Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Responsive Document - CREW: NARA: Regarding Record Management and Cloud Computing: 9/19/2011 -NIST Cloud Computing Forum and Workshop 5-20-10

Responsive Document - CREW: NARA: Regarding Record Management and Cloud Computing: 9/19/2011 -NIST Cloud Computing Forum and Workshop 5-20-10

Ratings: (0)|Views: 7|Likes:
Published by CREW
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.

More info:

Published by: CREW on Oct 24, 2011
Copyright:Public Domain

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less

04/29/2012

pdf

text

original

 
NIST Cloud Computing Forum & WorkshopMay 20, 2010
Keynote: US CIO Vivek Kundra
 
Report released on May 20 on cio.gov on the state of cloud computing in the public sector:http://cio.gov/pages.cfm/page/State-of-Public-Sector-Cloud-Computing 
 
Federal Leadership with Cloud Computing is working to:
o
 
Working with CIOs to identify consolidation opportunities
o
 
Centralize certification of cloud solutions for agencies and vendors
 – 
FedRAMPprogram
o
 
Standards for security, interoperability, and data portability
 
Case studies highlighted (from report):
o
 
SEC
 – 
Using Salesforce for Investor Advocacy Relations they cut time to processfrom 30 to 7 days
o
 
Recovery.gov
 – 
recently moved to Amazon EC2 cloud service
 – 
This is the firstgovernment-wide system to move to the cloud
o
 
US Spending
 – 
moved May 20 to the NASA Nebula cloud
o
 
State of Utah
 – 
using a hybrid cloud with Salesforce, Google Earth, and Wikispacesto coordinate at state and local levels
o
 
LA
 – 
using Google Apps
o
 
HHS
 – 
Using Salesforce to coordinate the implementations of electronic healthrecords systems
o
 
DOI
 – 
Consolidating email systems (over 80,000 boxes)
o
 
NASA
 – 
 
halted a process already in place to move toward a “Cloud First” policy
 
 
“The cloud computing standards development journey begins today.”
 Industry Panel Responses:
 
When the panel was asked about opportunities for cloud computing:
o
 
Innovation
o
 
Time to deploy
 – 
short time allows the ability to fail often
 
What the US Government should and shouldn’t do:
 
o
 
The Government needs to act like a customer. The industry is driven by whatcustomers what and the Government has to know and explain what they want.
o
 
NIST should coordinate de facto standards
 – 
There needs to be stop gaps andcoordination of standards as new things appear
o
 
Look to international community
 – 
GovCloud in EU
o
 
Take feedback from first adopters and use this as a key driver to feed back intostandards development
 
Security and privacy
 – 
what things are overstated/understated/just right?
o
 
Understated: Security and lack of transparency by providers to show what they aredoing to address security concerns. Customers do not know what they are doing andtherefore cannot adequately assess concerns
o
 
Overstated: defining the cloud
 – 
 
It’s important to not continue to site on the sidelines
until a definition is nailed down.
o
 
Just right: “jurisdictional issues”
 
o
 
Understated: how cloud exacerbates current problems, such as with privacy. If oldinfrastructure had issues, there will just be different problems. Also, access issues
 
will not go away as the laws and guidance in this area is outdated. Scaling up canmultiply problems
o
 
Understated: Differing rules for international customers
 
Biggest challenges (outside of privacy and security)
o
 
Overall management of data
 – 
how to move it in the cloud, how to move it out, how
to access once it’s in. Impact on the broadband network.
 
o
 
How to move to tools and capabilities with current employees
 – 
there is apsychological impact to owners of systems of services. Individuals will need tothink in a different way and focus on gains to be had instead of what they may lose.
o
 
From the systems perspective
 – 
monitoring, perception, and anticipating needs
 
Resourcing
o
 
Could be easier to do in a cloud environment, such as getting an inventory of systems
o
 
People need to get more comfortable with technology
o
 
It will take some time for vendors to become more transparent
 
Impediments to adoption
o
 
Global norms
 – 
need to have some agreement on policy and best practices. Theysuggested NIST as the body to coordinate these efforts
o
 
FedRAMP
 – 
is critical to this process to provide a higher bar for a commonunderstanding of security. The focus should be on compatibility and interoperability.
o
 
Pace of development is so rapid that it may be difficult to find the right place tostandardize.
 
What should the role of government de facto standards vs. traditional standards and whereshould cloud computing come in?
o
 
Standards shouldn’t squelch innovation
 
o
 
Standards should help use products more efficiently and safely
o
 
Too early to tell
 – 
The government should do guidance and create a framework andlet the marketplace work itself out
o
 
Provide clarity and let it happen
 – 
continue to do work of creating a definition forcloud computing so that the same words mean the same things.
 
Where should there be standards in the short, medium and long term?
o
 
Data management
o
 
Short: Infrastructure (OBF), identity management
o
 
Medium: Identity management, access control
 
Compliance and International issues
o
 
This is an area of US government
 – 
de facto and de jure standards are in conflict
o
 
US should work with EU
o
 
Commercial and national interests are conflated
o
 
Help government use techno
logy as it’s supposed to be used
 
NIST Cloud Computing Overview
1.
 
Cloud Computing publication
 – 
In process and will use NIST definition2.
 
Standards Acceleration to Jumpstart Adoption (SAJACC)3.
 
FedRAMP
 
Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)
 
NIST answer to how to support adoption during this interim period of needing standards andthe time before they are actually written.
 
NIST is working on creating a strategy, process and portal for community collaboration.
 
Publicly accessible Standards Portal:
o
 
Method of communication and exchange
o
 
Users submit use cases to be validated by NIST
o
 
Goal is to enable interoperability for cloud computing before formal standards arecomplete. Until standards mature, what they are looking to create is a process to testsystem requirements.
o
 
NIST is populating existing standards and de facto specification in the portal
 
Within the larger security issues there are several other issues: trust, multi-tenancy,encryption, and compliance (included mention of Federal regulations)
o
 
Data management
 – 
another area of concern
 
How to transfer data in
 
How to transfer data out
 
How to backup to cloud
 
How to restore from cloud
 
How to archive/preserve in/to cloud
 
From the use cases submitted, NIST will create a taxonomy around
o
 
Portability
 – 
about keeping costs down and being able to cheaply and easily movefrom cloud to cloud
o
 
Interoperability
o
 
Security
FedRAMP
 – 
Federal Risk and Authorization Management Program
 
Came out of Cloud Computing Advisory Council which is made up of 75 members from 25agencies
 
Problem: agencies must do risk management of shared systems individually. They areduplicating efforts. They may have incompatible requirements. Acquisition is slowed bythis lengthy compliance process.
 
They are looking to develop a program for government-wide risk management so thatagencies can leverage authorizations already in FedRAMP. Agencies keep responsibilityand authority to ensure systems and determine suitability of systems.
 
With FedRAMP, the anticipated benefits include:
o
 
Risk management cost savings and increased effectiveness
o
 
Interagency vetted approach
o
 
Rapid acquisition
o
 
Consistent application of Federal security requirements
Government Implementation Panel
Overview of each agency on the panel:
NASA Nebula
 
Originally built to make an effort to unify security frameworks for 3000+ website platforms.

You're Reading a Free Preview

Download
scribd