By Dan Elam, Chief Operating Officer
June 07, 2011 - 11:49 AM
This week Apple unveiled the industry’s worst-kept secret: their iCloud offering that permits users to store information in the cloud and make it accessible via PC, tablet, and mobile devices.
Add yet another headache for records management.
Managing data inside the firewall hasn’t been particularly easy as evidenced by the fact that we have a multi-billion dollar industry devoted just to that. And now the iCloud permits documents and other objects to be stored in the cloud but synchronized to various devices. It’s enough to make people in our industry walk around in a daze before the central nervous system breaks down with Tourette-like mutterings. Now we have to figure out which ones are records, how to manage them, whether legal holds are even possible, and whether we have any hope of actually performing basic functions like compliance with disposition.
For example, iClouds will store your photos for 30 days. That should be ample opportunity to copy it to a PC and then let the records management system take control. But not always. And since Apple doesn’t let you control the retention schedule, does that mean you adjust your corporate policies to match Apple, ignore it, and deny users the ability use the cloud? No easy answers.
Legal issues can certainly be a nightmare with the cloud. To get date from your computer often required a search warrant and a pretty compelling argument in front of a judge. But now, a simple rubber-stamp subpoena to your ISP or wireless carrier can get a treasure trove of information with the same legal review. Cloud offerings like iCloud and those from Amazon and Google don’t just store your documents – they actually analyze your information to determine what ads to serve you and how to maximize revenue. Already Google has the ability to “read” the email in Gmail and determine conceptual links to users and concepts that exceeds the best of what today’s eDiscovery forensic tools can do. These same tools can be a treasure trove in FOIA or legal “fishing expeditions” because they do the hard work of analyzing your content and finding out patterns you may not even know.
What happens if the cloud goes down? Amazon had a famous failure a few weeks ago that brought large chunks of the internet down. Cloud services are inherently built to be stronger than what you can provide in-house, but Amazon’s failure demonstrated that some of the very things that are designed to protect the cloud can be it’s downfall. (In Amazon’s case, the servers are designed to have failover and copy data in the event of inevitable failure for such a massive system. Amazon expects it and plans for it and uses a robust copy and replicate feature. A bug caused a vast number of the servers to simultaneously begin transferring up to 500GB to other servers. It’s a bug that could only appear in such a massive system as Amazon’s or large systems like Microsoft, Google, and Apple provide.)
Privacy will remain a big issue as well. Google stores data on servers around the world, including China. Once the data is stored in that country, it becomes a grey area of jurisdiction. In France, some personal information may not be stored at all and sometimes it may only be stored for short periods of time. Some information must remain in France and cannot leave the country except under special circumstances. The cloud services do not “know” the type of data being stored and therefore may violate local laws – or worse – cause their customers to violate local privacy laws. US Government data is not supposed to be stored in China, but Google argues that the data can be stored there as long as no one in China is allowed to view it. With the Chinese government strongly suspected in a series of recent phishing attacks to gain access to dissidents who use Google Gmail, how would Google reply when faced with a Chinese court order for discovery. For that matter, how many US attorneys are going to argue that they don’t need to produce the information for a US client because the data is stored overseas and therefore not subject to the request.
Clouds are coming and they will bring many benefits. Improved records management is not one of them.
Rate Post
You need to log in to rate blog posts.
Click here to login.
Type the code shown below to submit your report
This post and comment(s) reflect the personal perspectives of community members, and not necessarily those of their employers or of AIIM International
