February 28, 2012
By Scott Clinton Director of Product Marketing and
Business Development, EMC Corporation
Article

The Value of the Cloud

The promise of ECM-in-the-cloud is undeniable: Extraordinarily short time-to-value; the ability to deploy services only when and where needed; the chance to scale rapidly up and down; and a way to access expertise with zero recruiting expense.

However, with the variety of options out there—public, private, hybrid, etc—choosing the right approach often seems to require extraordinary effort. Get it right and you are a hero, get it wrong and the organization may be paying for it for years to come.

Regulatory requirements are not going away and ultimately it is the business that is liable for any information mishandling or misuse. The legal demands of e-discovery now apply to everything whether in the cloud or your datacenter. And one Wikileaks headline could ruin your whole decade.

Additionally, every study shows that uncertainty about security remains the number-one barrier to cloud adoption. With all the headlines about voicemail hacking, mass leaks of secret cables and the theft of customer data, many enterprises are understandably reluctant to move their most vital content to a shared cloud infrastructure. Sales lead management—maybe. Contracts and HR documents—maybe not.

Getting it right means choosing an approach that leverages the benefits of cloud architecture while balancing regulatory requirements and information security concerns.

Follow the Five Steps

People want to know: Where is my data stored? How is it stored? Who can access it? How can I be sure it's there when I need it? And who, exactly, handles compliance?

Perhaps there's a strategy for moving your enterprise content management to the cloud that answers all these questions and allows you to sleep soundly at night. If so, it will be a combination of best practices and technologies that preserve the benefits of the cloud while ensuring that your new deployment effectively balances needs for security and compliance.

Here are five steps to help capitalize on the value of ECM-in-the-cloud.

1. Define an access value chain. All information is not created equal. There's a huge difference in value between, say, personnel records and drafts of marketing documents—and a huge difference in the way that kind of content needs to be stored and protected. To begin to tackle this you need to first define an "access value chain" by creating categories of documents and their attributes—for example, "Web content" to "ad hoc" to "confidential"—then map those values against the access required by corporate employees, HR, finance, regional offices, mobile employees, sales partners, supply-chain partners and customers around the world. Without a defined access value chain you can't begin to create security policies, or define ECM "peace of mind," whether you're talking on-premise or in the cloud. What access do the folks in your San Francisco HQ require, compared to your manufacturing plant in Taipei?

2. Create an information classification and control system. Once you have your access value chain, you can assign privacy, access, risk and control policies for different document types across a global enterprise. That system will define what goes in the cloud, where it goes in the cloud and what stays under local, on-premise control. Such a system does not have to depend on day-to-day human judgments. A modern ECM system will automatically assign policies, such as retention and access, to document types as they are created by different classifications of employees, or dropped in different folders. The system will assure that the documents are encrypted with embedded policies that ride with the document wherever it roams, and can render it useless in the wrong hands. Even more intelligent systems will hunt documents down—in remote offices, file-shares, employee laptops—and re-classify them, delete them or move them to safety after the fact.

3. Make your provider go through your information governance checklist. Whenever you change content strategies, you need to renew your information governance strategies, too. Create a checklist and go through it with your would-be ECM cloud provider: What kind of access will you have for e-discovery? How will retention periods be enforced? How will data be disposed of when those periods end? How will metadata be preserved? What will be the availability and safeguards for information during provider acquisitions or divestitures? What is the exportability and portability of content through your provider? What standards does your provider adhere to? How are they audited? Along the way, you will want to sit down and review provider policies and documentation. Whatever provider you choose had better have both the documentation and the answers.

4. Match your "acceptable risk" to the right cloud-public, private or private hosted. There remain plenty of options for cloud deployment, each approach handling your information in different ways. Typically, public clouds are best represented by SaaS applications where information is managed in a multi-tenant model (one big database with logical separation for each user's data) and anyone can create an account. Don't buy the line that multi-tenant is "more advanced." It can be easier to get started with, but poses the most risk as your information is comingled with others and username/password is the only barrier to anyone on the Web getting access to your information.

Private, on the other hand, is at the other end of the spectrum. A private cloud is locked behind the corporate firewall, where you have your own application platform, located in defined datacenters, and not shared with anyone in a multi-tenant manner. Using virtualization, you gain drastically improved flexibility and resource utilization—while absolutely preventing data mingling. However, it is still up to you and your IT staff to manage and maintain; leaving a lot of the promise of the cloud well up in the air.

A private-hosted cloud blends the capabilities and value of both public and private, offloading the infrastructure investments, management and maintenance to the cloud provider. With defined datacenters and VPN access, the private-hosted cloud becomes an extension of your existing datacenter, lowering the risk of unauthorized access to the same level as a hardened, on-premise installation. Now it is perfectly possible to get the same rapid scalability, maintenance, shared expertise, and code-upgrade leverage that multi-tenant environments enjoy—while absolutely preventing data mingling.

5. Speed adoption with a hybrid approach. Did you notice that the access value chain, above, assumed that some data might not always be kept in on-premise installations? A mix of private/private-hosted cloud approaches with locally controlled, on-premise storage can help you overcome the principle internal objections to cloud deployment and get you moving. Tell your colleagues that there's no need to throw out your existing infrastructure, business disciplines and carefully constructed security before you begin leveraging the cost savings, easy optimization and time-to-value of the cloud. Using the hybrid options built into modern ECM solutions, you can move the right information assets carefully and incrementally off-premise, while protecting your most vital data assets and hard-won investments.

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

The Value of the Cloud

Follow the Five Steps

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

TRANSFORMING ENTERPRISE KNOWLEDGE: THE JOURNEY TO SAFE, SECURE, AND TRUSTWORTHY AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars