Third in a series
From SaaS-based HR and payroll to sales CRM, cloud applications have become a focal point for businesses today. While many typically do not accumulate large volumes of content, what is being stored in the cloud could be of a sensitive nature. This quickly raises concerns about the need for security and compliance with legal, regulatory and industry guidelines. Common questions being asked by business leaders include: Is our content safe from prying eyes? Is it stored in a legally compliant way? Can I get it out if I need to?
AIIM Research finds that the top three concerns in relation to cloud-based systems are exposure of confidential or private data, meeting legal requirements for data privacy and regional locations, and ownership and future migration of the content. Additionally, other content-specific needs and concerns include the setting and management of retention periods and the long-term outlook in terms of accessibility, backup and cost.
To overcome these issues, many cloud collaboration products have been adding security features and standards compliance. Some have focused on data protection and encryption as core features from the start. While these have helped reduce concerns about privacy and security, the fact remains that those concerns still exist.
Secure within the Private Cloud
From a holistic perspective, security is not just locking down information, though that is a big part of it. Security also includes things like longevity of supplier. If your solution provider goes out of business, not only is the app unsupported but you lose access to it and all of your content. You want to feel certain that the devices you use will allow you to access and capture information without exclusion. In times of catastrophic events, you want to know that your information is secure and recoverable and any downtimes are kept to a minimum.
A private cloud, residing and managed behind the corporate firewall, provides full control over how it is configured in relation to records and regulatory guidelines. Content can be encrypted within the repository at many levels including at the document level in alignment with records management policies, and when the content is in motion as in retrieval. Access control is managed centrally across the various cloud nodes within the enterprise and also integrated with external security systems.
The question of ownership is no longer at issue since this is resident and managed within the business environment. Content is managed in place and migration occurs automatically when configured to do so. Primary records are maintained with pointers to redundant copies used only for recovery. In this way, vital records are securely maintained and presented in accordance with records management and compliance policies while managing risk through redundancy.
Disaster preparedness is managed through the creation of redundant information dispersed across several nodes within the firewall. If a node should drop from service, the failsafe mechanism automatically redirects activity to the next node seamlessly for business continuity.
While traditional client-based applications provide various levels of information protection, extending beyond the firewall becomes a challenge. Access to several systems may have to be extended in order for external parties to be part of a collaborative effort. This means that IT needs to set up profiles in several applications, creating a potential breach risk if not managed carefully. Private cloud protects content from the time content enters the system and throughout its lifecycle – even when content is in transit. External security systems can be incorporated to manage access rights and role-based access from a common location across all cloud nodes. System monitoring capabilities and audit trails oversee and record every activity that occurs within the private cloud.
A big concern with applications in the public cloud is how to integrate them with existing on-premise applications – particularly dedicated RM systems – and how to maintain that integration in multitenant situations in which software updates can be made at any time. A private cloud allows integration with records management solutions to classify, store, manage, and dispose of physical and digital corporate records based on records management policies and retention guidelines.
Delivering Value and Security
In an effort to curb unofficial use of pubic-cloud applications and establish approved and managed cloud tools, businesses are exploring their options. Private cloud allows content to be securely managed in place, across the enterprise, using centrally managed security and records management controls to meet regional and industry compliance requirements.
Access is provided to authorized personnel at an individual or role-based level, ensuring that only those who have the right to it can access information. This is supplemented by monitoring of the system with audit trails recorded and used for analysis and proof of information integrity in times of audit or litigation. Private cloud provides a secure environment, ensuring that information assets are protected and compliance is maintained, even to DoD 505.2 standards.
A private cloud delivers the value seen from public-cloud applications but its on-premise placement, behind the corporate firewall, alleviates concerns about privacy and security, recovery, and interoperability between applications.
Bob Larrivee is Director of Custom Research at AIIM. Andrea Chiappe is Director of Innovation and Strategy at Systemware.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]