Information Governance: Breaking Down Cloud Archiving’s Façade of Risk

I’ve noticed more and more businesses adopting various cloud-based (or hosted) solutions across their organization.  According to the 2013 IDG Enterprise Cloud Computing Study, 61% of organizations have at least one application or a portion of their computing infrastructure in the cloud.  Of course, survey results don’t tell the whole story, but I’d argue that when critical or sensitive data is involved, more and more organizations are turning to cloud solutions to help manage their data – particularly organizations with highly sensitive data that is being managed.  It raises the question: why aren’t even more organizations adopting cloud-based solutions – i.e., why not the other 39 percent?  The answer is often misinformation and misconceptions. 

 

This is especially true for cloud-based information archiving.  We’ll often hear a wide range of concerns that aren’t always true all the time:  data will be held in an unknown facility lacking sufficient security; data cannot be tracked, disposed of, or audited in any way; users will have less access to their own data; data will be comingled with data from other organizations; it will be more susceptible to unauthorized access; and the organization may not have full ownership of their data. 

 

In this and my next few blog posts, I’ll lay out these concerns, provide more context about each, and explain when these concerns may be true and when they are not. 

 

A cloud for every purpose

 

First and foremost, not all ‘cloud archiving’ providers are equal.  Not all providers will be able to offer the specific tailored solution to meet your specific business requirements.  But one provider’s inability to meet your security or datacenter location requirements, doesn’t mean all cloud solutions are risky.  As with any solution, business requirements and level of risk tolerance should be the driving factor.  For example, a company that places a higher priority on reducing in-house storage costs might work perfectly well with a cloud archiving provider with SOC2 datacenters that enable significant storage savings, but might not offer multi-level authentication and dedicated/encrypted VPN tunnels. 

 

How secure is your security?

 

While not all providers will offer the absolute bleeding edge in security methods, most of them will offer security that is well beyond the security capabilities of even the largest companies.  With security as a top priority for their customers, cloud providers invest and dedicate many times more resources in security than most organizations.  Rather than expending sometimes limited resources to match datacenter-grade security, companies can take advantage of a cloud provider’s robust security capabilities and continue focusing on core competencies and business priorities.

 

Reap the rewards, skip the risk

 

While the riskiness myth still accounts for much of the feedback on cloud usage, cloud providers can actually eliminate many of the risks present in an organization’s IT processes.  Data residing on-premise within a company is going to be much more accessible by its employees for better or worse, and introduces the risk of human intervention as a result of this accessibility.  Today’s IT staffs are stretched thin and must manage many aspects of security, data backup, disaster recovery, and software/hardware maintenance.  Should IT mistakenly miss a critical security patch, forget to identify a failed backup, overlook a failed replication set, or install an untested application, data can easily be lost or opened up to outside parties.  This is not an uncommon occurrence, as evidenced by recent headlines. Especially, when high profile companies are involved with the loss of personal and financial information.  Inevitably these potential mistakes stemming from human error likely will cause organizations to fall out of corporate, industry or regulatory compliance, with potentially severe repercussions.

 

On-premise systems are not the end-all, be-all for information governance either. There are many situations that can lead to the breakdown of mandated information governance policies.  For instance, when physically collecting PST’s from thousands of remote employees via USB drive, email, shared drive or FTP, with hundreds of terabytes of data and hundreds of millions of emails, the probability of fully accounting for this data is diminished, increasing risk especially during litigation.  It is very difficult to proactively identify and manage data that resides in across thousands of repositories such as end users laptops with uncontrolled PST files, much less apply legal holds or governance policies on this data.  This unmanaged data will remain discoverable and could impact an organization’s ability to defend their governance and retention policies.

 

When data is hosted with a cloud provider, many of the potential risks described above are mitigated.  Their processes are automated, take place within a secure datacenter, require minimal human intervention, and all data regardless of sensitivity is treated equally.  Most cloud providers enable sophisticated and automated replication, high-availability, and disaster recovery systems and processes across multiple geographic locations to ensure that no data can be lost. This also removes the need to physically transport data.  Providers can demonstrate consistent, repeatable, and defensible processes regardless of any potential situation enabling near 100% uptime, or at least greater uptime that can be provided by most organizations. Choosing a provider that holds the appropriate certifications (e.g., SOC2), meets your internal mandated processes, and executes contracts that include defined SLAs can help lower an organization’s risk.

 

The confidence of organizations toward the cloud continues to increase even in the face of perceived uncertainties.  As providers enable cloud archiving services that deliver security, automation, compliance, and disaster recovery capabilities beyond what most organizations can achieve, CIO’s and other decision makers will need to seriously address the value that cloud archiving can bring to better meet their business requirements.  For more information, check out the Knowledge Vault Exchange series on Dispelling Myths About Cloud-based Archiving

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Joe Garber is Vice President of Information Governance at HP Autonomy. In this role, he leads product messaging and go-to-market efforts fo...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation