Capture: The ideal application for Cloud

Kevin Neal

Community Topic(s):

Keywords: capture, cloud, processing, security, saas

Current Rating:
(0 ratings)

Capture:  The ideal application for Cloud

 

As I was brainstorming on a topic to write for this blog, I was inspired by Bob Larrivee's latest AIIM community blog entitled "It Came From The Cloud” (http://www.aiim.org/community/blogs/expert/It-Came-From-The-Cloud) where he asked some simple, yet thought-provoking questions.  So this begs the question why anyone would resist such obvious benefits of “cloud” (http://www.aiim.org/community/blogs/expert/A-cloudy-future-for-document-capture)?  I’m sure there are many legitimate concerns and issues but I would like to focus on the concern of security for the purpose of this blog post.

These days the term "cloud" as it relates to usage in corporate enterprise typically engenders strong feelings one way or the other.  Benefits such as quicker application deployment, reduced IT costs and the ability to offer a more feature-rich experience to workers is not often debated.  What is debated, and is a reasonable discussion, is the viability of "the cloud" from a security standpoint.

Security: Technology versus Trust

These concerns are well founded and should be addressed but we should definitely draw a major distinction between the technology itself and whether a provider is trusted with data.  Therefore, when we understand this distinction between technology and trust, the cloud should not be discounted as a legitimate option for enterprise simply due to fear alone from a technology perspective.  

Below is a short list of various security items that should be considered when contemplating a cloud strategy.  This short list is not by any means an extensive list of security items to consider, however, please ask yourself this, for each one of these items is an individual business or a mass data center more equipped to handle capabilities?  For those who would really consider the question of whether on-premise or cloud is more secure then the conclusion to me is clear.

  • Private clouds - Dedicated servers and databases to only one organization
  • Physical access - Limit access to only those that might need to physically touch equipment
  • Data encryption - Encrypt data in motion and data at rest
  • Device authentication - Trust devices in addition to users
  • System updates and patches - Apply security updates as soon as possible
  • Secure disk wiping - Securely erase temporary data from disk drives
  • Network architecture - Databases beyond firewalls and web data on front-end servers
  • Logging - Track all activity to detect intrusions
  • Policy/Governance - Consistently review policies and procedures for improvement

Conservative cloud adoption by Enterprise

While I certainly would not expect major enterprise organizations to jump in head-first and move all their data and applications to the cloud, what does make logical sense is for them to move transactional applications (versus storage applications) to the cloud.  Specifically, moving "Capture" to the cloud makes complete sense.  Why?  Capture processes images only temporarily then stores the data wherever you'd like, including in the security-hardened ECM system.  In other words, the capture application does not store images or metadata in a database.  Capture is a processing activity, not storage and retrieval.

One other observations about Cloud for the Enterprise; I can absolutely see a trend towards building massive infrastructure now in preparation for delivering robust applications eventually.  Having attended Cloud Connect 2012 (Santa Clara) http://www.cloudconnectevent.com/santaclara/, it was remarkable to see the level of interest among major IT providers and well-known Enterprise organizations.  Without a doubt, the infrastructure is being implemented now for what will be an onslaught of cloud services in the not-too-distant future.

Major adoption by Small and Medium-Sized Businesses (SMB’s)

In contrary to Enterprise, Small and Medium-Sized Businesses (SMB’s) have to make a decision on how to improve efficiency with no or limited IT resources.  For SMB, the cloud offers opportunities like never seen before.  Why?  Because a shared resource makes sophisticated technology available to a greater audience.  Why?  Because costs to the vendors are decreased through mass-consumption by users and this allows vendors to make these advanced technologies available to the masses.  Also, and from a security perspective, using cloud storage and capture as a rented service from providers allows SMB organizations to focus on their businesses instead of burdened by maintaining technology.  When the choice is to not utilize any technology and continue to process paperwork manually, or to utilize cloud technology to capture, store and retrieve with a little, yet limited, risk, it’s clear that SMB’s have chosen limited risk with great efficiency improvements.

Like never seen before, SMB’s are empowered to create a mash-up of useful business applications without the high cost associated with doing-so.  Clearly there is an undeniable trend towards Cloud Storage from providers such as Box, Evernote, Catch, Google Docs, Dropbox, etc. and Cloud Capture is a logical complementary technology to further improve efficiencies and decrease operational costs.

 

Next steps: Being indecisive is inefficient

With such overwhelming evidence that adopting cloud services makes sense then the next logical question is “what now?”.  Clearly security is, and should be, a major concern for enterprise as well as SMB, but with enterprise the stakes are much greater.  SMB inherently has this element of risk/reward that drives them to make business decisions quicker.  The topic of “access vs. security” balance is often discussed within the ECM industry and the truth is that you have to find a balance of making information available to users, yet also making sure the data is protected in a responsible manner.  SMB that does not have dedicated IT resources can utilize “the cloud” to improve business efficiency at minimal costs and trust that security is taken care of by their storage provider.

There are many wonderful solutions available right now for businesses of all sizes to benefit from “the cloud”.  For example, for an organization to migrate e-mail, CRM, expense management, document management, corporate web site and an accounting system to 100% cloud today is do-able.  With known monthly operating expense costs and no IT burden.  Also, these cloud applications are not cheesy, cheap applications; these are robust, Enterprise-ready applications that are now made available to everyone which are easy to use and secure.

What do you think about “the cloud”?  Is it a fad?  Will it be embraced by Enterprise?  Is it secure?

Report

Rate Post

You need to log in to rate blog posts. Click here to login.

Add a Comment

You need to log in to post messages. Click here to login.

Comments

Ashley Gilmore

What do you think about “the cloud”? Is it a fad? Will it be embraced by Enterprise? Is it secure?

Clearly "the cloud" is not a fad. Organizations have been embracing the core concept since the advent of email. Is it secure? Security is such an interesting topic and its one everyone seems to be focused on. As you pointed out in this blog there are several methods for utilizing the cloud all with different grades and levels of security. I think a lot of times these conversations lose track of how secure the existing systems already are. Most web-servers are getting attacked a dozen times every single day in hopes of garnering the hacker access. These attempts fail consistently because of the protections companies have in place. However, there are existing security holes in every organization. The biggest threat to corporate security is the employees themselves not the gaps in the firewall or the level of security on the network. Employees stealing information by utilizing a USB is a prime example. The benefits of cloud computing allow companies to track and monitor file access in very manageable ways that were never before possible. Simply because the information is stored internally doesn't make it safe. In fact I would argue that most companies can't afford the security that cloud providers offer. If you think your internal network is secure check this out and tell me how safe you feel http://www.wired.com/wiredenterprise/2012/03/pwnie/.

Dealing with the bigger target debate. The simple solution here is to go to the private cloud, which will shrink your target. The fact is for the SMB this can get costly and generally doesn't offer the feature robustness offered through public clouds; sometimes defeating the purpose altogether. Therefore we must approach this argument from a different angle. In your blog you mentioned the availability of better technology when its cost is distributed across the masses. This is definitely the case with security. Companies like Google specialize in creating security that can't be matched with your home monitoring system or your internal SMB's network. The reason is because its so important to their customers and they profit off of your security. So they are more highly funded and motivated then most SMB's IT departments to protect you. Most enterprises are losing valuable information everyday that can't be tracked and can't be controlled. The cloud gives companies a method for disseminating information without handing out easily distributed hard copies. The instant a security issue arises in the cloud an entire team of experts within the cloud provider descends on the hole and eliminates the threat asap. Can the people that bring up the security issues in the cloud say their internal IT department is as capable as the experts? A bigger threat is thinking you are secure when you aren't. Would your team even know it was being attacked?

I think its funny when someone talks about security issues in the cloud then pulls out their iPhone connects to starbucks wifi and starts doing their personal banking. I've got news for you email, online banking, social networking, and online shopping are all in the cloud. I'm guessing you feel its safe.

Thanks for the great blog Kevin!
Report
Was this helpful? Yes No
Reply

This post and comment(s) reflect the personal perspectives of community members, and not necessarily those of their employers or of AIIM International