A Background on CDM Secrets
Let us start by identifying Document Management (DM) to mean any software system that maintains a centralised repository of documents such that it is assists finding and organising documents, while facilitating office processes.
By this definition, a DM may be anything from a simple shared folder structure through to a sophisticated management system supporting full versioning, custom metadata, views, filtering, sorting, user access controls and document workflow.
Most professional businesses deal with vast numbers of documents and hence secure, robust storage for the document repository is a key IT concern and cost centre.
Many accounting firms are considering the merits of moving to Cloud for mainstream accounting applications such as Practice Management, Tax, and GL. This may be driven by cost factors or the simple convenience of sharing data directly with clients, while eliminating traditional inconveniences of annual updates of software or infra-structure.
The question arises as to whether it is appropriate or worthwhile to also consider moving Document Management (DM) to the cloud, given that document creation, editing, storage and printing is all done locally within the office.
This white paper looks at the issues and makes a case for moving to a Cloud Document Management system (CDM) that takes advantage of the unique features offered by cloud technology.
The on-premise rationale
Firms committed to in-house deployment for DM typically offer the following reasons:
- Considerable investment has been made in their own IT infrastructure with both staff and facilities and it therefore behoves them to leverage this investment.
- Physical security of servers is entirely under their own control and responsibility. Typically, only escorted access is permitted to on premise servers, and only their own hardware is permitted to be connected to their internal network.
- Electronic security is managed by virtue of firewall isolation from the Internet enabling controlled protocol level access to what is essentially an isolated private internal network.
- Application usage is controlled and centrally managed by IT to ensure that staff has a controlled and managed desktop working environment.
These measures are designed to protect the organisation from external threats such as hacker attack and virus penetration, and to ensure known levels of system performance, redundancy and backup. The general belief is that internal installation of DM is necessary to maintain the level of security and robustness required by the organisation.
But is this really true and at what cost?
Cost of on-premise deployment
On premise deployments usually carry considerable IT costs, which bear scrutiny. Typically, there are 3 main cost centres:
- $$ to Buy. Most businesses will either purchase or lease the necessary server equipment to host the in-house DM system. A suitable server stack typically includes a database server, one or more application servers depending upon staff numbers, a RAID disk subsystem and a backup device.
- $$ to Maintain. The importance of the in-house server infrastructure typically mandates a contractual relationship with an IT firm, or employment of in-house IT human resources. Regular equipment upgrades are usually part and parcel of the maintenance regime.
- $$ to Backup. The cost of adequate backup may also be considerable, taking into account media costs, on-site / off-site fireproof storage and staff time to manage the process.
One strategy for reducing costs is to virtualise in-house servers into a data centre, however, this is often a false economy because the server lease costs and IT contractual support arrangements are still considerable, while often delivering poorer performance due to use of remote desktop sessions.
How secure is it really?
No matter how much is spent on the on-premise or virtualised server environment albeit locked behind firewalls, it seems repositories are still vulnerable to attack by malware such as crypto-locker, which infiltrates via email or web access.
Moreover, few in-house systems bother with document encryption, thus are open to inspection should a hacker gain access.