Backup and Governance
Showing results for 
Search instead for 
Do you mean 

Information Governance: Breaking Down Cloud Archiving’s Façade of Risk

JoeGarber on ‎07-17-2013 08:55 AM

I’ve noticed more and more businesses adopting various cloud-based (or hosted) solutions across their organization.  According to the 2013 IDG Enterprise Cloud Computing Study, 61% of organizations have at least one application or a portion of their computing infrastructure in the cloud.  Of course, survey results don’t tell the whole story, but I’d argue that when critical or sensitive data is involved, more and more organizations are turning to cloud solutions to help manage their data – particularly organizations with highly sensitive data that is being managed.  It raises the question: why aren’t even more organizations adopting cloud-based solutions – i.e., why not the other 39 percent?  The answer is often misinformation and misconceptions. 


This is especially true for cloud-based information archiving.  We’ll often hear a wide range of concerns that aren’t always true all the time:  data will be held in an unknown facility lacking sufficient security; data cannot be tracked, disposed of, or audited in any way; users will have less access to their own data; data will be comingled with data from other organizations; it will be more susceptible to unauthorized access; and the organization may not have full ownership of their data. 


In this and my next few blog posts, I’ll lay out these concerns, provide more context about each, and explain when these concerns may be true and when they are not. 


A cloud for every purpose


First and foremost, not all ‘cloud archiving’ providers are equal.  Not all providers will be able to offer the specific tailored solution to meet your specific business requirements.  But one provider’s inability to meet your security or datacenter location requirements, doesn’t mean all cloud solutions are risky.  As with any solution, business requirements and level of risk tolerance should be the driving factor.  For example, a company that places a higher priority on reducing in-house storage costs might work perfectly well with a cloud archiving provider with SOC2 datacenters that enable significant storage savings, but might not offer multi-level authentication and dedicated/encrypted VPN tunnels. 


How secure is your security?


While not all providers will offer the absolute bleeding edge in security methods, most of them will offer security that is well beyond the security capabilities of even the largest companies.  With security as a top priority for their customers, cloud providers invest and dedicate many times more resources in security than most organizations.  Rather than expending sometimes limited resources to match datacenter-grade security, companies can take advantage of a cloud provider’s robust security capabilities and continue focusing on core competencies and business priorities.


Reap the rewards, skip the risk


While the riskiness myth still accounts for much of the feedback on cloud usage, cloud providers can actually eliminate many of the risks present in an organization’s IT processes.  Data residing on-premise within a company is going to be much more accessible by its employees for better or worse, and introduces the risk of human intervention as a result of this accessibility.  Today’s IT staffs are stretched thin and must manage many aspects of security, data backup, disaster recovery, and software/hardware maintenance.  Should IT mistakenly miss a critical security patch, forget to identify a failed backup, overlook a failed replication set, or install an untested application, data can easily be lost or opened up to outside parties.  This is not an uncommon occurrence, as evidenced by recent headlines. Especially, when high profile companies are involved with the loss of personal and financial information.  Inevitably these potential mistakes stemming from human error likely will cause organizations to fall out of corporate, industry or regulatory compliance, with potentially severe repercussions.


On-premise systems are not the end-all, be-all for information governance either. There are many situations that can lead to the breakdown of mandated information governance policies.  For instance, when physically collecting PST’s from thousands of remote employees via USB drive, email, shared drive or FTP, with hundreds of terabytes of data and hundreds of millions of emails, the probability of fully accounting for this data is diminished, increasing risk especially during litigation.  It is very difficult to proactively identify and manage data that resides in across thousands of repositories such as end users laptops with uncontrolled PST files, much less apply legal holds or governance policies on this data.  This unmanaged data will remain discoverable and could impact an organization’s ability to defend their governance and retention policies.


When data is hosted with a cloud provider, many of the potential risks described above are mitigated.  Their processes are automated, take place within a secure datacenter, require minimal human intervention, and all data regardless of sensitivity is treated equally.  Most cloud providers enable sophisticated and automated replication, high-availability, and disaster recovery systems and processes across multiple geographic locations to ensure that no data can be lost. This also removes the need to physically transport data.  Providers can demonstrate consistent, repeatable, and defensible processes regardless of any potential situation enabling near 100% uptime, or at least greater uptime that can be provided by most organizations. Choosing a provider that holds the appropriate certifications (e.g., SOC2), meets your internal mandated processes, and executes contracts that include defined SLAs can help lower an organization’s risk.


The confidence of organizations toward the cloud continues to increase even in the face of perceived uncertainties.  As providers enable cloud archiving services that deliver security, automation, compliance, and disaster recovery capabilities beyond what most organizations can achieve, CIO’s and other decision makers will need to seriously address the value that cloud archiving can bring to better meet their business requirements.  For more information, check out the Knowledge Vault Exchange series on Dispelling Myths About Cloud-based Archiving

0 Kudos
About the Author


Joe Garber is Vice President of Marketing for HPE’s Information Management and Governance business unit – a division of HPE Software. In this role, he leads thought leadership, product messaging and go-to-market efforts for the organization’s Adaptive Backup & Recovery, Information Archiving, Secure Content Management and eDiscovery businesses.

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all