Is the Cloud Ready for Your Most Sensitive Workloads?
May 20, 2016 No CommentsFeatured article by Alan Turner, Director of Product Management at iManage
In the minds of most IT professionals, the debate about the value and appropriateness of the cloud for most workloads is long over. Any remaining resistance is typically overcome by the recognition that in the absence of a sanctioned cloud solution, user-created workarounds for sharing content introduce major points of risk. But there are some areas where caution still holds sway and adoption has been slower, including professional services firms and corporate IT serving legal, financial services, healthcare and other sensitive and regulated domains.
In the corporate legal industry, research conducted by Hyperion Global Partners suggests, “Privacy concerns and fears of compliance risk continue to keep the migration of sensitive or potentially sensitive information toward external servers limited.” Likewise, a 2014 Management of an Accounting Practice Survey from the AICPA Private Companies Practice Section and the Texas Society of CPAs indicates that while the future of accounting software may be in the cloud, at present most solutions remain on-premises.
The resistance comes primarily from the sensitive nature of the data used in these areas. Much of it is confidential, and it often contains personally identifiable information (PII). Further, many firms access data that is owned by their customers or other vendors—for example, an auditing firm reviewing a client’s books—so there are multiple stakeholders who could be affected by a security breach. In these situations, stewardship of the data is a higher priority than efficiency or cost savings. Considering the frequency of highly publicized data breaches, it’s no wonder that IT professionals may be reluctant to push ahead with cloud initiatives for sensitive and private data.
Professional services firms would welcome the advantages that the cloud can deliver. Corporate IT wants to extend the benefits that the cloud provides for sales, marketing, development and HR departments to legal, financial, and other regulated areas. These groups work with huge amounts of content. They are also required to access and share highly sensitive information both inside and outside the firewall as part of their everyday workflows. While the flexibility and efficiency of the cloud make it an attractive option for these domains, there are legitimate reasons to be cautious. Fortunately, modern tactics for cloud solutions address the stringent requirements of professional services.
New Ways of Working Require a New Approach to Technology Solutions
Today’s mobile, tech-savvy new professionals expect access to their work product from anywhere, on a variety of devices. Professionals need the ability to securely share specific content with individuals inside and outside the organization, incorporating content management features. New forms of communication are now part of their everyday business workflows, including text messages, social media streams, photographs of whiteboard notes, and documents scanned with mobile devices.
Is the cloud ready for these workloads? The answer is yes, but only if these firms can ensure that the cloud vendors they work with, the individual cloud applications they use, and their internal processes for working with vendors and managing applications reflect best practices regarding security, functionality, performance, availability, and regulatory compliance.
Datacenters should be certified to the most recent information security standards, including ISO 27001 and SSAE16 SOC Type 2. Sensitive data should be encrypted both in transit and at rest. There should be no co-mingling of sensitive data with other data, which can be easily accomplished using virtual machines and segregated virtual private cloud systems.
Attorneys need access to large documents from portable devices as they travel, even if they are not connected to the Internet via Wi-Fi or other means. A modern cloud approach offers full functionality and scalable, reliable performance both online and offline. This gives professionals the ability to seamlessly work from any location.
Legal professionals need high availability. Cloud services should be able to process billions of documents, and hardware should be architected with a highly redundant design. Performance of the system should enhance the performance of the users. This level of performance and availability can be achieved using solid-state drives, wide-bandwidth firewalls, and virtual private clouds.
By utilizing a redundant design with identical hardware at both the primary and backup sites, professionals can access the solution 24x7x365. Modern solutions also use virtual machine replication to the secondary data center for rapid disaster recovery. Vendors can deploy a virtual private cloud for each customer to ensure privacy of data and optimal uptime.
A cloud solution must also align with regulatory requirements. Modern cloud solutions provide users with the ability to manage records in compliance with policies to help firms deal effectively with contractual, regulatory, and organizational requirements.
All Cloud All the Time
Today, professional services firms and corporate IT serving legal, financial services, healthcare and other sensitive and regulated functions can utilize the cloud for all their workloads if they ensure cloud vendors meet their stringent requirements. When evaluating a new technology solution, be sure to ask the following questions:
* Is it secure and resilient?
* Does it work everywhere?
* Does it support the workflow needs of our professionals?
* Does it provide tight control over content location, maintenance, and upgrades?
* Does it map to the regulatory environment?
* Does it have a proven track record in satisfying the needs of similar organizations?
If done wisely, moving sensitive data to the cloud can be very easy, delivering tremendous operational benefits without introducing any appreciable risks.
Alan Turner is director of product management at iManage, a global leader in professional work product management. He has over 28 years of experience in product development and product strategy for complex software products and Software as a Service (SaaS).