Session 11: Cloud Computing LBSC 708X/INFM 718X Seminar on E-Discovery Jason R. Baron Adjunct Faculty University of Maryland April 12, 2012.

Slides:



Advertisements
Similar presentations
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Advertisements

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Federal Cloud Computing Initiative Matthew Goodrich November 5, 2010 GSA Confidential and Proprietary – Not for Distribution Section 508 Coordinator Conference.
Use of Oregon Statewide Electronic Records Management Systems (ERMS) Price & Services Agreements (PSA) DAS SPO Representative Lena Ferris DAS EISPD Representatives.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Author(s): David A. Wallace and Margaret Hedstrom, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative.
Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.
SaaS, PaaS & TaaS By: Raza Usmani
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.
Department of Commerce Records Management Training.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?
Embedding Records Management into Agency Processes The FEA Records Management Profile Laurence Brewer, CRM National Archives and Records Administration.
NARA’s FAQ and Bulletin on Managing Federal Records in Cloud Computing Environments Arian D. Ravanbakhsh Electronic Records Policy Specialist RACO Chicago.
Introduction to Cloud Computing
ARMA NORTHERN VIRGINIA CHAPTER MAY 18, 2011 Records Management, Transparency and Open Gov: An Update from NARA.
In class exercise You have been appointed Records Officer for a large cabinet Department in the Obama Administration. A lawsuit against the Department.
Records Management: It’s Not Just Paper
1 EDMS 101 Speaker: Monica Crocker, DHS EDMS Coordinator Overview of current project(s) Objective of this section: This session outlines EDMS fundamentals.
G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.
Security and Privacy Services Cloud computing point of view October 2012.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
The Legal Issues Facing Digital Forensic Investigations In A Cloud Environment Presented by Janice Rafraf 15/05/2015Janice Rafraf1.
In the name of God :).
Quarterly IT Forum Federal CIO Council IRMCO Federal IT Summit Screen shot of GSA Logo On each page in the footer is a logo of GSA and a logo from NARA.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
fact sheet (07/03/2007) 1 ARE ARCHIVING SOLUTIONS RECORDKEEPING SOLUTIONS? 7 th March 2007 Stephen Clarke Government Recordkeeping Programme.
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
Cloud Computing: The Basics, Benefits and Risks Image:
What Agencies Should Know About PDF/A-1 April 6, 2006 Mark Giguere
Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.
Records Management 101 The Basics Archival and Records Management Services Division.
The Challenge of Rule 26(f) Magistrate Judge Craig B. Shaffer July 15, 2011.
2009 Federal IT Summit Cloud Computing Breakout October 28, 2009.
1 Strategic Plan for Digital Archives Programme DAP PROJECT SCOPE OVERVIEW STATUS.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
LEGAL ISSUES IN CLOUD COMPUTING
Digital Government Summit
The Cloud Earl C. Rich, CRM. We’re Gonna Talk About: Define what The Cloud is Discuss the different types of Clouds Discuss Cloud service-types RIM issues.
PaaSport Introduction on Cloud Computing PaaSport training material.
Paperless Timesheet Management Project Anant Pednekar.
Cloud Computing Use Case Draft v2.
CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Web Technologies Lecture 13 Introduction to cloud computing.
ISA 201 Intermediate Information Systems Acquisition.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Cloud Computing: Legislative and Regulatory Frameworks Presentation to AREGNET Ria M. Thomas 29 April 2014 Occid-OrientStrategies.
The National Institute of Standards and Technology (NIST) define Cloud Computing as “a model for enabling convenient, on-demand network access to a shared.
Records Management Reality
UW-Madison Guidelines for Managing the Records of Departing Employees*
Chapter 6: Securing the Cloud
Records Retention and Disposition Naugatuck Valley Community College
By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani
SAA-COSA Annual Meeting Session 301: Capstone Officials & Public Records Arian D. Ravanbakhsh Office of the Chief Records Officer for the U.S. Government.
Recommendation 6: Using ‘cloud computing’ to meet the societal need ‘Faster and transparent access to public sector services’ Cloud computing Faster and.
Cloud Computing Kelley Raines.
Chapter 21: Cloud Computing and Related Security Issues
Chapter 22: Cloud Computing Technology and Security
CNIT131 Internet Basics & Beginning HTML
Introduction to Cloud Computing
Cloud Computing: Concepts
Basics of Cloud Computing
Capstone Approach to Management NATO Archives Committee Meetings
Presentation transcript:

Session 11: Cloud Computing LBSC 708X/INFM 718X Seminar on E-Discovery Jason R. Baron Adjunct Faculty University of Maryland April 12, 2012

2 Cloud Computing Definition From Wikipedia: “Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them. * * * The term cloud is used as a metaphor for the Internet, based on how the Internet is depicted in computer network diagrams and is an abstraction for the complex infrastructure it conceals.”

Cloud computing: NIST (partial) definition Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. From NIST Definition of Cloud Computing

Cloud Service Models Software as a Service (SaaS) – Cloud provider makes applications accessible through a thin client interface, e.g., web browser Platform as a Service (PaaS) – Cloud provider manages infrastructure but user can customize/configure applications Infrastructure as a Service (IaaS) – Cloud user controls apps plus capability to modify/manage operating systems and resources

Cloud Deployment Models Public Cloud – access available to general public; data segregated by user groups Private Cloud – access solely to specific organization Hybrid Cloud – combination of both. E.g., organization might use public cloud for and private cloud for other types of apps

Cloud Questions What, if anything, makes cloud computing different than what has come before? – From a technological perspective – From a legal/policy perspective How are the subjects of cloud computing and social media related/distinct? – From a technological perspective – From a legal/policy perspective

More Cloud Questions What are the advantages of cloud computing? What are the risks? What constitute best practices?

Hypothetical The CIO of a large federal agency considers herself to be under a mandate from the Administration to move 100,000 accounts to the cloud by the end of the current fiscal year. What technological and policy choices does the organization face, and what legal issues might arise?

Federal Cloud Computing Strategy Document Vivek Kundra, Feb. 8, 2011 “Storing information in the cloud will require a technical mechanism to achieve compliance with records management laws, policies and regulations promulgated by both the National Archives and Records Administration (NARA) and the General Services Administration (GSA). The cloud solution has to support relevant record safeguards and retrieval functions, even in the context of a provider termination.” (page 14)

Overview  Top 10 areas Federal agencies need to address when procuring cloud  Gives description of issues along with ways to address issues within contracts  Provides tactical guidance through a questionnaire checklist Source: Cloud Procurement White Paper 10

FOIA and Federal Recordkeeping in the Cloud FOIA Access  Ability to conduct a reasonable search to meet FOIA obligations  Ensure the processing of information is pursuant to FOIA requirements  Allow for the tracking and reporting of information pursuant to FOIA  Ability to conduct a reasonable search to meet FOIA obligations  Ensure the processing of information is pursuant to FOIA requirements  Allow for the tracking and reporting of information pursuant to FOIA Federal Recordkeeping  Agencies should have proactive records planning before using a cloud service  Ensure the ability to have timely and actual destruction of records in accordance with mandated records schedules  How to deal with permanent records  Process for transitioning to a new Cloud Service Provider (CSP)  Agencies should have proactive records planning before using a cloud service  Ensure the ability to have timely and actual destruction of records in accordance with mandated records schedules  How to deal with permanent records  Process for transitioning to a new Cloud Service Provider (CSP) 11

NARA on Cloud Computing NARA Bulletin Defines cloud models in accordance with NIST definitions + Discusses records mgmt challenges + Details how agencies can meet records mgmt responsibilities

NARA on Cloud Computing: RM Challenges NARA Bulletin Lacking the capability to implement records disposition schedules, including the ability to transfer permanent records to archives and/or delete temporary records --are records maintained in a way that preserves functionality and integrity throughout the records’ life cycle? --are links maintained between records and metadata?

NARA on Cloud Computing: More Challenges NARA Bulletin Agencies need to be able to control proposed deletion of records, wherever they be located + Agencies must ensure records are accessible for all purposes of access (e-discovery, FOIA, etc.)

NARA on Cloud Computing: Still More Challenges NARA Bulletin Cloud architecture may lack formal technical standards governing storage and manipulation of data, threatening long-term trustworthiness and sustainability of data

NARA on Cloud Computing: Still More Challenges NARA Bulletin Lack of portability complicating transferring/exporting permanent records to archival environment + Agencies should anticipate how continued preservation and access issues will be resolved where cloud provider business operations materially change

NARA on Cloud Computing: How can agencies meet their RM responsibilities? NARA Bulletin ) Include records officer in planning & deployment of cloud computing solutions 2) Declare which copy of records will be the official record copy (value of cloud version may be greater). 3) Determine if cloud data covered under existing records schedules 4) Include instructions on how records will be captured, managed, retained, made available to users

NARA on Cloud Computing: How can agencies meet their RM responsibilities? NARA Bulletin ) Instructions on conducting a records analysis, including on system documentation & metadata 6) Instructions to periodically test transfers of Federal records to other environments, including agency servers, to ensure portability 7) Instructions on how data will be migrated to new formats, so records are readable thru their life cycle 8) Resolve portability and accessibility thru good RM policies and data governance practices (interoperability, security, access, etc.)

NARA on Cloud Computing: Contractors & Service Level Agreements (SLAs) NARA Bulletin Agencies maintain responsibility for managing records whether they reside in an agency’s physical custody or if maintained by a 3 rd party contractor. + When dealing with 3 rd parties, include RM clause to ensure that contractor must manage records in accordance with Federal Records Act, 44 USC Chapters 21, 29, 31, 33, and NARA Regs, 36 CFR Chapter XII Subchapter B.

Sample RFQ Language The Quoter shall provide common Application Program Interfaces (APIs) allowing integration with third party tools such as archiving solutions, E-Discovery solutions, and Electronic Records Management Software Applications. The Quoter shall support an immutable management solution integrated with the messaging system in accordance with the requirement for Federal agencies to manage their messages and attachments as electronic records in accordance with 36 CFR § , including capabilities such as those identified in: DoD STD V3, Electronic Records Management Software Applications Design Criteria Standard, NARA Bulletin , July 31, 2008, Guidance concerning the use of archiving applications to store , and NARA Bulletin September 8, 2010, Guidance on Managing Records in Cloud Computing Environments.

21 Leading case precedent Flagg v. City of Detroit, 252 F.R.D. 346 (E.D. Mich. 2008) (where City of Detroit, as defendant, entered into contract for text messaging services with non-party service provider, held, City exercised sufficient control over ESI in form of text messages so as to require production to plaintiff under FRCP 34 standards; additionally, court ordered plaintiff to make its request under FRCP 34, in lieu of Court adjudicating dispute over the propriety of plaintiff’s pending 3rd party subpoena for same material).