Got your head in the clouds (computing)?

But now they only block the sun
They rain and snow on ev'ryone
So many things I would have done
But clouds got in my way
I've looked at clouds from both sides now
From up and down, and still somehow
It's cloud illusions I recall
I really don't know clouds at all....


I think Joni Mitchell summed it up well when she said "I really don't know clouds at all".

There's been a lot of discussion about cloud computing, what it is, what it isn't and the benefits and concerns around it. Much of the discussion indicates that while it isn't a mature enough concept, a lot of organizations are charging forward and putting their information assets at risk in this environment. One of my most recent favorite articles made a brilliant observation.

The writer, Ed Sperling, stated "In all companies, cloud computing needs to be part of an overall security risk management equation. It's easier to figure out in newer companies, but the process is still the same. Still, cloud computing should never be viewed as simply a way to save money unless a company doesn't care about security or doesn't have anything to steal. And in that case, why is the company even in business?" And I think it's a valid point to raise.



Risk is a critical component to consider when it comes to the storage and management of information assets, the lifeblood of many organizations. You need them to make informed decisions and to perform the 'business of your business', and protecting them form exposure is critical to ensure you retain your competitive edge over others.

Examples have been given where this seems to be a more logical option for consideration for SMBs (small to medium businesses) or for start ups, as a means of cost avoidance of procuring a large hardware infrastructure and minimizing the cost exposure related to application purchases. But again, I question this... if you're a new business and attempting to gain a foothold in the marketplace, wouldn't you want to do everything possible to keep your information as 'close to the breast' as possible? And while there isn't extensive evidence of the risk associated with cloud storage, (we aren't hearing rampant stories of data exposure), even secure environments are being routinely hacked... so these environments are obviously much more prone to it.

I think the jury is still out on cloud... and I fear many may not like the final verdict when they eventually hear it.

Long time, no post

I guess I've been a baaaaaad blogger, letting this sit idle for such a long time. Not that I haven't had a lot to say, just been saying it elsewhere and trying to figure out if/how to focus my energies to one source.

So much to say, where to begin? Okay... the ARMA Conference in Las Vegas. I was finally allowed to attend, but the notice came so late the airfare for a 90 minute flight ended up being nearly $400- thankfully I had a round trip coupon, but WHAT a waste of a good R/T coupon that was destined to get me to New Orleans =(

The conference was well attended, 4600 total, about half that many full paid attendees. Lots of sessions both on the paid and free side (those in the exhibit hall from vendors; some with the assistance of RIMs or techxperts). Lots of sessions on e-mail management and compliance issues, many on gaining management support for RIM programs, marketing RIM, and implementing ERMS tools. (Nope, you'll NEVER hear them referred to as 'solutions' here) It sure would be nice if the handouts for the expo floor sessions were ALSO made available to attendees!

Efforts were made to relate the sessions to domains and levels called out in the ARMA RIM Competencies which I stand firmly behind as a great document to provide guidance for where you are and where you may want to go in your RIM career.... obligatory disclaimer here, as I worked to help develop this document for 3+ well spent long years. Unfortunately, I think the efforts fell a bit short of their goals.

Talking to numerous attendees, some of them first-timers, many felt the sessions had the following problems:

1) the description did not accurately match the content
2) the ratings were higher than the content presented
3) the domains were misstated- content didn't stay on track for domains

A number of attendees told me that after the first day, they adjusted their plans and went to higher rated sessions, and still didn't feel they were getting what they expected in all cases. But, as I explained to them, this is a work in progress and it should improve over the coming year... and I STRONGLY SUGGESTED to them that they provide some of their feedback to ARMAs EDC and education department. If no one tells them, nothing will change.

I'm torn between the old "tracks" and the new "competency based" arrangement of sessions- one thing I'd like to see greater consideration given to is adjusting things so sessions of a common nature and differing levels are placed against each other in the same time slots, instead of making attendees choose betweens similar level sessions in multiple domains. Fortunately, almost ALL of the sessions handouts were posted in advance this time, so you did get an opportunity to review them before attending and make some choices of where to spend your time. Too bad a lot of first time attendees weren't aware of this option.

Biggest complaint? MISERABLE DISTANCES to be traveled between the hotel and the conference center, and between the general session and the expo floor/sessions. For those of us who are mobility impaired, it was a real pain (lterally) to walk these distances.

Biggest compliment? Plenty of people in the hall to tell you where things were if you were having trouble finding them.

Biggest disappointment? ARMA is STILL not doing a good job of marketing the Poster Sessions. Having delivered on every year since Long Beach (except this year) many attendees still don't know what they are supposed to be or intended to offer, and where to find them. This year they were in a dimly lit hallway- probably the best layout thus far was in San Antonio, but even then, no one seemed to know what they were.

Major suggestion? Re-instate the prior year's practice of ensuring EVERY first time attendee get a ribbon, and seriously encourage all Leadership and "old-timers" to directly approach and engage these people. I personally tried to approach every one I saw and ask how their experience was going and if they needed help navigating the landscape. Most of them were grateful and said that no one else had spoken to them. =(

Given the non-trivial cost of attending this annual event (registration, airfare, lodging, ground transportation, meals and incidentals) it would be nice to see more done to make the experience an overall win-win. Employers are becoming more reluctant to spend money sending employees to 4-5 day events unless they have an understanding of the take-aways and benefits of attendance. For members, the networking opportunities are excellent and the chance to catch up with friends and colleagues makes it a worthwhile experience. Employers however, are looking for hard benefits to their bottom line... and while you can come away with benchmarking information and suggestions for improvements to practices, sometimes it's hard to show that direct cost-to-benefit ratio.

Where is YOUR Personal Information??

Interesting article in Forbes, asking the age old question who gets your information and what do they do with it?

The writer postulates (based on input from an IBM analytics specialist), when you give out your information once, and it ends up in a database within 12 months over 1000 listings could potentially exist.

This topic has been discussed many times before and there are a lot of opinions, but what can you do about it? Well, the first thing is DON'T GIVE OUT YOUR information anywhere that you don't need to. Another suggestion is to have a second address, like a PO Box that you can use for non-official sources, and by all means, have a throw-away e-mail address (Yahoo, AOL, G-Mail, or other) that you can give out. As for your phone number, if one is required, you can always scramble the last 4 digits =).

Also, when you DO provide the "real deal", don't be shy about asking what it's going to be used for, what their privacy policy is, how long it will be retained, who it will be shared with, and HOW THEY DESTROY their records. When you ask these questions, if you're not satisfied with the answers, simply put "decline to state" on the form. Obviously, with a medical office, Financial services firm, educational institution, or other critical care organization, they should provide you a copy of their privacy policy (at least in California, because it's required).

Welcome to my Blog!

As time goes along, I hope to add information that both new practitioners and seasoned RIMs will find of value related to best practices in the field of RIM, as well as links to information being developed and discussed relevant to the field of practice.

Over the past 5-10 years, RIM is becoming a filed that business is becoming more interested in, primarily due to the increasing volume of information assets in both paper and electronic forms. There is also an increased interest due to the numerous rules and regulations related to managing information organizations are required to comply with.

Many see these changes in regulations as a burden, but others see them as an opportunity to improve on the methods for managing information more effectively, especially that information which meets the definition of "record" for their organizations.

I encourage all visitors to peruse the links to resources provided, and to ask questions on RIM related topics for discussion.