A guide to modern records management challenges
A comprehensive collection of articles, videos and more, hand-picked by our editors
While cloud computing is the hottest of hot topics, businesses can be lukewarm when it comes to privacy, security...
and information governance in the cloud.
But recent events such as Edward Snowden's revelations about mass surveillance at the National Security Administration have turned up the heat, according to Else Khoury, the manager of information management services for Niagara Region, a municipal government body in Ontario, Canada. In her AIIM 2014 session "Getting Lost in the Cloud: Privacy Risks and Cloud Computing," she said that privacy has become one of the most buzzed-about issues in information management.
Khoury acknowledged that privacy in the cloud is only one of many challenges discussed at AIIM, but the problems she touched on extend into information governance in the cloud as a whole and to AIIM's overarching theme of information overload creating chaos but also opportunity.
A new approach to privacy and information governance must cut through the growing risks as organizations' data moves off-premises, while still giving users the easy access to data in the cloud that they have come to expect.
Reduce risk, but don't block cloud benefits
The key, Khoury said, is to "help people deal with risks and still do their jobs." She emphasized that speaking in abstractions about the benefits and challenges of cloud-based information isn't enough. The goal is to take high-level ideas and translate them into actionable objectives.
She pointed to leading cloud expert Ann Cavoukian's writing on the "positive sum approach" to cloud -- meaning that more of one good thing -- e.g., information privacy -- should not mean less of another -- e.g., worker productivity.
For more AIIM 2014 coverage
For ECM success, mirror how users work
The new agenda: Information management strategy
How important is retention management?
These ideas about balancing risk and reward in the cloud have echoed throughout the conference. Monica Crocker, corporate records manager at Land 'O Lakes, touched on similar themes in her session, "You Can't Hug a Cloud, But You Can Embrace Cloud Computing." Land 'O Lakes currently uses a few cloud technologies, including ShareFile for cloud collaboration and Salesforce.com.
"Your organization already has content in a cloud," Crocker said in her session, and emphasized the risks of allowing users to put information in the cloud on their own, as opposed to implementing a cloud strategy that provides information governance guidelines.
But bringing information governance to cloud-based content shouldn't block users from cloud's benefits -- it should provide those benefits with reduced risk and better efficiency. Crocker outlined an array of additional business benefits, like bring your own device support, encouraging collaboration with external partners and disaster recovery capabilities.
Steps for better information governance in the cloud
A few common denominators on governing information in the cloud emerged from these two sessions. While those who discuss cloud information governance in concrete terms may feel like a lone voice in a wilderness of abstractions, high-level ideas about reducing risk must be translated into actionable guidance.
- Set up strong contract terms with cloud providers, defining which information should be kept confidential, outlining the vendor's role and limiting exposure of critical information. Khoury referred to "operationalizing accountability." Enterprises need a plan to prevent some privacy breaches and to isolate and address those that do occur.
- Identify cloud-related roles and responsibilities not only with vendors, but within the organization. Block unauthorized access to cloud storage. As Crocker mentioned, if there are no roles and access rules set up, some businesses "would not know whose throat to choke if something went wrong."
- Involve various departments within an organization in reviewing a cloud governance strategy. What may have seemed like a problem for records managers or compliance officers now has wide-reaching legal, business and technology implications.
Laura Aberle is the site editor of SearchContentManagement.