An increasingly common questions that we hear working in the area of document and records management is “What do we do about the Cloud?” Although most of our customers are deploying SharePoint and RecordPoint in a traditional ‘on premises’ configuration, increasingly we are being asked about Cloud options. 

For all organisations the benefits of moving to the Cloud are compelling. Cost savings implicit in no longer having to maintain infrastructure, being able to focus on core business rather than manage servers or software applications are usually the starting point. Cloud models are also implicitly more agile and flexible, allowing organisations to deploy new services and capabilities quickly and cheaply, scaling up or down quickly as the needs of the business change. 

The compelling benefits of Cloud models mean that rather than resist this change, information professionals need to think about models to manage these obligations in this new world. We need to be ready, to ensure we meet our obligations to govern and manage content effectively, no matter where it is stored.  In many ways this is a tremendous opportunity that means that the skills and experience of information professionals will be even more valuable due to the increasing complexity of the information landscape. It does mean, however, that the ways we think about content management and the tools we use need to change. 

The fundamental issue for an information or records manager is that the data is no longer stored on the organisation’s services/infrastructure. This could mean the data is stored offshore and in some cases, you may have no idea where it is stored. Moreover, it could mean that third parties have theoretical access to that content. 

This leads to the potential to breach particular legal requirements. These vary between industry sectors – clearly public sector and government agencies have many specific obligations that do not apply to the private sector. It also varies depending on the content –not all content is the same. However, as an example, all organisations in Australia have obligations under state and federal privacy legislation to manage information about people. Storing this data in a Cloud SharePoint environment based in another jurisdiction with different laws could potentially expose an organisation to a breach of their obligations. 

For government organisations the management of records is an obligation that requires careful consideration before moving to the Cloud . As another example, for law firms there are issues that relate to discoverability and legal professional privilege that are an impediment to offshoring data.

A number of issues can be solved by focusing on the contract with your Cloud provider. If you need to keep data on shore, deal with a provider who can guarantee this. Ensure that any obligations that you have under legislation or just simply to manage your legal exposure are clearly defined in any contract. If you need to ensure that the data cannot be accessed by anyone without appropriate permissions, then look at models that encrypt the content.

However, legislative and legal obligations aside, there is likely to be data that you will never want to store in the Cloud which is less to do with the law but more the appetite of the business, due to the value of the information or the risk to the business if control was lost no matter how strong the encryption or watertight the contract. 

Most organisations are likely to end up in a hybrid mode with content on a SharePoint server on premises and some in say Azure or the Office 365 Cloud, at least for the foreseeable future. This is until the legal and regulatory framework and the business culture that exists can catch up what the technology offers. We are seeing a number of our customers who are actively considering a mix of SharePoint in the Cloud (most commonly on Office 365) for day to day documents and on premises for more sensitive content.

For information managers, a more practical issue is simply having the capabilities to manage content in the Cloud. This is going to be a greater longer term challenge than the regulatory challenges. Solving this requires you to rethink your strategy around information management and governance on a number of levels. You need to break apart your information governance structure and think about the process for assessing content that you can take to your SharePoint Cloud and content that will remain within the organisation – how is this decided and by who? Once you have defined these policies and processes how can you implement them effectively and consistently?

Again technology can play a part here. Picking a solution that can manage and apply control to your content no matter where it is stored is going to be critical. At the moment there are very few solutions that offer the ability to manage content in your Cloud and on premises 

SharePoint environments. Traditional solutions have tended to emphasise the importance of the database or the repository. With the new world of the Cloud content will be stored in many different locations and will need to be managed there rather than brought back to one 

repository. Pick your technology solution carefully with this Cloud future in mind. The Cloud does add a layer of complexity to the information management landscape. However with the right policies and processes and the right tools to implement these policies information professionals can continue to manage information and record keeping obligations in this brave new ‘Cloudy’ world.

Miles Ashcroft is a Director at RecordPoint Software where he is responsible for running the pre-sales and partner enablement practice. Contact info@recordpoint.com.au