March 10, 2025

00:10:24

Infrastructure: Devils in the Details - E103

Infrastructure: Devils in the Details - E103
What Counts?
Infrastructure: Devils in the Details - E103

Mar 10 2025 | 00:10:24

/

Show Notes

2025 Episode 103 – The devils in the details when it comes to infrastructure. Following along with the components of TrailBlazer’s Information Design framework, we cover the base component - Infrastructure. Where are the devils in the details when it comes to Infrastructure? Join Information Governance (IG) Consultants, Maura Dunn and Lee Karas, as they explain where devils in the details hide when it comes to Infrastructure. Each episode contains important information gained through our experience working with companies across various industries and we talk about how you can apply this experience to your company. Episode length 00:10:24.
View Full Transcript

Episode Transcript

[00:00:01] Speaker A: Hello, thank you for joining us. This is what Counts, a podcast created by Trailblazer Consulting. Here we highlight proven solutions developed through our experience working with companies across various industries. And we talk about how you can apply these solutions to your company. We share our experience solving information management challenges like creating and implementing a records retention schedule, creating asset data hierarchy, or helping with email management. This is Lee and in this episode or and I will talk about the last item of our framework, which is called infrastructure and all the devils that are hiding there. [00:00:40] Speaker B: All the devils that are hiding there. I feel like that's the name of a book I read sometime. Okay, so in the infrastructure section of our framework, we're talking about what underlies all your data, whether it's paper or electronic or something else. For instance, you could be a lab and you might have specimens and samples that are part of your data set. We encountered that with the Environmental Protection Agency on occasion. If you are a fashion designer or a manufacturer, you might have shoes in your records world. We also encountered that with one of our big fashion companies left over from a litigation where they were doing a copyright infringement or a trademark infringement on a, on a knockoff shoe. So here we are in the 21st century. Most of your data is electronic, so we're talking about the infrastructure to support electronic information. Unless you are a brand new company, it is highly likely that you have some data still on physical servers. You've got these older servers, they're sitting in data centers and you're trying to figure out how do I get them out of here and get to the cloud? Probably because the cloud is very efficient. Even though it sounds vague and mysterious, it's based on physical servers too, but they are bigger and dedicated and protected in different ways. And you're using a small part of this shared resource. Most likely the transition from a physical server to a cloud server can be an opportunity to apply your rules that we've been talking about. Apply retention, get rid of old things that are no longer needed, get rid of non records, organize your information in a way that fits your business better and isn't based on the organizational structure of your original company from 10 years ago, plus the three companies you acquired. So it's an opportunity to take care of that. But the infrastructure part of governance is really focused on protection and access. How do you make things easy for people to find and dependable so that they can always count on I found my thing and I can access it. And then how do you make it secure? So access and security used to be we're talking about paper records in boxes in a warehouse. Physical security might include a guard station, might include a fence, might include locks on the doors at some point in time. We've had vaults in offices where you keep the most important records. You keep the mo. The original deed to the building, you keep the deed to the land where you're building your, I don't know, roller coasters or something. You keep the deed to the land where you've built your pipelines and other facilities in paper, in hard copy, with wet signatures in a vault because they need to survive a fire. We're moved away from that. The physical security was pretty easy to implement actually compared to electronic security because now you're talking about, you want to make it accessible, remember? So it needs to be connected to some kind of network, whether it's a private network or the Internet. But you need to have layers of software driven security or tokens that can make sure that you and your people who are authorized can get to your data, but other people can't. And it's a constant moving target because the people who want to get in and can't, they are always trying new ways. So that infrastructure piece has really moved along with the whole world of information management out of facilities focused on fencing and perimeters and into the world of IT and cybersecurity and maintaining the safety and access which are this natural tension between information or between goals, equally important goals. But it depends on your business which one wins. So if you are, I don't know, working for NASA and building the newest space shuttle or building a, you know, community that's going to move to the moon, then highly secure, you don't want anybody in there, or you're working for the FDA and you've got the data around food safety and that's a vulnerability if, if something gets into the food supply and starts to make people sick, your security becomes a heightened, becomes takes a higher priority than access. And your people might have to go through three more steps. They might always have to use a token to get in. They might only be able to use a hardwire connected machine as opposed to a WI fi machine. They might not have any access to download information to a thumb drive or to send data outside of your network to be, send it to a personal email address or something to a Dropbox. So that balance of security versus access is going to vary by industry, by company, by the type of information you're protecting. Now you know why we separated infrastructure from applications? Because they really serve two different purposes. Do you want to Jump in, Lee. [00:06:43] Speaker A: Well, and that company's risk tolerance, tolerance for risk. That's what's also going to dictate the security and the access piece. [00:06:56] Speaker B: Absolutely. And some, some cutting edge companies might be working with high risk materials and decide to take chances and they might get away with it for a little while because they're small and nimble and nobody knows they're there. But that's a big risk. And if you're looking, I don't know if you were looking for investors, that might be a question an investor has. Wait, you're using, you know, G Suite or you've got Gmail addresses. That's the thing we've heard a lot. You know, small businesses, schools might be using Gmail or the G Suite. And how secure is that data? It's okay for normal purposes, but if you start getting into a higher risk area or your volume becomes bigger, or your company, your organization takes on a larger public profile, then you might be attracting the wrong kind of attention and your back end may not be up to it. Not to not not picking on Google or G Suite, but it's just the, the standard off the shelf version as opposed to working with Google to set up your private network or your private cloud to protect your information. That's a bigger investment on the part of the business and provides a higher level of security. Just using as an example because it's so easy to set up a Gmail account, so could be the same on Microsoft or any of the other platforms. So the balance between access and security is the critical decision point in thinking about your infrastructure. How your data sits in your infrastructure is using the mechanisms in your applications. So we separated them in our framework because decisions about data in applications from a records perspective, from a security perspective, the application has some, some impact there. What's available, what functionality is available to apply, but then the interaction of the application and the infrastructure is going to meet these bigger security and access requirements. [00:09:11] Speaker A: Excellent job that covers infrastructure and this is actually the last episode then covering all of our framework items. Just as a recap, it's governance, policy, process, data, content, application and then this one infrastructure. Please listen to all the episodes so you can get a full picture of where those devils hide and all the details associated to the framework elements. [00:09:39] Speaker B: Don't drive yourselves too crazy asking all the questions, but these are important questions to think about when you're making information governance choices. Thanks for listening, appreciate it and I'll turn it back over to you. Lee. [00:09:55] Speaker A: Excellent. If you have any questions, please send us an email at info trailblazer.us.com or look us up on the web at www.trailblazer.us.com. thank you for listening and please tune in to our next episode. Also, if you like this episode, please be a champion. Share it with people in your social media network. As always, we appreciate you listeners. Special thanks goes to Jason Blake created our music. [00:10:22] Speaker B: All right, see you next time.

Other Episodes