It's the Cloud, Not the Wild West
So for me, the decision has to do more with the governance policies that you have in place, rather than the location that it's being stored. I'm thinking the decision has to come down to whether it's a policy-based corporate ordinance, or a technology-driven one. And Mary Leigh confirms it. "You set your policies, and then it's up to the governance board to figure out how to adhere to them. It doesn't matter where your information is stored. It's up to the governance decision-makers to make the rules. They might use policies, they might use technologies. But once those policies are set—and it just so happens that those policies can be met by a solution that's hosted in the cloud—then that's good for most organizations." But not all. Time will tell how far Mary Leigh's vision takes us.
Putting Controls in Place
It's always seemed to me that SharePoint was a wide-open prairie. Users could walk in, start up a farm, and when they're done, just walk away. "That's where polices come in," says Mary Leigh. "There need to be controls to limit what people can create. There are controls that monitor activity, and storage elevation, etc." The point is, there can be controls over the sprawl that SharePoint is infamous for creating. That was enlightening to me.
And then there's the financial overview. "If you open an Office 365 account where you get a bill every month, or every six months, you're going to be held accountable and made much more aware of what you're doing... or not doing." So there is an opportunity to have insight, and the ability to track and monitor, what people are doing on the cloud sites in your organization if you choose to take advantage of it.
So, in the same way that departments are responsible for their expenses and various cost centers, employees are also responsible for their Office 365 expenditures, and in most cases are required to "pay back" the IT department for their activities. So organizations have the opportunity to either grant or deny departments and/or individual users the right to use additional resources.
This also comes as news to me. I have always been under the impression that SharePoint sites could be started and abandoned with little to no governance. But the cloud, as it is developing, isn't quite the Wild West I once imagined. Nor is it the strictly controlled and conscripted infrastructure that most organizations have been accustomed to for decades. It is, of course, something new and something in between those two extremes. Which makes it complicated and challenging.
"Yes. It's not like setting up a Gmail account, where an employee can set up an account, entirely unknown to the company, and use it from an office computer. There's an approval process with SharePoint, and it demands some scrutiny... how much space will you need? Will you be putting important data or records here? Who do you plan to share this with? The answers to those questions can determine whether you get your resources, or not."
So the control over the provisioning process, and approvals and lifecycle management is now part and parcel of the SharePoint (and presumably other cloud services) in most organizations. That's a very different picture than I had in my head when I started this conversation.
But it's all part of the governance story. There are overview rights management controls over, basically, everything now. There are ways for an organization to prevent an employee from uploading or downloading a file even using a Gmail account. It is no longer a free running field for renegade employees. Nor is it a dark place for governance and IT managers. It's a new world out there, and you need to understand it.
Read on for more information and—dare I say it?—knowledge regarding the new world of cloud computing and the many ways in which it is affecting the way we work, and the way we live.