Full RSS Feed
Receive
the Free CMSWire NewsletterIf you don’t know Samantha Lofton, you should. A quietly impressive and generous Records and Information Management professional, she established her superb reputation through education and practical experience.
From an entry-level position in the Clinical Research Industry to Firmwide Records & Information Manager for Greenebaum, Doll & McDonald PLLC, she built her sophisticated Records program from an idea using industry standards and best practices.
In addition to being a life-long student of RIM, she also serves the membership of ARMA International of its elected Directors. Swiftly emerging in the Records field as one of the foremost experts in the relationship between information management programs and cloud storage solutions, I had the good fortune to sit down with her recently to talk about one of her favorite topics.
Q: Samantha, you’ve taken on multiple roles for your firm. What prompted you to pick up this topic?
Lofton: I’m interested in this topic because of the industry trend towards marketing of cloud storage solutions to businesses and clients as a good alternative to reducing cost associated with data storage, IT infrastructure, architecture, application and other associated data warehouse and maintenance costs.
In a review of cloud storage as a method to reduce storage costs, organizations must also consider the Records & Information Management implications — how will they manage and control information in the cloud to ensure information security and privacy (including authenticating user access and identity in the cloud)? How will they administer and manage litigation holds, discovery requests, and retention and destruction requirements?
Q: What sources did you find the most helpful in preparing your readiness for the topic?
Lofton: There are many white papers on the topic, such as the UC Berkeley article "Above the Clouds: A Berkeley View of Cloud Computing" (02/10/2009). I like articles where several government officials weigh in regarding the relationship between privacy and security because they cite both the risk and the benefits of the cloud storage approach. I also find helpful any articles on pilot projects and initiatives where cloud storage is considered as a viable alternative to maintaining applications and data stores for the US Government. My research isn’t restricted to domestic instances only, though. Other sources I use include:
- Canadian Privacy Commissioner paper " Reach for the Cloud(s): Privacy Issues related to Cloud Computing" priv.gc.ca/information/pub/cc_201003_e.cfm
- World Privacy Forum: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing by US lawyer Robert Gellman www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf
- EU, European Cyber-Security Agency ENISA "Cloud Computing Security Risk Assessment" and related documents
- Cloud Computing in the Canadian Environment www.cloudbook.net/canadacloud-gov
Q: Cloud computing and records management have specific obligations to each other. What do you find most intriguing about the dynamics of the relationship?
Lofton: The biggest issue that an organization faces when deploying cloud computing is the obligation to ensure that the company’s policies surrounding retention, privacy and security are administered and validated in the cloud. Vendors must have the ability to meet their potential client’s needs relating to the authentication of users, data access and the physical storage of data in the cloud.
Continue reading this article:
Email It
