There have been a number of research papers and studies published this week covering GRC, not least of which is one that pinpoints how Federal agencies are looking at the cloud. Document Management systems may also be loosing ground to enterprise content compliance systems.

The Government And The Cloud

If you’ve ever wondered what the federal government and its organizations thought of cloud computing, then wonder no longer. A new report from the Lockheed Martin Cyber Security Alliance lifts the lid and shows that many of the concerns -- just like the private sector -- revolve around data security, risk and compliance concerns.

However, those concerns are more perceived than real and with the drive by all government agencies to cut spending it looks like many of them will be turning to the cloud over the coming year to slash costs.

The biggest concern was data security with 70% of IT decision makers across government, military and intelligence saying they were still reluctant to move because of fears over privacy and information integrity.

Again, reflecting similar trends in the private sector, ignorance about cloud computing is rife with 38% of the 198 decision makers interviewed saying they were unfamiliar with it and 23% unsure whether their agency used it or not.

But if fears about data security were prevalent, then fears of getting a spanking from the President over excessive spending appear to be taking hold too.

High amongst the applications that look like the government will be looking to the cloud to provide are databases and document management with many agencies looking at other applications too.
The list includes:

  • Communications applications 63%
  • Database applications 59%
  • Document management 57%
  • Mission-critical data management 52%
  • Document creation & editing 51%
  • Virtualized server environments 47%
  • Human resources management 46%

The Lockheed Martin Cyber Security Alliance was established in 2009 as a consortium of companies working on cyber security challenges, including many of the biggest names in the industry. If you’re interested in more download a summary here.

SharePoint 2010 records Management Extended

With SharePoint 2010 now in RTM and due for business release next month, records management specialist File Trail has just released FileTrail for SharePoint 2010 that extends SharePoint 2010 by enabling organizations to access and manage both their electronic and physical records through a single integrated solution.

And because they can do this through SharePoint they will also be able to leverage SharePoint compliance, workflow and search tools for all their records.

Showing off their new baby at the current AIIM Conference, FileTrail for SharePoint extends the functionality of SharePoint by adding tools specifically for physical records. The new physical records functionality includes an integrated view of physical and electronic items in the same view, display of current location, creation of new physical items, printing bar code and color coded labels, and integration with off-site records vendors like Recall and Iron Mountain (news, site) .

Is Document Management Loosing Compliance Ground?

A new report sponsored by Virtify (news, site) and produced by IDC (news, site) would seem to indicate that there is a growing trend amongst life science companies to move from document management software to enterprise content compliance (ECC) software in order to get regulatory document preparation done faster.

They are doing this by enabling parallel authoring while at the same time automating the expanding regulatory compliance requirements surrounding submissions, labeling and clinical trial disclosure.

The IDC Health Insights research states that the cost of bringing new drugs to market ranges from US$ 800 million to US$ 1.2 billion, and estimates that roughly a quarter of the cost comes from the content requirements associated with working in a regulatory compliant environment.

The IDC Health Insights research also suggests that ECC solutions can substantially reduce the time and cost of bringing new drugs to market through improved abilities to manage collaborative teams, and compress the time spent authoring, reviewing and submitting regulatory documents.

The overall picture that emerges from the study is that life sciences companies are shifting away from traditional paper-based processes and legacy document management systems towards solutions that promote content reuse, resource efficiencies and cost reductions
The IDC Health Insights study is available on the Virtify website and can be accessed here.

Access Rights Causing Compliance Headaches

Privacy and information management research firm the Ponemon Institute (news, site), along with enterprise governance specialist Aveksa, have published the results of the 2010 Access Governance Trends Survey, which shows difficulties with access rights to data have increased since last year and are causing compliance headaches.

Many enterprises are unable to keep up with user responsibilities, cannot respond quickly enough to changes in access rights and as a result often end up giving users too much access just to cover all options.

When compared to Ponemon Institute’s first access governance study, published in 2008, respondents report even greater difficulty with key access governance issues, such as poor management of access rights and trouble keeping pace with access changes.

The report also shows that many organizations face significant information security risks because of a lack of resources, budget and IT staff -- heightened by ad hoc or inconsistent approaches to access management activities across the enterprise.
Findings include:

  • 72% cannot respond to access requirements quickly
  • 52% cannot keep pace with access change requests
  • 59% don’t have access governance policies
  • 61% don’t check security policies before the access is assigned

Cloud computing is caught in the spotlight again as the survey found it to be the key factor affecting organizations’ access governance processes with respondents reporting that its adoption enables business and end users to circumvent existing access governance processes.

Check out the  full copy of the 2010 Access Governance Trends Survey.