Aligning the cloud to your business requirements October 14, 2011

Rainbow in the Fall
Creative Commons License photo credit: cwwycoff1

We have had recent meetings with some government agencies who are implementing a large cloud-based system. We had some good discussions and most of them focussed on developing options for aligning business requirements (and sound information management) with the cloud infrastructure. We all sorted out a few problems, identified some new ones and developed a list of issues to follow up on.

So it was really interesting to get back to the office and read Hamish Barwick’s recent article in CIO. Blake reported on the comments of Anne Weatherston, the CIO at the ANZ Bank, on how, from Weatherston’s perspective, the cloud is not yet mature enough to meet the needs of complex business environments.

Speaking at a Committee for the Economic Development of Australia (CEDA) meeting, Weatherston argued that in an organisation such as hers which has such reliance on its corporate data and the integration of that data into all appropriate corporate services, the cloud is not yet sufficiently mature to enable the types of business integrations and data consistency her organisation requires.

Weatherston also discussed the fundamental connection that must exist between technology solutions and the corporate business and outcomes they are supporting. The ANZ’s new IT Strategy, Towards 2017, which emphasises the Bank’s tremendous reliance on information. Much of the system and application development outlined in the Strategy has been developed with the intention of improving information access and overall data quality through better system integration and standardisation. The business benefits from such a coordinated approach to information management and the design and implementation of ICT systems can be profound.
See http://www.cio.com.au/article/403267/cloud_suited_anz_bank_weatherston/

Coincidentally yesterday there was another salutary piece called ‘Hacked!’ by James Fallows in The Atlantic Magazine (November 2011) which also discussed the risks of cloud computing. In this detailed and beautifully written article Fallows tells the story of the hacking of his wife’s gmail account and her associated data loss.
See http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/3/?single_page=true

At State Records we are aware that a number of government organisations are considering the use of cloud services such as gmail, Google docs and other online collaborative workspaces. The arguments that Weatherston makes about cloud services and the difficulties of actually utilising and incorporating the business data generated in these environments should be enough to persuade people to avoid using these environments for key business purposes, or to only use them when supported by appropriate recordkeeping practices that enable the business data to be captured and maintained in official corporate systems. But in case this risk alone is not enough, Fallows provides a range of others to consider.

To mitigate risk, Fallows discusses the potential vulnerability of all data in cloud environments and looks at ways individuals and organisations can seek to protect themselves against these. But fundamentally, there will always be risks:
“Where the money is, that is where the criminals will go,” a former National Security Agency official named Ken Silva, who now works as an online-security specialist for Booz Allen Hamilton, told me this summer. “Where the sensitive information is concentrated, that is where the spies will go. This is just a fact of life.” The more important online storage becomes, the more relentlessly it will be under attack.

Google, Amazon, Apple, Microsoft and the raft of other providers offering cloud services are actively working to manage information security in the cloud, but performing your business in these environments is a potential risk unless you and your organisation also actively manage your cloud-based business information and really align your cloud services to your business processes.

Check out our previous postings on cloud computing issues for more advice on managing these risks and protecting corporate records in the cloud at
/recordkeeping-and-the-cloud/

Leave a Reply

You must be logged in to post a comment.