For decades, records managers have lived with a divide so familiar it's become invisible. On one side sits the EDRMS: structured, governed, and controlled. On the other lies everything else: network drives, SharePoint sites, Teams channels, email archives, and forgotten corners of infrastructure that nobody really owns. Two worlds, separated by an invisible wall.
When we talk about "us and them" in records management, most people assume we mean records managers versus business users: the age-old tension between those who care about compliance and those who just want to get their work done. But that's not the divide that should keep you awake at night.
The real "us and them" is managed versus unmanaged information, and that wall between them might just be your organisation's greatest information risk.
Think about your EDRMS for a moment. You know it very well. You've designed the file plans, trained the users, configured the security, and run the disposal schedules. Every document has a classification. Every record has a retention period. There are audit trails and access controls and governance frameworks that would make a compliance officer weep with joy.
Now think about everything else.
That network drive from the 2015 restructure that nobody deleted. The SharePoint site for a project that finished three years ago. The Teams channel where someone shared a spreadsheet with customer details. The email archive of a staff member who left in 2019. The folder named "Old Stuff - DO NOT DELETE" that everyone's too afraid to touch.
This is the other side of the wall. And for many organisations, it contains far more information than the EDRMS ever will.
Here's what makes this situation almost absurd. The information you manage carefully through your EDRMS requires formal retention and disposal processes. You can't delete a record without proper authorisation. There are schedules, approvals, audit trails. As it should be.
What about that unmanaged content sitting on network drives and SharePoint sites? Anyone can delete it. At any time with no record that it ever existed.
The information you've worked hardest to protect is locked behind governance frameworks. The information you know least about can vanish with a keystroke, or worse, persist indefinitely, accumulating risk with every passing day.
It's like having a state-of-the-art vault for your front door while the back of the house has no walls at all.
Let's be honest with ourselves. Records managers know this problem exists. Most have known for years. So why does the wall remain?
It's not ignorance. It's self-preservation.
The unmanaged side of the wall feels like it's outside your control, and in many ways, it is. You don't own those network drives. You didn't set up those SharePoint sites. Nobody asked you about the Teams channels. The business created this content without involving records management, so it's easy to tell yourself it's not your problem to solve.
There's also the sheer scale of it. The prospect of discovering, classifying, and managing years (sometimes decades) of accumulated unstructured data is genuinely daunting. Where would you even start? How long would it take? What resources would you need? The questions multiply faster than the answers, so it's easier to focus on what you can control: the EDRMS.
And so the wall remains. Not because we don't see it, but because looking too closely at what's on the other side feels overwhelming.
The Berlin Wall didn't fall because people planned for it. It fell because circumstances made it inevitable. The same is true for the wall between managed and unmanaged information.
That wall comes down when:
A cyber incident forces you to understand exactly what sensitive data you hold and where
A privacy complaint triggers discovery across your entire information area
Legal proceedings require you to locate and preserve documents you didn't know existed
Regulatory changes demand accountability for information you've never managed
A data breach exposes content that should have been disposed of years ago
In these moments, 'it's not my system' and 'we didn't know it was there' aren't defences. They're admissions of a governance gap that someone is going to have to explain.
The good news is that you don't have to tear down the wall all at once. Modern data discovery isn't about boiling the ocean: it's about making steady, repeatable progress.
We've seen organisations successfully tackle their unmanaged information by taking a few common approaches.
They start with planning, not technology. Get the right people involved early (business, IT, records, privacy) and be realistic about what you're trying to achieve. No technology can read your mind if requirements aren't clear. They lock the space before they start. During discovery, documents get deleted, changed, and replaced, not out of bad intent, just normal business behaviour. But for discovery and privacy work, that's dangerous. Discovery spaces must be read-only, or the problem keeps growing and confidence in the outcome erodes.
They treat it as a journey, not a silver bullet. Narrow the scope, run the tools, learn from the output, refine and repeat. Each pass brings more clarity, but only because the groundwork was done upfront.
They recognise that technology is powerful, but it's not magic. The platforms do enormous heavy lifting, but they don't solve everything by themselves. Having the right partner (someone who understands both the technology and how to adapt it to real-world complexity) makes the difference between progress and frustration.
Without technology, the alternative is years of manual document review, ever-increasing data volumes, and a problem that never really gets finished. It's the information management equivalent of painting the Sydney Harbour Bridge: by the time you reach the end, you need to start again.
Data discovery creates real progress. It doesn't make the work disappear, but it makes progress achievable in a way manual effort never could. You gain visibility over what you have, confidence in where your risks lie, and the ability to take meaningful action rather than just worrying about what might be out there.
If you're coming to the OpenText Summit in Sydney at the end of February, join us for a fireside chat with May Robinson from the University of Sydney, who will share her firsthand experience managing data risk and working through the discovery journey.
May's perspective cuts through the marketing hype to focus on what actually matters: the planning that makes or breaks a project, the lessons learned when things don't go as expected, and the real-world payoff when technology meets thoughtful implementation.
It's the side of cyber security and information risk that doesn't get talked about enough, and it's a conversation worth having. S0, how long has the wall between your managed and unmanaged information been standing?
You don't have to demolish it overnight. But perhaps it's time to at least take a look at what's on the other side.
If you'd like to explore how data discovery might help your organisation understand and manage its unstructured information, we're here to help. We take your business personally, including the parts you haven't quite got around to managing yet.
Join Us at OpenText Summit Sydney
From chaos to clarity: unifying data, identity, and access with OpenText
Tuesday, February 24, 2026, 1:30 PM - 2:30 PM
Room 2: Cybersecurity
Click here to register for OpenText Summit 2026