Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Responsive Document -CREW: Dept. of Energy: Regarding Record Management and Cloud Computing (6/24/2011 FOIA Requests): 8/25/2011- BSO Doc - IG Audit Report OAS-RA-L-11-061

Responsive Document -CREW: Dept. of Energy: Regarding Record Management and Cloud Computing (6/24/2011 FOIA Requests): 8/25/2011- BSO Doc - IG Audit Report OAS-RA-L-11-061

Ratings: (0)|Views: 14|Likes:
Published by CREW
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.

More info:

Published by: CREW on Aug 25, 2011
Copyright:Public Domain

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
download as PDF, TXT or read online from Scribd
See more
See less

04/06/2012

pdf

text

original

 
 
U.S. Department of EnergyOffice of Inspector GeneralOffice of Audits and Inspections
Audit Report
Department's Management of CloudComputing Services
OAS-RA-L-11-06 April 2011
 
 
DOE F 1325.8
 
(08-93)
United States Government
Department of Energy
Memorandum
DATE:
April 1, 2011 Audit Report Number: OAS-RA-L-11-06
REPLY TOATTN OF:
IG-34 (A11TG021)
SUBJECT:
Report on "Department's Management of Cloud Computing Services"
TO:
Administrator, National Nuclear Security AdministrationActing Under Secretary of EnergyUnder Secretary for ScienceChief Information OfficerINTRODUCTION AND OBJECTIVECloud computing enables convenient, on-demand access to shared computing resources thatcan be rapidly provided to users. According to the National Institute of Standards andTechnology (NIST) and industry experts, benefits of the cloud computing model include theability to more effectively manage Information Technology (IT) resources while reducingoperating costs. For instance, it permits organizations to plan computer usage and add orsubtract resources as necessary rather than invest in hardware and software that may be neededbut not necessarily frequently used. In addition, the cloud computing model can increaseemployee mobility by allowing access to computing resources regardless of physical location.Furthermore, it allows IT personnel to be more flexible in the allocation of resources, allowingthem to focus less on maintenance and more on innovation.As part of the Office of Management and Budget's (OMB)
25 Point Implementation Plan to Reform Federal Information Technology Management 
, each agency was required to identify atleast three cloud computing uses within its organization, of which one must be implementedby December 2011. Prior to OMB's action, however, the Department of Energy (Department)was already exploring various options to achieve greater efficiencies in service at a lower cost.For example, Argonne National Laboratory (ANL) and Lawrence Berkeley NationalLaboratory (LBNL) were exploring the use of cloud computing services for scientificcomputing as part of the Magellan Cloud Computing Project. In addition, other Departmentsites were evaluating cloud computing solutions that could allow them to utilize cloud servicesfor such things as email, calendaring, and a variety of collaboration tools. Due to the recentpush for the use of cloud computing, we initiated this audit to determine whether theDepartment was adequately managing the expanding use of cloud computing services.CONCLUSIONS AND OBSERVATIONSOur review did not reveal material issues with the Department's limited use of cloudcomputing services. However, we identified areas that the Department should consider beforeit moves forward with adopting such technology on a large scale. For instance, we noted
 
 2several opportunities for improvement in the Department's cloud computing initiative. Inaddition, we determined that certain areas related to management of the Magellan Projectcould be enhanced. Specifically, we noted that:
 
The Department had not yet prepared policies and procedures governing security andother risks and had not established coordination requirements among sites to preventduplication or other problems with cloud deployment; and,
 
Problems existed with resource disposition plans and Recovery Act-related jobreporting for the Magellan Project.Cloud Computing Program PlanningThe Department had not developed or implemented formal policies or procedures related toacquisition and security of cloud computing services. As noted by industry, common issuesthat should be considered in such a policy are software licensing and information security risksrelated to privacy, compliance, data location, certification, and records management. Althoughno policies and procedures were in place, cloud computing applications were being used ortested at several national laboratories, including ANL, LBNL, Pacific Northwest NationalLaboratory (PNNL) and Los Alamos National Laboratory. As the Department develops andimplements policies related to cloud computing, it should consider guidance issued by theNIST and Federal Risk and Authorization Management Program designed to ensure that ITresources are appropriately secured.We also identified opportunities for the Department to enhance its management andcoordination efforts when implementing cloud computing services. In particular, while wenoted that there was coordination of certain cloud computing projects among sites, weidentified other instances where such was not the case. For example, although Headquartersofficials from the National Nuclear Security Administration (NNSA) and Office of Sciencestated that their sites were not utilizing cloud computing, our review identified that their siteswere actually utilizing some form of this technology. Absent effective coordination andleadership by programs and sites, the Department may spend more time and resources thannecessary independently acquiring, developing, and/or implementing cloud computingapplications.Without adequate planning, there is an increased risk that users may utilize cloud computingproducts and services on the Department's networks, unnoticed, without undergoing adequatesecurity evaluations. For instance, PNNL officials stated that a user could purchase certaincloud services without approval that may be difficult to detect on the site's networks. Tomitigate this risk, the Department should implement policies and procedures and coordinate itsefforts related to cloud computing.Magellan ProjectThe Department committed more than $32 million in American Recovery and ReinvestmentAct of 2009 (Recovery Act) funding to establish the Magellan Project which provided a test

You're Reading a Free Preview

Download
scribd