#AIIM13

#AIIM12

#AIIM13

5 Steps to Securing Your Cloud Content and Staying Out of Jail

Bud Porter-RothConsultant

Porter-Roth Associates@BudPR

#AIIM13

Bud Porter-RothPorter-Roth Associates

Information Management415-381-6217

budpr@erms.com@BudPR

#AIIM13

Step 1 –Where Is Your Content?

#AIIM13

A Quick Story

“Mr. X” Creates a file in a file share that is synced to Dropbox Sync moves file to Dropbox – 3 people review file Author emails file to someone not in Dropbox Dropbox people change file and save it back Sync moves changed file back to file share Email person changes file and sends it back via email Original author shares file on Yammer to an interested person

who saves, changes, and shares back Yammer person, at lunch, opens file on iPad and then shares

with another person How many copies are out “in the wild?”

#AIIM13

Where is Your Content?

Does Dropbox keep backups of my files?Even if your computer has a meltdown, your stuff is always safe in Dropbox and can be restored in a snap.In fact, if you're using the Dropbox desktop application, your files are backed up several times. The primary copy on your computer's hard drive is synced online and that copy is then backed up again for safety. If you are using Dropbox to sync files between multiple computers, your files are backed up on those computers as well. If that isn't enough, Dropbox also keeps backups of all of your deleted and changed files too.

All files synced by Dropbox are encrypted and stored securely on Amazon's Simple Storage Service (S3) over several data centers.

If you have the Packrat add-on, Dropbox saves those files for as long as you have the Packrat add-on. With Packrat, you never have to worry about losing an old version of a file.

#AIIM13

Where is Your Content?

Q: Where is my data stored? Amazon S3 offers storage in the US Standard, US West (Oregon), US West (Northern California), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), South America (Sao Paulo), and AWS GovCloud (US) Regions. You specify a Region when you create your Amazon S3 bucket. Within that Region, your objects are redundantly stored on multiple devices across multiple facilities.

Amazon S3 and Amazon Glacier automatically replicate data across multiple data centers in order to provide higher durability and designed to provide 99.999999999% durability. That's data durability the easy way. With Amazon Glacier, customers can reliably store large or small amounts of data for as little as $0.01 per gigabyte per month.

#AIIM13

Kevin uses the corporate Team Dropbox acct Sally has her own Dropbox acct Bill, the PM, uses the corporate Basecamp &

Workday acct Rodger, a consultant – personal SugarSync acct

and uses an IPad exclusively Accounting uses NetSuite

Step 2 – Who Owns Your Stuff?

#AIIM13

Who Owns Your Stuff?

You own your stuff except when…. You break the contract rules Your data is not in the US, or where you work Your data is subject to a legal proceeding Your CSP is not compliant

HIPAA SOX GLBA

#AIIM13

Step 3 – Is My Content Indexed? Can I search for it?

Diverse “storage areas” will not have same indexing capabilities

Diverse “storage areas” will not have same search capabilities

Many CSPs have no concept of managed metadata or search structures that we have used for 20 years in legacy systems

Many systems depend on folder/file structures or simple search of title or content

#AIIM13

Step 3 – Is My Content Indexed? Can I search for it?

Index

BYODCloud File Share

Corporate File Share

Corporate Database

Taxonomy

#AIIM13

Step 4 – eDiscovery

eDiscovery means legal holds on content eDiscovery targets…..

All devices synced to Dropbox (BYOD) Corporate file shares and other repositories All cloud applications (CSPs)

Dropbox Workday NetSuite Basecamp + any application used for personal/business?

Have you listed sites with Legal for eDiscovery? How do you place a hold on Dropbox and Workday? Are you sure you own the data?

#AIIM13

Step 4 – eDiscovery

No results found. Please revise your search and try again.

No results found. Please revise your search and try again.

eDiscovery

electronic discovery

Search help

Search help

#AIIM13

Step 5 – Information GovernanceRecords

Management

InformationGovernance

Privacy(PII)

ComplianceAudit

Security

Legal HoldseDiscovery

Archiving

UnstructuredData

StructuredData

Business

Legal

IMIT

#AIIM13

Questions?