Another walk in the cloud: this follow-up to a 2009 article re-examines the concerns about and benefits of using cloud-based tools and services, and it offers advice for contracting with cloud providers.

• Author: Cunningham, Patrick

In this article, Patrick Cunningham revisits "A Walk in the Cloud," which he and Jesse Wilkins wrote for the January/February 2009 issue of Information Management. Below, he gives a progress report on the benefits and issues they raised about what was then being called "Web 2.0" and provides new insights into how organizations are using the cloud and what this means for records and information management (RIM) and information governance (IG).

Cloud Concerns

For the purpose of this article, the cloud refers to any service provider that offers technology services or tools that are directly accessible from the Internet. These services and tools may be offered generally to any end user on an individual license basis, or they may be offered as part of an enterprise or organizational license. In certain instances, the offering may be computing power and/or data storage, with the configuration and deployment of specific applications left to the user or enterprise.

Free' Services

Organizations considering the use of a free service or tool should use great caution. The terms of service are seldom in the customers' favor, and customers have little or no leverage over the provider. Frequently, these providers use their customers' content to make money and sometimes lay claim to the content. The provider also may decide to delete content, provide little or no customer support, or even abandon the service or tool without notice--leaving customers with exactly what they paid for: nothing.

Data Security

In 2016, security issues tend to be more technical concerns than outright worries about the security of cloud providers. That said, moving data to the cloud requires an organization to assess risk and ensure that appropriate security measures are in place, including having visibility to activity taking place on the cloud that affects that data.

Typical security requirements may include integration of identity access and management tools, encryption of data in transit and at rest, management or escrow of encryption keys, web application firewalls, vulnerability and penetration testing, and integration of security event and incident management tools. For some smaller cloud providers, these requirements are difficult to impossible to meet due to their lack of resources or technical knowledge.

Organizations moving their own managed applications to infrastructure providers in the cloud need to acquire their own technical resources to manage and secure them. In some cases, legacy applications that were considered reasonably secure in an organization's own data center may be difficult to properly secure when moved to the cloud.

Internal Technology

Internal technology elements become more critical to an organization's ability to maintain access to applications and data in the cloud. For example:

* The organization's network may see an increased traffic load that could require increased internal network bandwidth.

* The organization may need to contract for redundant access to the Internet, increased bandwidth to the Internet, and more robust network appliances.

* The loss of a key router that may have been simply an inconvenience before could make it impossible for the organization to conduct some business if that loss takes down access to the Internet. At the same time, because the organization is using the cloud, it is no longer solely reliant on utilizing its own access to the Internet; in times of disruption, employees likely can use public access to the Internet, home broadband, or cellular connectivity to get access to data and applications.

Organizations may also still have to purchase some traditional software and hardware to augment their cloud-based ones. For example:

* Some commercial cloud applications may lack the capabilities, features, and functionality of traditional software. As an example, Google's Sheets application has a limit of 2 million cells, according to the Google website (https://support.google.com/drive/answer/ 37603?hl=en). While this is sufficient for most users, it may not be sufficient for large organizations with complex spreadsheet requirements. This limitation may require the organization to purchase one-off copies of Microsoft...