Once in awhile, as we did this past Wednesday, we’ll talk to a forward-thinking customer who realizes that the question is inevitable, whether they are creating cloud-based content or not: how to govern it?
First the Good News
On its face, the question is simple enough. With RSD GLASS, customers can govern records of any format, regardless of where they reside and how they are stored. And we allow in-place governance, which means that our customers don’t have to migrate content from the existing repository / archive / email server / storage system / physical inventory / etc. to our system. If we can do this, can we not also govern cloud-based content? The answer is the same as for any other repository: it depends.
First, it depends on what kind of governance you wish to employ. Are we talking just simple retention and disposition? E-discovery activities and litigation holds? Or are there additional lifecycles you’d like to automatically enforce, such as storage, metadata, and security lifecycles?
Second, once the governance controls are understood, we then need to determine if the repository supports those controls. If so, and if there is a means for accessing those controls via an API or similar technical interface, then the answer is yes, we can govern that content.
And that is true for cloud-based content as well. Re-read the previous paragraph, substituting “repository” for “cloud provider”, and our position is clear: if the cloud provider supports the governance control, and if they provide a means for leveraging it, then yes, we can govern that content. Intuitively, this makes sense: the nebulous (heh, you see what I did there?) nature of cloud-based content refers mainly to how it is accessed: usually via hyperlink, if not through an application that hides the access from the user. In the back-end, the a cloud-based record still resides somewhere… perhaps in a SharePoint repository, or perhaps on a proprietary repository specific to the cloud provider. All the provider has to do is expose the services offered by the repository, and we’ve got ourselves governance.
Mind you, not all service providers support these types of controls; many did not take governance into account when architecting their offerings. If you are in the market for a Repository-As-A-Service type offering, and if you want the option of governing cloud content in place, these are important questions to ask before you sign.
Location, Location, Location
But hold on there, Sparky, there is an important consideration that is usually forgotten. But ignoring it can put your company at serious risk of violating important data privacy statutes. We know, despite how the information is accessed, that at the end of the day, it’s sitting there somewhere. Where? No really, WHERE? One of the key benefits of adopting an information governance approach such as the one enabled by RSD GLASS is the ability to demonstrate that you are managing your company information in accordance with applicable laws and regulations. Cloud providers may move data around their infrastructure to maximize internal resource utilization, and minimize cost. They have the ability to move information from, say, a server in France to another in India. From the user’s perspective, this migration is transparent. The same http or https still returns the requested record. From a compliance perspective, however, this could represent a specific violation of European data privacy laws. And no governance technology would be aware of the violation, nor would it be able to prevent it.
The Trend: More of This
I won’t lie to you: this doesn’t come up much. Of the customers and prospects I visit, maybe 1 in 5 currently keeps records (mostly email) on a cloud-based infrastructure. But the trend is clear: this issue looms on the horizon. Asking the right questions now will enable you to govern this content with the same confidence as content on traditional repositories and storage systems.