Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Responsive Document - CREW: NARA: Regarding Record Management and Cloud Computing: 9/19/2011 -i360Gov-UPDATE-April2010_6129452

Responsive Document - CREW: NARA: Regarding Record Management and Cloud Computing: 9/19/2011 -i360Gov-UPDATE-April2010_6129452

Ratings: (0)|Views: 13|Likes:
Published by CREW
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.

More info:

Published by: CREW on Oct 24, 2011
Copyright:Public Domain

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
download as PDF, TXT or read online from Scribd
See more
See less

04/06/2012

pdf

text

original

 
lead or NIST, maintains that high costs and hety powerconsumption o traditional computing environmentsunderscore the need to explore other options. “Currently,$800 billion is spent annually on the purchase andmaintenance o enterprise sotware, and 11.8 millionservers run at only 15-20% capacity in data centers.Meanwhile, the number o servers doubled between 2001and 2006, while power consumption per server actuallyquadrupled during the same period.”“Technologies such as virtualization, high-speednetworking, monitoring and capacity planning play keyroles in the maturing cloud computing concept or a widerange o workloads,” said Tim LeMaster, Juniper’s Directoro Systems Engineering.
Cloud Computing is a natural evolution o the IT architecture. It addresses the issues o increasing capacity and perormance on the y
while lowering CAPEX and OPEX. For almost any type o data center operation, the principles o Cloud Computing can deliver thesevalues, and network architecture is an essential and undamental element.
Juniper Networks’ Cloud Data Center Network solutions simpliy network and security design by collapsing the multiple tiers present intraditional architectures, allowing the network to become simpler, atter, and more scalable. In addition, the simplifed network design
requires ewer devices and interconnections, leading to improved perormance, lower capital and operating costs and efciencies inspace, power, cooling, and management.
Federal Cloud Computing Initiatives Gain Traction
i360Gov.com
 |SPECIAL REPORT|APRIL 2010
Due to its promise as a low-cost computing alternative,publicity surrounding cloud computing remains at a everpitch, and ederal IT executives increasingly realize theymust fnd some way to incorporate this ‘sotware as aservice’ model into current operations, to help them domore with less -- even as serious security concerns linger.The current administration recommends launchingcloud computing pilot tests or applications rangingrom communications and remote access, to virtual datacenters, analytics/reporting, web portals, collaborationand both records and case management. And whileU.S. Chie Inormation Ofcer Vivek Kundra intends toshrink the total number o government IT initiatives, cloudcomputing remains a top priority.In act, public sector investment in cloud computingwill likely more than double in the next fve years,according to a recent report by analyst frm INPUT inReston, Va. As the ederal government modernizes ITinrastructures, agencies are exploring cloud computingas a viable alternative to buying and maintainingadditional servers and sotware. Industry observers citethe administration’s Open Government Directive and theapps.gov website as a prime example. NASA, meanwhile,launched Nebula, a home-grown cloud computingenvironment designed to let outside scientists contribute.DISA has the RACE program, which is being used to testcloud services. And the Department o Interior’s NationalBusiness Center is rolling out a variety o cloud-basedoerings or ederal agencies, in its role as a sharedservices provider. (See related article, in this report.)Driving the migration is the ongoing need to increaseexibility, improve efciency, lower costs and support avariety o workloads, as well as a range o Internet userswho increasingly expect high availability, unction andspeed. Peter Mell, a senior computer scientist and project
 sponsored by:
Cloud Market Forecast 2009-2014
SOURCE: INPUT 
The total ederal cloud computing market is expected to growrom $370m in 2009 to $1.2b in 2014 at a compound annualgrowth rate o 27%.
 
2
 
i360Gov.com
 |SPECIAL REPORT|APRIL 2010
 Although the cloud computing concept is still evolving,it has been defned by NIST ofcials as “a pay-per-usemodel or enabling convenient, on-demand networkaccess to a shared pool o confgurable and reliablecomputing resources, such as networks, servers, storage,applications and services that can be rapidly provisionedand released with minimal consumer management eortor service provider interaction.”The elastic, shared, sel-managing and sel-healingutilities inherent in cloud computing are so attractivebecause they support all users, no matter where theyare located. Also, these services can minimize inefcientinrastructure, while boosting initiatives such as Green IT,disaster recovery/COOP and Telework. Cloud computingcan also help ederal agencies create unifed, reliable,available inrastructures, comprised o interchangeableindustry-standard components. “Increasingly, agenciesare adding online submission processes or taxes,registration and bill payment services,” said JereyKaplan, managing director THINKstrategies, Inc. a marketresearch frm specializing in sotware as a service, inWellesley, Mass., who added agencies could also usecloud-based services to leverage third party resources orsituational computing requirements (think tax season).
Security Overshadows the Cloud
While most observers maintain the eventual migrationto cloud computing is inevitable, others remain steadastlyskeptical, citing security and privacy concerns asprominent obstacles to widespread deployment. Theseexecutives doubt externally controlled cloud servicescan be adequately protected and they stress the needor ederal agencies to careully scrutinize industryoerings to ensure adequate security. In March, the non-proft Cloud Security Alliance published a sponsoredreport on top cloud computing security threats, basedon inormation rom security experts at 30 organizationsinvolved in complex cloud environments. Top threatsinclude:
• Malicious employees of cloud computing providers –
this means potential customers must understand whatproviders are doing to detect and deend againstinsider threats.
• Nefarious use -- hackers actively target cloud providers,
partially because o relatively weak registration systems,which acilitate anonymity and also because providerspossess limited raud detection capabilities.
• Insecure interfaces and APIs -- reliance on a weak set
o interaces and APIs exposes organizations to securityrisks related to confdentiality, integrity, availability andaccountability.
• Shared technology vulnerabilities – many cloud providers
haven’t designed disk partitions, CPU caches and othershared elements or strong compartmentalization.
• Data loss or leakage – this can lead to compliance
violations and legal ramifcations.
• Account, service or trafc hijacking -- with stolen
credentials, attackers can access critical areas o deployed cloud services, which can be used tocompromise the confdentiality, integrity and availabilityo services.
• Unknown risks – While features and functionality may be
well advertised, detailed inormation about the complianceo internal security procedures, confguration hardening,patching, auditing and logging aren’t always readilyavailable.
Following Clouds Forward
While security concerns will continue or some time tocome, some ederal IT organizations are fnding that cloudcomputing initiatives may actually increase security i inormation stored is saely guarded within the confnes o a ‘private cloud.’ And while private clouds dedicate serviceto one organization, Juniper and IBM have joined in anOEM agreement signed last summer to allow IBM to oerJuniper’s networking technologies to advance a hybridconcept that could allow enterprises to seamlessly extendinternal private clouds to remote servers in a secure publiccloud. LeMaster said Juniper is investing in technologiessuch as:
• Converged enhanced Ethernet (CEE) – an evolution of 
Ethernet enabling networking protocol convergence andthe addition o extensions to the existing protocol suite toprovide reliability without incurring perormance penalties.
• Flow awareness -- in which trafc can be treated
dierently depending on the subscriber to whom itbelongs, and the type o service it represents.
• Class of service awareness – in which classes of service
require varying levels o preerential trafc treatment, tocompress trafc and conserve bandwidth, or ensuresecurity and accountability, by ensuing network resourcesgo to applications according to a preset organizationalpriority.
• Data center reliability to support cloud-based services.
 
 
 APRIL 2010|SPECIAL REPORT| 
i360Gov.com
 
3
Best Practices Advice for Cloud Planning and Implementation
In addition to security, legacy systems integration andgovernance over contracting and service level agreementsare nagging concerns. And or some providers, the keyissue is a lack o customer support. This is likely whyobservers such as THINKstrategies’ Kaplan maintainthere will be “a re-emergence o traditional legacy vendorswho will be able to oer the levels o quality, support andunctional services that ederal agencies truly require.For now, obstacles rom security and privacy toreliability, standards, regulatory or legislative hurdles andthe general ear o change, are all outweighed by a desireto move away rom technological complexity and isolation,toward better sharing o inormation among applications,data and users. As Deniece Peterson, manager o The Department o Interior’s National BusinessCenter (NBC) suggests ederal agencies introduce cloudcomputing through a series o small pilot projects, tailoredto build interest, introduce sta to the undamentals o thetechnology and provide compelling evidence to supporthow cloud services can resolve operational challenges.To make preliminary projects successul, DouglasBourgeois, the DoI’s NBC Director, suggests agenciesalso turn to cloud sotware vendors, commercial cloudproviders, and low cost COTS solutions to test earlycloud-based services. NBC also encourages agencies totake advantage o its shared services, which can provide asecure test bed or experimenting with cloud computing.Guiding principles the NBC wants agencies to keep inmind include:
• Pilot different application migration and cloud
management products. Avoid ‘big bang’ rollouts. Cloudtechnology and approaches are still emerging, and it’swise to experiment to fnd what fts best in the organization.
• Test solutions based on standard software and hardware,
decreasing the cost o a ailure. Several vendors arebuilding tools to allow enterprises to build private clouds. Avoid implementing a heavily customized solution as a frststep. Consider implementing a cloud lab or prototypingenvironment to allow users direct access to cloudtechnologies.
• Find out from cloud computing suppliers how they
enable private clouds, and what delivery approachesindustry analysis or INPUT explains, a growing numbero organizations are testing cloud-related technologiessuch as virtualization and service-oriented architecture(SOA) to build on-demand web services that will boostefciency, while maximizing existing IT investments. “Notmoving to the cloud ultimately means agencies willpay more than comparable organizations or the samecommodity products and services,” she said. At the sametime, the groundswell rom early adopters, combined withmomentum created by senior ofcials promoting the cloudis also helping drive the cloud’s 27% compound annualgrowth rate. “This literally dwars the overall IT industry’s3.5% growth per year, and urther proves anything cloud-based is defnitely hot, hot, hot,” she said.are most successul. A nascent industry has sprung uparound cloud outsourcing. Many specialized vendors oercapabilities such as user-driven provisioning and meteredor reserved pricing, which is worth close considerationwhen implementing an agency cloud.
• Workload characteristics must also be evaluated
careully, Bourgeois said because some workloads, suchas sel-contained, memory intensive applications, areoptimized or X86 servers, while other transaction-heavyworkloads are better suited or mainrame servers in acloud solution.
• Software architecture is important too, Bourgeois said,
as working with multiple memory-intensive applicationsin a cloud environment can create a bottleneck whenthe sotware architecture isn’t efcient in its memoryuse. Developers must write routines that ree memoryresources and reduce the amount o memory required.
• Keep a watchful eye on costs. The shift to running
applications as an operational expense rather than acapital expense requires governance, a managemento user behaviors and the processes in place. Agenciesmay otherwise spend more because they provision moreresources than they would have required in a traditionalcomputing environment.
Cloud Security Tips
 Additional advice rom NIST ofcials can help bettersecure cloud computing investments. According to NIST

You're Reading a Free Preview

Download
scribd