Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2011-06-02 13:24:58
After doing my keynote speech to the LiveOffice User Conference, I participated in the user discussions and was impressed by the impact that moving to the cloud has had on these medium and large enterprises. Many still ran their own Exchange servers, but the proactive cloud archiving enabled them to streamline their infrastructure and enabled them to upgrade their meaner, leaner mailboxes to Exchange 2010. Others had gone completely to the cloud for their messaging and Sharepoint needs. So when Jason asked me to put my CTO cap on, I immediately put in a call to LiveOffice to start our transition to hosted Exchange and archiving. As the dominant cloud messaging archive provider, I had previously done fundamental validation testing for search and retrieval on the LiveOffice platform. So I already have confidence in the integrity and accessibility of our email. It is not easy for me transfer my critical ESI into the care, custody and control of a third party. That has been one hurdle to our leap to the cloud. But isn’t that what we have been doing with our service providers? I always insisted on making on-site inspections of all providers who processed or hosted collections. I live by the ‘trust but verify’ rule. Luckily for me, my work already included an on-site inspection and meetings with their core teams. For a normal customer, this level of vetting is probably neither practical or reasonable. However, there are some fundamental checks that can be done to know that your data is reasonably safe. First and foremost is to know your provider.
- Where are they incorporated? How long have they been in business?
- How many employees do they have?
- Are they a private or public company?
- Are they economically stable and growing? (meaning will they be around next year)
Next is to understand the basic infrastructure and data flow process that your ESI will experience
- How is it transferred to the cloud?
- Where does it physically reside?
- Is it transformed for storage?
- How is it kept separate from other customers?
- Does the company own all the instructure outright?
- What is the disaster recovery or co-location arrangement?
- What are your guarantees on uptime, accessibility and Service Level Agreements (SLAs) for issues?
- What are the company policies on data privacy, subpoenas and security?
- How can your ESI be accessed, searched and retrieved?
- What are reasonable restoration rates for retrievals?
- Is there an established migration/transfer mechanism in case you want to change providers?
Lastly is to actually test the system with a set of your ESI, preferably a representative set of known data
- Number of email/files
- Custodial ownership
- Content/context integrity
- Retrieval by property or text criteria
This is just an ad hoc overview, but all of this can be done without an on-site inspection. I also look for providers who have certifications like the U.S.-E.U. Safe Harbor and other governmental programs for verifying security and data protections. Small companies can ask about what large government contracts or large enterprise customers have recently done inspections to get a greater comfort level as well. The cloud is leveling the playing field, but not all providers are stable and should be trusted with your data. Your next discovery is not the time to figure out your search and retrieval capabilities. Do it before your move your ESI. Jason Velasco will be overseeing our transition to the cloud and reporting on how it goes, so keep an eye out for his journal entries.