http://ow.ly/7jG5S
An article on the website CIO Update (No author credit listed).
This article discusses eDiscovery and provides some insight to CIO's as to potential pitfalls that are found in the Federal Civil Procedure Rules, as well as jurisdictional issues faced by corporations with offices in more than one nation.
The article states, "In addition to this e-discovery challenge, there are an abundance of geographically specific laws and regulations. This is a challenge for environments that are virtualized across a global infrastructure. For example, the EU has stricter laws than the U.S. regarding the collection, processing, transport, and use of personal information. It also prohibits transporting information to countries that lack sufficient data protection laws and practices, so enterprises operating in the cloud must understand where the information is physically located and how it is moved."
The article also discusses issues associated with cloud computing and how this effects jurisdictional rules.
The article poses the following questions:
- Does the vendor know and can it communicate exactly where the information is physically located? If the provider is a multinational firm, will it handle your data in a way that is consistent with the various jurisdictions?
- Will the vendor be able to produce required information in an appropriate format in an appropriate time frame?
- How is the data backed up? For how long is it stored? Is this consistent with your company’s record retention policies?
- Can the vendor verify data destruction and stop destruction if necessary?
Here is my take on the idea of cloud computing and its impact and use in electronic discovery, great idea, so so implementation. We have not even gotten to the point of over saturation and consolidation yet and we have multiple heroes and goats..some being both. For the consumer with general documents cloud storage of files and even cloud based saas solutions are fine. What I fear is that much like the early days of paper to digital or electronic discovery there are a few thought leaders and way too many band wagon jumpers who jump in feet first without any thought to security, records retention, etc. Most people don't even come up with good passwords to protect their sensitive data that they now think is a good idea to store in the clouds. Plus the idea of cloud computing is not new, the term is just sexier. Cloud computing has been around as long as co location data centers have been around. At least those folks generally consider, security, hardware end of life, redundancy and did I mention security? Has anyone given any thought to the relative ease there is for a hobby hacker to capture data streaming wirelessly to the clouds? Thankfully there are some thought leaders who are raising good questions and coming up with solutions. Hopefully it will be enough to stop the inevitable super hack breach of a cloud system using a tin cup, some string and a chocolate bar. Until then, I will trust my data to a device I buy, touch and manage, cause while security breaches can occur on non cloud arrays, somehow I don't think my clients are going to be okay with "oops, Microsoft, Google and Apple messed up on their security and someone using a zune HD hacked their servers. so sorry" when that super hack occurs. Some may call that fear mongering, I call it trying to stay a step ahead of a liability issue. My $0.02, great article regardless..thanks for sharing Joe!
ReplyDeleteI could not agree with Richard more strongly. Cloud computing is no more than colocation storage of data. Anyone who is look at those issues, should certainly know that cloud computing it is not simple. Security is, generally, a nightmare to begin with. Who has rights to what and who will administer. What commands movie place phone users. How many users and what is the turnover. What are the necessary redundancy. What redundancy isn't necessary. Are there regulatory issues. How will you handle a litigation hold. How many users are there and what is the turnover. The list goes on and on.
ReplyDeleteIf you decide to move to the cloud, then, at the very least, you should review what you were doing on your own servers for security. After that, you need to review where you have succeeded and failed.
Those tin cans, strings and chocolate bars, still exist and won't be disappearing anytime soon.
My 2 cents, is Richard's 2 cents.
Rob Ernst