The “Cloud” and “Virtualization” have been driving forces behind the paradigm shift well underway for creating, storing, and managing electronic information. Does your company’s information go across national borders? If you have a role in managing information at any level in your company, should you care?
“Cloud” and “Virtualization” services have become mainstream methods for delivering technologies to create and store electronic information, and are in use by companies around the world. Are they in use in your company? Should you know? Should you care? What are the associated data security risks? Should you worry? Should compliance and information management professionals outside of IT’s decision making realm have a place at the “Cloud” and “Virtualization” decision tables? Why? Your competitors are likely using virtualized servers. Is your company?
Cloud services have developed at a rapid pace as virtualization has matured. Cloud and virtualization services are opportunities to leverage hardware and software assets to more cost effectively and efficiently provide access to electronic information. Virtualization allows internet based companies to assemble large numbers of inter-connected physical servers and storage devices to provide computing capacity for hundreds and thousands of companies like yours. Shared resources, economies of scale, fewer IT network administrators… what’s wrong with this picture?
Many companies lack total control of the information which resides within the physical limits of your company. Many organizations do not have a data map which identifies where every instance of information resides on your internal network infrastructure, and which incorporates retention requirements? If your company is like most, this may sound familiar.
Move access to your information out of your direct control to unknown locations on the internet, to vendors who may provide service to your company by reselling cloud services from other vendors. Do you have HIPPA information, SOX information, other information which must be kept confidential and segregated when it is stored within your company? How do you ensure your data stored in the cloud is not co-mingled in compliance with your internal requirements, AND if your data is co-mingled with unknown numbers of other companies on virtualized hardware?
Where does your cloud data physically reside? In what country are the servers and in what country are the storage devices. They could be anywhere in the world. What information privacy rights will you encounter in the normal course of business and in discovery? How can you be certain information is segregated, secure, and have access to remain in compliance with legal, regulatory, and management requirements? How do you put a legal hold on information that is physically stored in other countries?
To the uneducated, engaging “Cloud” and “Virtualization” services would seem to be exclusively IT decisions. As the person in your organization responsible for management of information for compliance and retention, can you assure executive management that the company’s information is secure and in compliance?
“Clouds” can build into a storm for which you may be unprepared. Can you spell “due diligence?” Can you spell “service level agreement?” Are you even a blip on your company’s “Cloud” and “Virtualization” radar? If not, light up your heat signature to be certain your concerns are noted, understood, and addressed. If you as an information manager don’t have a seat at the decision table when “Cloud Services” and “Virtualization” are considered and deployed, your company and its officers could next find themselves sitting behind a defense table in court of law.