TrendWatch Blog
Record Managers and the threat of Cloud Computing
19-Oct-2009 --
Last week I hosted a panel for ARMA that discussed compliance and records management issues related to Cloud Computing. It proved to be one of the most thought-provoking sessions I have been involved in for a long time. For what became abundantly clear from very early on was that records managers and compliance officers really need to get their head around Cloud Computing, and fast.
In the session we spent some time explaining that for every vendor out there that claims to have a Cloud solution, only one in ten really has. That "Cloud" relates to a virtualized world utilizing the internet as a network -- whereas hosted and SaaS options (the 9 out of ten) almost always have a specific data center location that they operate from.
This short blog entry is no place to get into the intricacies of this topic, so suffice it to say for now that with most hosted and SaaS options you can impose an SLA that will tell you, at any time you need to know, exactly where your data resides. With a true Cloud option, this is simply impossible - nobody (literally nobody) actually knows where your data resides. That is currently a complete no-no for most regulated data.
Secondly, when Cloud-based vendors tell you that you never need to delete anything, that this is the beauty of the Cloud (many do), you need to run a mile in the opposite direction. The secure disposition of data is a legal requirement, with the onus on you the data owner (and not on your technology supplier) to dispose of data and show how you did it. You need to know exactly how data is disposed of, and how that can be verified. Keeping everything forever is not a legal option.
The Cloud is a truly amazing development in computing, whether we take the Grid or the Supercomputer route - but laws are laws, and technology vendors don't write them, and if they don't like them they need to lobby politicians to change them. Simply ignoring laws you don't like, or willfully breaking them is not an option, even genuine ignorance is no defense. Just for the record I for one believe that Cloud Computing is a very important element of our computing future, but IT departments need to figure out the implications of what they are getting themselves into before signing up to such services, both Legal and RM departments need to be involved in drafting such agreements from the get-go.
As subscribers to our ECM research full know, retention and disposition are the core principals of RM, and Cloud Computing brings into question the relevance and value of both principals. Personally speaking, I think Cloud Computing is the biggest threat RM has ever faced, yet the world of RM is still trying to get its head around how to deal with the decades-old problem of e-mail, and the Cloud remains on the distant horizon for most.
My concern is that there could come a time where RM -- not legal compliance but good old fashioned information management -- will become an irrelevance; that would be tragic, but that time could come, and sooner than some may imagine.
- Submitted by: Alan Pelz-Sharpe, Analyst - Twitter: cmswatch
Join the conversation
Get a Free Sample
Wondering about CMS Watch research? Sign up to receive free samples of any of our products.