A combination of pressures prompted Derby City Council to review its on-premise data centre strategy in 2015.
Content in the Cloud - making the right decision
Doug Miles, AIIM’s Head of Market intelligence, looks at the decision-making process for cloud deployment of document and content systems.
Cloud computing is not new. Web-based email, cloud web-development and a host of useful SaaS (software-as-a-service) applications have been available for over 10 years. Social applications used within and beyond the business are more than likely to be SaaS-based.
Everything is heading for the Cloud
What seems to be new is the growing realization that mainstream enterprise applications and core office applications are heading for the cloud with a degree of inevitability. The G-Cloud initiative is happening (albeit slowly), and decision makers are facing a choice of when to move core functions to the cloud rather than whether to move them. Included amongst those enterprise applications are document and records management systems and corporate collaboration suites, and these throw into sharp relief the issues of security and governance that can often be weighed off in other web applications in favour of cost-saving or flexibility.
Each organization needs to set its strategy based on that balance, and, most importantly, review the decision as they gain experience of cloud offerings, and as the services themselves grow and mature. In a recent AIIM survey, 41% of respondents consider cloud will become the de-facto deployment for general IT applications in their organization within 3 years - including document and content management applications - rising to 77% who see it happening within 6 to 8 years.
It should, of course, be realised that there is a broad spectrum of cloud services from local outsourcing to consumer-style apps, and often it is the latter that make the running in the perceptions of stability, security and compliance. However, business users and managers are often prepared to disregard these shortcomings if it helps get the job done more quickly and simply. Indeed, a reluctance on the part of IT, and in particular records and compliance managers, to provide official, cloud-based file-sharing and collaboration platforms has resulted in the wide-spread adoption of un-governed file-sharing applications, many of which can best be described as “consumer-grade” when it comes to security and rights management.
Consumer-Grade File Shares
In the AIIM survey, 30% of respondents are seeing increasing use of unofficial cloud content management services and file shares, and it is likely that many more are unaware of more covert use. Whilst 19% prevent access to non-approved sites, and 45% have policies limiting their use, only 5% have an “official” cloud-based alternative. The need to share content with project groups outside the firewall is given as the most likely reason users and managers are by-passing on-premise content management. They also like the convenience and simplicity, and the better mobile access. Unfortunately, managers frequently adopt “consumer-grade” services such as Dropbox, paid for on a company credit card – or worse still, used at the free level, which is likely to lack basic security and administration functions.
The answer for those charged with maintaining security and compliance is to provide a suitable alternative. Enterprise-grade cloud file-share and content management systems are likely to offer secure logins, partitioned security, version control and even content-based workflow. Some will also synchronise content selectively or completely between on-premise content systems and the cloud. This seems to be a popular approach to achieve the sharing and access of the cloud whilst reflecting the security and governance of the on-premise system.
Security and Location of Cloud Data
Much has been written, of course, about the issue of datacentre location for cloud services, and one of the objectives of the G-Cloud project is to overcome this objection. Many cloud service providers can also offer assurance of where the data is stored. Security and continuity is perhaps less easy to assess. In the AIIM survey only 4% of those using any SaaS or cloud services had suffered security, reliability or data loss incidents, and 37% do not see data in the cloud as any more vulnerable than on-premise, including 10% who feel it is safer.
Stairway to the Cloud
The AIIM survey report sets out the following recommendations:
- Create a directory of SaaS, cloud and other off-premise applications in use, and record satisfaction levels and experiences among users.
- Pay particular attention to the use of cloud-based file-sharing. Rather than forbidding use or restricting access, set a policy that only business-grade applications are to be used, and free subscriptions are to be avoided in favour of paid-for versions .Better still, select and deploy an approved application or service, and help users adopt it safely and quickly.
- Press for an agreed strategy regarding cloud deployment of IT applications to include:
A general and considered view on fundamental desirability within your model of business operations. Consider IT departmental costs, equipment depreciation models, consolidation of subsidiary sites, mobile and remote activities, office costs and data center costs.
If security is an issue, undertake a risk analysis and compare service level agreements. If connection bandwidth and reliability is an issue, monitor uptimes and capacity of existing links and consider upgrades to the next level.
Take a view for each major area of application. Consider potential operating benefits as well as cost benefits of the cloud against security, availability and integration implications.
Have a specific strategy view on content and records, e.g., cloud as the only copy, cloud for “published” copies, cloud replicated to on-premise, cloud for external collaboration, cloud for archive
If you have little experience or expertise in on-premise content management, beware of replicating the same “digital landfill” in the cloud. Take training and advice.
Be sure to include business users in your strategy-setting process
- Set a priority timescale for a phased move to the cloud on an application-by-application basis. Be sure to monitor experiences for each deployment to inform future progress.
- Consider as a priority those applications that would benefit from wider access across the enterprise (subsidiaries, field-based staff, mobile, etc.) and involvement with partners, customers or suppliers outside of the firewall.
- Project collaboration and document approval is likely to figure highly on the prioritization list. Be sure to evaluate “designed-for-cloud” offerings as well as extensions to existing on-premise systems.
- Do not assume that scanning, capture and records archiving are the least likely applications to benefit from cloud deployment. Take the parallel with your existing outsourced box-store arrangements, and also consider the combination of outsource scanning and capture-to-cloud.
Get Up to Date
The AIIM Roadshow in June will be a great opportunity to hear keynote presentations, round table discussions and vendor offerings exclusively oriented towards content, records and information management – on premise, in the cloud and on mobile. Register now for more details: www.aiimroadshow.org.uk
The AIIM Industry Watch report “Content in the Cloud – making the decision” is free to download at www.aiim.org/research