Cloudy Content

There is no standard IT definition of "cloud"-the National Institute of Standards and Technology is working on that as I write. Still, there is no question that we're entering a new age of cloud computing. The benefits of cloud storage and computing are many: e.g., lower cost than in-house storage, reduced stress on internal IT resources, efficiency, and guaranteed availability. Just like a sudden change in the weather, cloud storage and computing will be disruptive. It is one thing, however, to trust your MP3 files to a consumer cloud service. It is quite another to entrust your whole business information architecture.

In June 2010, the Pew Research Center noted in its "Future of the Internet" survey that 71% of polled technology experts expect that most people will access software applications, share them, and access information online. The study pointed out that most people already use cloud computing services such as YouTube, Facebook, Google Docs, and online banking. Despite all this, we still can't agree on exactly what this new phenomenon is.

Cloud computing resources can be inside or outside your enterprise firewall-or a combination of both. They can be private or shared with other organizations serviced by a cloud vendor. Recently, the U.S. Department of the Treasury moved its website,, to the cloud, using Amazon's EC2 public cloud service to host both the site's content and its applications. That's quite an endorsement of the cloud. Initially available only for large enterprises, cloud services are now quickly becoming an option for small to medium-sized businesses and even consumers. What's not to like? Yet, some questions remain. What should you consider when evaluating cloud services? For starters, you should work as partners with your IT team.

Departments in your enterprise may already be using some cloud services for storage or for applications. As cloud services commoditize, almost anyone with a credit card can buy them. The movement toward the cloud is not much different from the general practice of decentralizing IT services to gain control and responsiveness. However, the stove-piping problems that can occur with a decentralized IT model are no different for the cloud-and they may be worse. With decentralization you have some control, but the cloud demands even more due diligence. Do you currently lose network or broadband connections? Cloud services are unavailable when broadband is down. What has the vendor's performance regarding outages been?

If your cloud vendor is acquired, how will that affect its services? Are you certain your vendor will be here for the long term? If you decide to change vendors and move your data to another cloud (perhaps inside your firewall), how do you migrate your data? Does the vendor give you reels of tape? What format is that data on the reels? Can you prove that your records or their metadata have not been altered in the transfer to the new cloud? Keep both your records manager and litigation staff in the loop about these issues.

Where the cloud services physically reside is also important. Are the servers in the same country as your business? Different countries have different requirements regarding personally identifiable information. Chains of custody-so important for e-discovery-get really complicated when your data are in foreign jurisdictions. E-discovery also requires you to lock down information so it cannot be altered-the electronic equivalent of crime-scene tape.

The sheer volume of data can get complicated in the cloud. I spoke with representatives from iCONECT, a large e-discovery services provider. One client had 17 billion pages of information, generated by 700 users and 30 terabytes of extracted Oracle text. Could your cloud handle that? Clearwell Systems, another e-discovery services vendor, emphasized to me the importance of setting terms with cloud vendors up front, to assure the service provider can meet all legal and compliance needs. Finally, I spoke with USIS-LABAT, a D.C.-area provider of information and e-discovery services. The company claims that considering cloud services requires thinking about more than just litigation support. Information management practices are required, and they are no longer just "nice to have."

Even if you decide to fully embrace the cloud, some things never change. Governance, information management, and safeguarding your data and processes are still important no matter where you store your data. You will also continue to need local IT staff members, although they will have to change from providing operational services to evaluating vendors and assuring business continuity as technologies and vendors change.