A Discussion Paper
Authors: Alan Pelz-Sharpe (Deep Analysis) & Steve Weissman (Holly Group)
Statement of Purpose
This discussion paper provides an overview of how future information governance (IG) platforms may be envisaged and built utilizing blockchain – perhaps the key point being that all the technologies necessary to do so are already available.
Though blockchain is flying well under the radar in this context, it is not too early to begin postulating how it can be used to build a secure information governance management platform. Our hope is that this paper can become a starting point for information management and governance professionals to discuss its potential, as well as some of the challenges to be stared down before it becomes a practical reality.
The questions 'what is a record?' or 'is that the original?' are asked multiple times daily in commercial and legal situations around the world. Absolute, incontrovertible proof of the veracity of a transaction, activity, file, or document is difficult to come by and often form the basis for disputes. Over the decades, as information has become more and more digitized, providing that absolute proof has in parallel become ever more difficult. Yet a technology today does exist to provide a level of absolute trust and indisputable evidence every single time, that technology is called blockchain. Though best known for its pioneering use in financial transactions via Bitcoin, the underlying platform and structure of blockchain (a distributed ledger) has huge potential beyond financial services, including (and especially) in the worlds of document, records, and asset management.
A New Model for Information Governance
Below (Figure 1) is a proposed simplified framework architecture for Information Governance. The framework leverages existing P2P blockchain public ledgers and proposes that information governance applications can be built atop this in decentralized manner.
Figure 1 Proposed Information Governance Model
Each element of this model is explained below.
Unified Rules & AI-Driven Content Lifecycle Management Application – Today, this layer consists of multiple information silos and applications – they could be ECM repositories or CRM systems or email systems – wherever content is created, managed, and/or stored. Here, though, it is depicted as a single unit, proposing a possible future unified platform. Today, enterprise information is disjointed and held in multiple unintegrated silos and repositories. That is unlikely to change in the foreseeable future, but new approaches to information management are on the way.
APIs – APIs (Application Programming Interfaces) are the connectors that provide integration points between the content applications and the governance protocol layer. Again, as above, in this diagram we have depicted a single API though in reality there would likely be multiple APIs.
Decentralized Information Governance Protocol Layer – This layer of the stack provides the rules and analytics that drive governance. To the best of our knowledge, no firm has yet built such a layer to drive governance to the blockchain. Technology vendors have, though, built similar platforms to apply governance to content and drive that content to their own repositories. A good example of such a platform/application is Microsoft Office 365 Advanced Data Governance, which leverages artificial intelligence (AI) to predict and and make recommendations on how certain files or sets of data should be managed.
The Blockchain – Blockchain provides a non-repudiable, irreversible, cryptographically secure block to the chain of custody every time a bit of critical information is touched. Fundamentally a distributed ledger technology, it decentralizes control and verification of the custody chain. This, plus the presence of hashing at its core, eliminates the ability for something to ever be tampered with without first being detected.
A Simplified Process
In practical terms, the model described above would work in the following manner (see Figure 2):
Figure 2 Simplified information governance blockchain process
A contract is created to detail an agreement to acquire a custom piece of engineering for an offshore oil platform. In reality, that "contract" consists of a number of documents, drawings, and data sheets. Each element has been created by different people, in different departments, different organizations, in different locations. As the contract as a whole goes through a number of revisions, so does each individual component of the contract also go through a number revisions and reviews.
At a future date, there may be a legal dispute regarding the contract details between supplier and buyer. The audit trail of both the contract and its individual components is critical to resolving the dispute. By reason, no individual of the various parties can either be responsible for nor necessarily trusted to confirm the validity of every component (record) element.
Using blockchain to "lock" every component creates a shared distributed ledger into which all of the records are written, with each record and every transaction (change0 accompanied by a timestamp and proof of origin. In essence, this builds a verified and indisputable shared record, whilst preventing any individual participant from corrupting it.
Promising though blockchain is as an IG tool, there are a number of challenges to be overcome before it can become a practical reality:
Cost – Though open and decentralized, the fact is that people perceive blockchain to be expensive to run. It takes a huge amount of processing power to run transactions, and intermediaries to the blockchain want to charge a percentage of each transaction they handle. But for managing a finite number of files costs should not be a real factor.
Forking – In theory there should be one global blockchain. In practice, though, there is one dominant global blockchain (bitcoin). Other proprietary blockchain instances are being created.
Bitcoin – The concept of blockchain is so closely linked to bitcoin that it can be hard for many in the industry to recognize that it has a role and function beyond that.
Mindset – Information management system builders have traditionally had a repository-centric view of the world. Moving to an open and decentralized perspective of information thus will be a philosophically difficult shift to make, and may hinder blockchain's rollout in such contexts.
The most telling takeaway from this short paper may well be that all of the elements described in our proposed framework exist and are running openly today. There is no new technology as such in this framework – only existing technology that could be configured in a manner to challenge and cause a rethink of today's often limited approaches to information governance and management.
The model we propose may have a limited appeal or application for many use cases today. In some situations, even where it has a strong appeal, the cost and complexity of adopting such a framework might be prohibitive or unrealistic to address. There are, though, situations such as medical records, digital evidence, high value media, and transportation and logistics where such a framework would be not only highly relevant, but also effective in bringing about much needed business improvements.
Consider the potential power blockchain has to upend the way:
- transportation companies document the content and ownership of that content in their container ships, oil tankers and 18-wheelers
- law firms ensure the integrity of depositions, courtroom transcripts, and client case files
- hospitals and medical practices share and secure patient records
- owners of high-value IP (e.g., unreleased films and music) approach digital rights management
- public companies administer shareholder voting
Today, blockchain for information Governance is more of a discussion than a reality. Even so, there are a number of pilots underway and startup's building applications to meet the challenges and opportunities described in this paper. For sure, blockchain is not for everyone; it's complicated, new, and costly. But we believe there are business cases where its use would be appropriate. Moreover, as the body of learning and expertise grows, more opportunities will arise, and costs will likely fall lowering the bar to adoption.
Records Management is "[the] field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records". Source ISO 15489-1: 2001
Enterprise Content Management (ECM) is the strategies, methods, and tools used to capture, manage, store, preserve, and deliver content and documents related to organizational processes. ECM covers the management of information within the entire scope of an enterprise whether that information is in the form of a paper document, an electronic file, a database print stream, or even an email. Source www.aiim.org
Information Governance (IG or infogov) is bringing order and discipline to the use and protection of business-critical information, so the most value possible can be derived from information assets. Source Holly Group