LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: RAINdrip: When Google turns to Gobble-Gobble...
From:	Patrick Cunningham <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 14 May 2009 20:05:01 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (50 lines)

Jesse, I'll play my usual contrary view on this. Most enterprises have uptime requirements in the range of "five nines" (99.999%) -- that's a bit more than 5 minutes of unscheduled downtime per year. "Four nines" is a bit less than an hour per year of unscheduled downtime. http://en.wikipedia.org/wiki/Uptime Google Apps "Premier Edition" guarantees 99.9% uptime -- that's about 9 hours of downtime per year -- not bad, but I'm not sure they have made that number yet. Keep in mind that I mention "unscheduled downtime" -- all enterprises have to take systems down from time to time for routine maintenance -- and those maintenance windows are typically scheduled. Because they are scheduled and predictable, they don't count against uptime.

I would suggest that most organizations cannot afford the level of downtime demonstrated by Google at this point in time. Downtime means idle employees and likely lost revenue, in addition to the expense.

With regard to the use of Google by many of the named organizations, those organizations are using the Premier or Education editions of Google Apps and Gmail, which are provisioned differently than the consumer versions. The services should be more robust and there is an opportunity for additional SLAs and requirements. My daughter attends Northwestern University and her email is provisioned through Gmail, but this is student email and Northwestern is looking to reduce cost by using Gmail (it's free!). Uptime is not a huge requirement for student email. Of note, the service for students is better than what was offered previously. http://www.it.northwestern.edu/stucollab/index.html http://www.google.com/a/help/intl/en/edu/case_studies/northwestern.html "Google Apps also has freed up strained server resources that are now being redeployed to improve faculty and staff email." That means that the legacy email systems are being used by the enterprise.

The out of the box agreements leave a whole lot to be desired. Note, these are the out of the box agreements that you get when you just sign up. Amazon Web Services, for example, (http://aws.amazon.com/agreement/) says this about their liability for "Service Suspension" (which would be downtime):

"Without limitation to Section 11.5, we shall have no liability
whatsoever for any damage, liabilities, losses (including any loss of
data or profits) or any other consequences that you may incur as a
result of any Service Suspension. To the extent we are able, we will
endeavor to provide you email notice of any Service Suspension in
accordance with the notice provisions set forth in Section 15 below and
to post updates on the AWS Websites
regarding resumption of Services following any such suspension, but
shall have no liability for the manner in which we may do so or if we
fail to do so."

With regard to security, AWS says:

"We strive to keep Your Content secure, but cannot guarantee that we
will be successful at doing so, given the nature of the Internet.
Accordingly, without limitation to Section 4.3 above and Section 11.5
below, you acknowledge that you bear sole responsibility for adequate
security, protection and backup of Your Content and Applications. We
strongly encourage you, where available and appropriate, to (a) use
encryption technology to protect Your Content from unauthorized access,
(b) routinely archive Your Content, and (c) keep your Applications or
any software that you use or run with our Services current with the
latest security patches or updates. We will have no liability to you
for any unauthorized access or use, corruption, deletion, destruction
or loss of any of Your Content or Applications."

In other words, if we take the system down and don't tell you, too bad. If we get hacked and you lose all your data, too bad. And oh, by the way, the Internet is a bad neighborhood and we doubt that we can secure your stuff. Somehow, I doubt that any commercial records center would say, "We store your records in buildings that we can't secure in neighborhoods that are bad because we want to save you money. If your stuff gets lost or stolen because we don't want to make a decent effort at securing your stuff, too bad. After all, it's a bad neighborhood."

I'm still not ready to rely on these services for myself or for my company, but I recognize that we're dealing with a force of nature here. There are efforts under way to address some of these issues. I refer you to this document: http://www.cloudsecurityalliance.org/guidance/csaguide.pdf There's significant mention of RIM in Domain 4, Electronic Discovery, beginning on page 41 of the document.

Patrick Cunningham, CRM
[log in to unmask]

"Perpetual optimism is a force multiplier."
-- Colin Powell

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US