Cloud Collaboration: Managing Risk & Retention
Embed Size (px)
Transcript of Cloud Collaboration: Managing Risk & Retention
C a r s o n C i t yS t a t e C a p i t a l
E - R e c o r d s F o r u m 2 0 1 3
M a n a g i n g R i s k & R e t e n t i o n
Sometimes you’re the bug, sometimes you’re the windshield
Cloud Collaboration: Managing Risk and Retention
Bud Porter-RothPorter-Roth Associates
• Independent, vendor neutral, consulting in: – Cloud Information Management (CIM)– Electronic Document Management– Document Imaging– Records Management– Workflow– RFP Development
• http://www.erms.com• [email protected]• @BudPR • 415-381-6217
How to make a million dollars in the Records Management business….
Start with three million………
• Introduction to Cloud Computing• Introduction to Cloud Information Management (CIM)• Benefits• Risks• Can Risks be Mitigated?• The Future
Cloud Computing 101
Corporate Users Corporate Datacenter
Porter-Roth Associates 6
No Corporate Datacenter
What is Cloud Information Management (CIM)?
CIM is the ability to use document management functions and applications in a cloud environment – create, collaborate, store, retrieve, check in/out, version control, records management, governance, security, search, audit history, etc.
Cloud Collaboration Offerings – My Take
• Simple Store and Retrieve• Simple Collaboration• Complex Collaboration• Functional Applications• Business & Social Networking
Simple Storage and Retrieval
Allows for simple file storage and retrieval. No real document/records management capability. Allows you to “share” documents by email invitation or shared password.• Amazon Cloud Drive• SkyDrive • Mega• iCloud• +many, many more
Allows simple DM capabilities such as folders/subfolders, versioning, checkin/out, simple workflows, search, and audit trails. No RM, IM, legal. Multiple users can log into the site.• Box.com• Google Docs• Dropbox• WatchDox• Huddle
Includes DM/RM, office applications, workflow, email, calendaring, workspaces, forums (wiki, blog), and other features.• SharePoint (provided as a service)• Office 365 (includes SharePoint)• SpringCM• Alfresco
Applications built around functions like accounting, HR,
CRM, and PM. Generally no DM or RM capabilities.• Basecamp – Project management • Moxie Soft - CRM • Salesforce – CRM• Jive – Social software• Yammer – Social Software• Workday – HR Software
Business & Social Networking
Social networking apps – typically have no DM or RM capabilities but can be used for file storage and sharing.
• Jive – Social software• Yammer – Social Software• Chatterbox (SalesForce)• Facebook• LinkedIn• YouTube• SlideShare
• Lower initial and startup costs• Highly scalable – resources are available when needed• Rapid elasticity – resources are consumed on-demand• On-demand Self-Service - User can order and provision
services directly • Basic site can be setup and operating within 30 minutes• User/owner can set libraries, folders, security, permissions,
versions, workflows, and other aspects of site operation• User can invite other users to share documents• Vendor provided maintenance• Device independent, made for mobile
• User is in charge• Typically no RM or IM• No eDiscovery capabilities
• Inability to manage legal/audit/business holds• Allows easy sharing outside of the firewall• Security (physical and data)
• “Lost” sites will still contain content and….access permissions (which may have changed)
• No customization (it is a configurable application)• Could lead to… Silos of Information
Can Risks be Mitigated?
• Given that “most” cloud applications do not have RM or IM capabilities what can be done to mitigate this issue?
• Is it really feasible that someone using Dropbox will diligently and consistently move “records” from Dropbox to ????
• Even if you have a dedicated RM system, how/who will make the transfer and code the record(s) correctly?
• Can you, through policies, create manual RM areas in the cloud application to store records? How will that work? Who is responsible for creating the RM area? Will it be in-place or a separate area?
• Can you create policies that prohibit “records” from being in a cloud application?
• If cloud applications cannot provide RM or IM, it is up to the individual companies to ensure that requirements are satisfied
• Open discussion
IT Requirements System Design System Implementation
The Future CompanyToday’s Company