently quantify the risks associated with certain data types. It can identify specific data that is confidential, contains PII, or requires special treatment — but it can also apply context to determine how data should be managed. For example, an Excel spreadsheet loaded with sensitive financial information may need redaction or additional security, whereas a shareholder’s report presenting elements of that same information will require different treatment.
By quantifying the level of risk within a file without human intervention, organizations can gain a deep insight into where they need to apply additional protection and trigger specific actions. For example, a governance team may set up rules that instruct an AI to redact PII in documents stored in unsecured parts of the network or to place specific contracts under the purview of a records management solution.
Intelligently Automated Governance
Identifying the risks associated with unstructured data and applying proactive protection methods to counter those risks isn’t a project to be done once and then forgotten. Rather than being used reactively, A.I.-infused data governance needs to become a core part of the enterprise toolset — to counter content chaos and carefully manage information risk.
While continually monitoring and protecting enterprise data, organizations can establish best practices for governance — perhaps automatically identifying documents that should be treated as records or labeling all documents containing staff and HR information as “internal.” With these guidelines in place, an AI can track and measure adherence without user input. Every action, status, and history can be tracked, including when, where, and which steps were taken to safeguard content. This ability is increasingly important in relation to privacy regulations such as GDPR and CCPA and the need for organizations to understand within which geography their data resides at all times.
With A.I. acting as their digital doorman, organizations can achieve continuous, automated data governance. The ability to unearth deep business insight, carefully control and govern content residency, and automate the application of policies and procedures is invaluable to organizations in the risk-laden business world we operate in. Ensuring information stays secure, can only be accessed by those with appropriate permissions, and delivering proactive risk management and control, automated tools can change the way data is governed forever.
An enterprise’s data is one of its most valuable assets. We wouldn’t let someone stroll into our physical offices without passing by a gatekeeper – why should we treat our data differently?