Log In

How to Keep Your Mission-Critical Data Safe in a Cloud-Connected World

Webinar: How to Keep Your Mission-Critical Data Safe in a Cloud-Connected World

Today, businesses of all sizes are facing real challenges to cut costs, and streamline processes to operate more efficiently – and they’re looking for innovative ways to get the job done. To that end, cloud computing offers enterprises countless benefits, including the cost savings and flexibility they need to remain competitive.

But organizations are nevertheless concerned about the security, accessibility and management of sensitive corporate data, as well as the compliance and legal issues involved with moving their processes to the cloud. Still, the market for cloud computing is growing rapidly and as companies continue to grow the amount of content they store in the cloud, protecting their data in the cloud is more crucial than ever.

In the “eDiscovery and Information Governance in the Age of Cloud Computing” webinar hosted by the IGI and ZyLAB, Bennett Borden and Jan Scholtes will share best practices in the quickly evolving realm of eDiscovery and information governance in cloud computing environments. The webinar will take place on Thursday, Oct. 29 from 2 p.m. to 3 p.m. EDT.

During the event, Scholtes and Borden will discuss the sometimes-volatile rules, legal precedents, as well as the technical and legal ramifications of storing data with third-party providers.

You can register for the “eDiscovery and Information Governance in the Age of Cloud Computing,” webinar below.

Bennett B. Borden
Bennett B. Borden
Co-Founder and Chair
Information Governance Initiative
Jan Scholtes, ZyLAB
Johannes C. Scholtes
Chairman & Chief Strategy Officer
Meet our newest supporter iDiscovery solutions

Mark Your Calendar: IGI is Hosting a Google Hangout on E-Discovery and Information Governance in the Cloud on July 28

E-discovery can be considerably more challenging in cloud environments, particularly when migrations occur without much regard to information governance.

The good news is that by doing your due diligence prior to migration, your organization is able to take advantage of the transformative nature of the cloud while simultaneously making sure its data is secure and can easily be located, retrieved and produced should e-discovery commence—saving you time, money, and headaches.

To learn about what exactly that due diligence entails, please join the Information Governance Initiative on Tuesday, July 28, for a Google Hangout exploring e-discovery and information governance in the cloud. The Hangout—which begins at 2 p.m. EST—is hosted by Barclay T. Blair, founder and executive director of the IGI and features Tera Ladner, the group VP of corporate records and information management at SunTrust Bank and Bill Shute, the chief strategy and marketing officer at Viewpointe, an IGI Supporter.


During the Hangout, we’ll be talking about our latest research paper, E-Discovery in a Cloud-First World: Using Information Governance to Prepare & Protect Your Organization. We’ll also explore the features and characteristics you should look for when choosing a cloud provider.

Additional topics for discussion:

  • The cloud computing market continues to grow, and for good reason.
  • But there are still risks associated with moving to the cloud.
  • E-discovery can be particularly more challenging to conduct in cloud environments.
  • As such, it’s important to look to cloud providers that understand the importance of information governance.
  • Cloud migration is an information governance opportunity.

Moving to the cloud is a huge decision. But it’s one you definitely need to make, assuming you want your business to remain competitive. By partnering with the right cloud provider, your move to the cloud can be smooth, and you’ll be best positioned to conduct e-discovery should you need to sometime in the future.

The IGI Hangout program is designed to provide a discussion-based forum for critical IG issues and topics.

All members of the IGI community can attend the Hangout for free; please register below to attend.

Have a question you want to pose to Tera, Bill and Barclay? Submit a question or comment by leaving a reply below. Questions can be submitted prior to or during the event.

We look forward to hanging with you on July 28!


What the Shift Away from Traditional Enterprise Content Management Means for Information Governance

While traditional enterprise content management (ECM) platforms were designed to give organizations more control over their information, these systems never really enjoyed widespread adoption thanks to poor user experiences, extended rollout periods and the rise of BYOD, among other things.

Where ECM platforms have failed, however, enterprise file sync and share (EFSS) tools—those which allow employees to store and share documents in the cloud—seem to be succeeding. Designed with a focus on the end user, thanks to their ease of use and functionality, these tools may very well displace ECM platforms altogether.

While it’s undeniable they provide a ton of utility, because of their nature, EFSS tools can still provide challenges relating to information governance at the enterprise level. Luckily, there are some EFSS providers that have built their solutions with those challenges in mind, making it easier for organizations to control their information and harness its power.

All this is according to a recent paper written by Chris Walker, The Next Generation of Enterprise Content Management. The publication explores what these next-generation EFSS tools mean for enterprise content management and information governance. In the paper, Barclay T. Blair, founder and executive director of the Information Governance Initiative, shares his thoughts on the ECM-to-EFSS evolution and its associated information governance implications:

The Next Generation of ECM Paper

Beginning a long, long time ago with Lotus Notes databases, continuing to shared folders in network file systems, collaboration folders in ECM systems, then SharePoint, and now shared drives in the sky, the ability for users to self-provision collaboration environments has time after time focused on the short-term problem while creating a long-term disaster. The current crop of providers in the space continue to successfully leverage the viral effect of these collaboration tools, but in my view many are shockingly irresponsible in ignoring the obvious legal, regulatory, risk, privacy, data breach, intellectual property, value extraction, and other information governance issues that are created and exacerbated by their products. Frankly I think it’s a bit cynical. We’ve been doing business digitally for decades and the need to control and manage information as an asset has been long established, but continues to be ignored by providers who pretend that these issues don’t exist, or wave their hands and claim that the customer owns these problems, not the provider, or that it’s merely a “policy” issue. That’s such an outdated idea. The only way we will ever responsibly manage and leverage our information assets is by baking these capabilities into the technology itself. Kudos to those providers who are taking the tougher, but more mature path, of sacrificing dramatic growth to provide business-grade solutions that address these requirements.

Click here to read the paper in full.


E-Discovery & Information Governance in Today’s Cloud-First World

In today’s data-driven business world, organizations that fail to manage and exploit their information—particularly when it lives in the cloud—will fall behind their competitors and expose themselves to unnecessary risk and cost.

Information governance is essential when organizations are evaluating, selecting, and migrating to a cloud provider. Put another way, it is clearly irresponsible for organizations to use the cloud for serious enterprise work, with valuable corporate information assets, unless and until they have evaluated a cloud provider’s ability to support their IG needs generally, and their e-discovery needs specifically.

Information governance provides a framework for organizations to take control of their information and to select and maximize the cloud opportunity. Organizations that fail to consider their information governance requirements will very likely find themselves in an uncomfortable place when litigation and e-discovery forces them to scramble to identify, produce, and present responsive information.

Organizations seeking to do real, enterprise business with valuable data in the cloud must seek out cloud service providers that are firmly committed to the principles of information governance. This is the only way to ensure that they will be able to respond quickly, efficiently, and completely when the other side in litigation or a regulator asks for their information.

To help organizations ensure that they are prepared to conduct e-discovery in the cloud, the Information Governance Initiative (IGI) is pleased to announce the release of its newest white paper, E-Discovery in a Cloud-First World: Using Information Governance to Prepare & Protect Your Organization.

  1. The cloud computing market grows bigger each day, and for good reason. All research points in the same direction: the cloud computing market is exploding. After all, the cloud provides businesses with the agility, availability, and cost savings necessary to survive in today’s ever-changing business world.
  2. Moving to the cloud isn’t without its risks. While the benefits of the cloud cannot be ignored, neither can the risks. For starters, once an organization has migrated to the cloud, chances are its data no longer lives on-premises. Such an arrangement could expose an organization to security vulnerabilities or force it to deal with issues relating to availability. Beyond that, organizations might have a hard time keeping track of rogue employees who use the cloud services of their liking—like the designer who uses a consumer cloud service to collaborate with a client without the oversight of the IT or legal departments.
  3. E-Discovery can be more complicated when information is stored in the cloud. It’s important to remember that once an organization begins to leverage cloud assets, chances are a third party is now at least partially responsible for managing its information. In the case of the designer who uses a consumer cloud service, decision makers would have to rely on that service in the event they had to retrieve pertinent documentation—provided they even know that it is there when making representations to a court or regulator. Save for large enterprises that construct and maintain their own private cloud infrastructure, businesses that live in the cloud don’t have complete control of their data—and they’re not their provider’s only customer, either.
  4. Some cloud providers place more emphasis on information governance than others. Because an outside entity is going to have at least some responsibility for their data when it’s stored in the cloud, organizations would be wise to partner with providers that are prepared to make the e-discovery process as seamless as possible, i.e., those that place an emphasis on information governance. In this white paper, you’ll learn precisely what characteristics to look for in such a provider.
  5. Cloud migration is an information governance opportunity. By incorporating robust information governance principles into their cloud migration strategies from the start, organizations can put the right safeguards in place to ensure they are able to easily conduct e-Discovery in a comprehensive fashion—and quickly.

To learn more about what your organization should do ahead of moving to the cloud to make sure your information is safe—or what information governance capabilities you should look for in a cloud service provider—click here to download and read this comprehensive new publication.

Is the Consumer Cloud Growing Up?


Today more and more enterprises are moving their business processes to the cloud to save money, get their products to market faster and operate more efficiently.

At the same time, their employees are also adopting cloud services that enable them to do their jobs better and with more mobility.

However, the problem is that IT hasn’t authorized – and usually doesn’t even know about – this employee-led cloud adoption, known as shadow IT. That can cause massive headaches for IT admins if employees store corporate data in cloud services that haven’t been sanctioned.

While these tools benefit individual users, “they allow corporate policies, legal requirements and regulatory obligations to be circumvented, creating a serious information governance problem,” according to a report by Osterman Research.

That’s why companies like Dropbox and Microsoft are not only beefing up the security of their business cloud services but adding enterprise-grade security to their consumer clouds as well.

As the cloud becomes more popular among enterprises and their employees, so does the risk to their corporate data, applying the right information governance practicesaccording to a recent report by the Ponemon Institute. And it’s difficult for organizations to manage the risk of cloud computing without applying the right information governance practices, Ponemon notes.

The statistics regarding employee use of consumer cloud services speak for themselves.

In Q1 2015, the average company used 923 distinct cloud services, an increase of 21.6% over Q1 2014, more than 10 times higher than what IT estimates, highlighting the stunning growth in employee-led cloud adoption, according to a report by cloud security company Skyhigh Networks.

The average company uses 49 file sharing services and the average employee actively uses three separate file-sharing services like Google Drive and Dropbox, according to Skyhigh.

And these services store 39% of sensitive and/or confidential corporate data uploaded to the cloud, including customer and employee Social Security numbers; dates of birth, or addresses; payment information, such as credit card numbers or bank account numbers; or protected health information such as medical record numbers or health plan beneficiary numbers, Skyhigh notes.

Additionally, collaboration services like GoToMeeting are being used throughout the enterprise. The average company uses 162 services and the average employee regularly uses seven different services, accounting for 24.4% of corporate data uploaded to the cloud, according to Skyhigh.

Broken down by category, the average company uses 162 distinct collaboration services, 51 development services, 49 file sharing services, 42 content sharing services, and 30 social media services. The average employee uses 28 cloud services, including seven collaboration services, three file sharing services, four content sharing, and four social media services, Skyhigh notes.

The inability to control how employees access and handle sensitive data in the cloud makes cloud governance – e.g., compliance with regulations – challenging, according to Ponemon. Not only that, but more employees are using cloud apps without specific training on the security procedures they are expected to follow.

To help organizations deal with the problem of unfettered access to critical corporate data and by extension, information governance, Dropbox has boosted the security of its consumer service with an optional two-step verification (via text message or time-based, one-time password apps) adding an extra layer of security to user accounts.

Additionally, data in transit is encrypted using secure sockets layer (SSL) and at rest using AES-256 bit encryption – Dropbox holds the keys to that. And if users’ devices are lost or stolen, they can easily be “unlinked” from users’ accounts to further lessen the risk of unauthorized access.

Microsoft, too, has enhanced the security of its consumer cloud storage service OneDrive. First, files in OneDrive aren’t shared with other people unless users save them in the Public folder or choose to share them.

In addition, data in transit is encrypted using SSL, although it remains unencrypted at rest (encryption at rest is only available on OneDrive for business users). Microsoft has also enabled perfect forward secrecy encryption support for OneDrive, which uses a different encryption key for every connection.

All OneDrive users also get access to two-step verification to help protect their accounts by requiring them to enter extra security codes whenever they sign in on devices that aren’t trusted.

The bottom line is that organizations that are able to solve the problems associated with employees using consumer cloud services will have taken a significant step toward solving their overall information governance problems.

The good news is that the consumer cloud is indeed growing up as more providers add enterprise-grade security features to their consumer cloud offerings, demonstrating the growing importance of information governance in a collaborate-first, ask-IG-questions-later world.