Archive | Cloud RSS feed for this section

Records Management – Pie in the Sky (Or Should I Say Cloud)

You know, records management is not pie in the sky, or should I say cloud? Whether you are, or thinking about using Office 365, or a different cloud vendor, records management is certainly not advisable in the cloud. Why? The main reason why you may not want to use the Office 365 – is if you have to meet some Records Standards such as DoD 5015.2, ISO-15489. Although, it is possible to use SharePoint with a third party records management solution to meet those standards.

Another reason that you may not want to put records in Office 365 is that within the Microsoft cloud based approach your data is kept on one or many servers and the complete disposition of records – “true” delete is not possible within Office 365 as there are backups that have copies everywhere.

Having your records being sent to servers outside your home country may also be a deterrent and also not be an option for some organizations. For example, the Canadian government does not allow data to be placed on foreign/US servers.

Most of our Office 365 (not all), view the cloud as a venue for ‘non secure’ collaboration. Whatever that means. Maybe it’s only my gap to bridge, but if you have information communicated with colleagues, partners, vendors, and an array of third party individuals, how would you know if information that should be tagged as a record somehow got intermingled with your ‘non-secure’ collaboration? Most likely you wouldn’t. The same would apply for security breaches or data exposures.

I still think there are quite a few considerations using Office 365 or similar animal. Without a plan, records management and security are just two of the issues in the cloud. What do you think? How did or will you handle?

Comments { 0 }

Do we need a Hans Brinker for Office 365 Security or is the flood unstoppable?

As a matter of fact, the story of the little boy who stopped a leaking dyke and saved the town from a flood, wasn’t really named Hans Brinker. The poor little guy was never given a name in the story, and readers got confused and called him Hans Brinker (of the silver skate’s fame). After almost freezing to death as no one ever came to find him until the next day, he did end up saving the town.

And, you may ask, what does this have to do with cloud security? In mid-February, Microsoft made available to the masses multi-factor authentication for Office 365, including security enhancements for those using Yammer in SharePoint. Any vendor that adds additional security precautions gets a plus in my book. Unfortunately, cloud security, or even enterprise security still needs to evolve.

I think the security marketplace should being to turn towards security at the content asset level, as we do. We no longer need analysts to tell us of the burgeoning growth of unstructured content. We know it, most of us encounter it every day (which is why I can no longer find the files that I need). The issue is not in the security architecture or strategy, it is the inability to identify potential sensitive information exposures that are unknown. Sensitive information exists in documents, scanned items, faxed items, emails, and could be in any unstructured or semi-structured content. Many security applications provide the ability to recognize industry standard descriptors such as a social security number or credit card number, other sensitive and confidential information can exist that contains information the organization does not wish to share.

Most exposures are caused either intentionally or unintentionally by the organization’s own staff. They can prove costly, damage brand, and increase organizational risk.
Similar to our poor little nameless boy, the problem was miniscule as all he needed was an eight year old finger to avoid a devastating flood. The same with unstructured and semi-structured content, a small hole can also bring down an organization.

Comments are closed