Whenever I hear about “cloud storage” or “document management in the cloud” (both uses of the term “cloud” are marketing uses and synonymous with “Internet/web/server” and not actual cloud computing), my bigger kneejerk reactions run the gamut of, “You want to lose control of your sensitive documents?” and, “Don’t you dare mention backups; backups are a fundamental part of IT since it started and don’t need to be put online!”
But I read an article, “Online Document Management – Protecting Your Confidential Data”, by someone associated with a business that offers this service. Despite that, I found it well-written enough to pass on.
I liked the reasons posed for moving, and I agree with them, even if reluctantly. Traditional file servers based on popular OS versions are simply not adequate without lots of work, from a security perspective. The log suck. Management sucks. And there’s always one or two admins who just don’t do things the way they should be done, and then you have to live with their shoddy solutions that you can’t change without impacting business process.
Here are some additional thoughts I’d add.
a) By consuming someone else’s online document management solution, you really are playing by their rules. No more “creative” solutions to strange problems and requests. You tailor your processes to the rules of the service, not the other way around. This is great for keeping things in line with what you want to do. If you manage the service, then you’ll have to deal with the political machinations of requests to change this and that and why they’re “possible” but bad ideas. If someone else manages it, you typically have a much easier ability to say, “Nice idea, but that’s not how it works.” This isn’t so great, however, if you rely on innovative, creative ideas to fix strange business processes that are unique to you.
b) I really want the business hosting the online document management to be very transparent and clear with thier own processes, most importantly: their system change process and feature pipeline, the access their own people have to my documents, etc.
c) Mobile device support for document access is still a big challenge. Throwing it online often makes device compatibility someone else’s problem. However, it could also alienate some users whose devices aren’t supported. Though, to be fair, more than likely a current solution is already alienating them!
d) If there are any apps to help consume the service, are connections securely made and documents securely uploaded? If there is something like an SSL mismatch, will the user be warned?
e) When being consumed on the local device, can you determine whether someone downloaded the file to their device to use elsewhere or just viewed it online (this is usually a bit of a “trap” question…).
At the end of the day, I’m still not sold on the practice of online document management for anyone but the smallest of shops that have less budgets, are more agile, and likely less attacked or interesting. But they’re useful services to keep in mind.