Introduction

Eyes front

The IT industry looks forward, not back. Smaller, faster and with increased functionality are the industry's focus; nostalgia is a rare indulgence. This focus on the future creates recurrent issues with backwards-compatibility; using old data with new systems or integrating old and new information systems can be problematic. Backwards-compatibility is often an afterthought or simply ignored and information security tends to concern itself with the current information and system lifecycle. Archived or offline data can result in less emphasis on information security; this presents challenges for digital preservation. Information security controls and risk assessments tend to be diminishing concepts in archive information systems.

Taking notes

Digital preservation arises in many forms – electronic musical instruments are a good example. Many of the older synthesizers from the 1970s and 1980s had unique sounds which still have a place in modern music. However, many almost became extinct as newer instruments with more accurate samples were produced. The sounds made by these early instruments have been rescued, remastered and are now available to the current and future generations of musicians.

Ticking boxes

Organizations talk about ‘governance’ but they often really mean ‘compliance’. A lack of empathy with the business results in controls that create unnecessary barriers to normal operations. These controls, when combined with business targets, can create perverse incentives for staff to circumvent procedures rather than comply with them in order to ‘get the job done’. This is not good governance. ‘Tick-box governance’ is a serious problem for a business and arises where there is no sound basis for the compliance framework that has been adopted. Tick-box governance creates an illusion of compliance and false sense of security. Identifying the right standards to comply with and clearly defining the scope and application is critical to achieving good governance.

Breaking barriers

There will always be tensions between end-users, IT operations and information security specialists. A lack of communication and mutual understanding exacerbates this. Dialogue between the parties can help to create a consensus approach that will encourage informed compliance and some common objectives. People are at their most creative when seeking ways to bend the rules, so making rules that make sense and are attuned to the business are essential for true compliance.