Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Responsive Document - CREW: NARA: Regarding Record Management and Cloud Computing: 11/28/2011 - Cloud Computing Bulletin-Draft5

Responsive Document - CREW: NARA: Regarding Record Management and Cloud Computing: 11/28/2011 - Cloud Computing Bulletin-Draft5

Ratings: (0)|Views: 3 |Likes:
Published by CREW
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.
On June 24, 2011, CREW filed a Freedom of Information Act request with the Army Corps of Engineers, Department of Agriculture, Department of Commerce, Department of Energy, Department of Health and Human Services, Department of Labor, Department of Veterans Affairs, General Services Administration, National Archives and Records Administration, and National Oceanic and Atmospheric Administration, seeking all records reflecting how these agencies and departments plan to fulfill their records management requirements after they move their email systems to a cloud computing environment. The National Archives and Records Administration (NARA) has recognized the many records management challenges associated with cloud computing and issued guidance (NARA Bulletin 2010-04, Guidance on Managing Records in Cloud Computing Environment) to all agencies. Several of these agencies and departments have already moved their emails to a cloud computing environment, or are in the process of moving their email systems to a cloud. Others are still in the information gathering stage. CREW seeks information on what steps these agencies and departments have taken to comply with the bulletin as well as records between these departments and agencies and cloud computing providers, such as Google or Microsoft.

More info:

Published by: CREW on Dec 05, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less

05/04/2012

pdf

text

original

 
 1
Draft
Cloud Computing BulletinAugust 2, 2010
________________________________________________________________________NARA Bulletin xxx-xxAugust xx, 2010
TO:
Heads of Federal Agencies
SUBJECT:
Guidance on managing records in cloud computing environments
EXPIRATION DATE:
?
 
1.
 
What is the purpose of this Bulletin?
This Bulletin addresses records managementconsiderations in cloud computing environments and is
a formal articulation of NARA’sview of agencies’ records
management responsibilities. As agencies are increasinglyevaluating, piloting, and adopting these technologies, they must comply with all Federalrecords management laws, regulations, and policies.2.
 
How does this Bulletin differ from
Frequently Asked Questions about ManagingFederal Records in Cloud Computing Environments
?
NARA issued an FAQ in February 2010 to provide agencies with a basic overview of cloud computing.This Bulletinexpands on that discussion by including a more detailed definition, Federal agencyexamples of cloud computing, records management guidelines, and contract language toconsider when procuring cloud computing services.3.
 
What is cloud computing?
Cloud computing is a technology that allows users to accessand use shared data and computing services via the Internet or a Virtual Private Network .Itgives users access to resources without having to build infrastructure to support theseresources within their own environments or networks.General interpretations of cloud computing include
“renting” storage space on
another
organization’s
servers or hosting a suite of services.
Other interpretations of cloud computingreference particular social media applications, cloud-based e-mail, and other types of Webapplications.
However, the National Institute of Standards and Technology (NIST) has beendesignated to develop standards and guidelines for the Federal cloud computing effort and toprovide an authoritative definition.NIST defines
cloud computing as “a model for enabling convenient,
on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers,storage, applications, and services) that can be rapidly provisioned and released withminimal management effort or service provider interaction
.”
(NIST Definition of CloudComputing, Version 15, 10-07-2009)NIST has stated that the definition of Cloud
 
Draft Bulletin-Cloud Computing
 
2Computing is evolving. The user should consult the most current definition available fromNIST.NIST also identifies five essential characteristics of cloud computing:
 
On-demand self-service.
A consumer can unilaterally provision computingcapabilities, such as server time and network storage, as needed automatically withoutrequi
ring human interaction with each service’s provider.
 
 Broad network access.
Capabilities are available over the network and accessedthrough standard mechanisms that promote use by heterogeneous thin or thick clientplatforms (e.g., mobile phones, laptops, and PDAs).
 
 Resource pooling.
 
The provider’s computing resources are pooled to serve multiple
consumers using a multi-tenant model, with different physical and virtual resourcesdynamically assigned and reassigned according to consumer demand. There is asense of location independence in that the customer generally has no control orknowledge over the exact location of the provided resources but may be able tospecify location at a higher level of abstraction (e.g., country, state, or datacenter).Examples of resources include storage, processing, memory, network bandwidth, andvirtual machines.
 
 Rapid elasticity.
Capabilities can be rapidly and elastically provisioned, in some casesautomatically, to quickly scale out and rapidly released to quickly scale in. To theconsumer, the capabilities available for provisioning often appear to be unlimited andcan be purchased in any quantity at any time.
 
 Measured Service.
Cloud systems automatically control and optimize resource use byleveraging a metering capability at some level of abstraction appropriate to the typeof service (e.g., storage, processing, bandwidth, and active user accounts). Resourceusage can be monitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.(NIST Definition of Cloud Computing, Version 15, 10-07-2009)4.
 
What are cloud computing service and deployment models?
Cloud computing servicemodels refer to how an agency can adopt cloud computing. Currently NIST describes themodels as follows:
 
Cloud Software as a Service (SaaS).
The capability provided to the consumer is to
use the provider’s applications running on a cloud infrastructure. The applications are
accessible from various client devices through a thin client interface such as a webbrowser (e.g., web-based email). The consumer does not manage or control theunderlying cloud infrastructure including network, servers, operating systems,storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
 
Cloud Platform as a Service (PaaS)
.
The capability provided to the consumer is todeploy onto the cloud infrastructure consumer-created or acquired applicationscreated using programming languages and tools supported by the provider. Theconsumer does not manage or control the underlying cloud infrastructure includingnetwork, servers, operating systems, or storage, but has control over the deployedapplications and possibly application hosting environment configurations.
 
Draft Bulletin-Cloud Computing
 
3
 
Cloud Infrastructure as a Service (IaaS).
 
The capability provided to the consumer isto provision processing, storage, networks, and other fundamental computingresources where the consumer is able to deploy and run arbitrary software, which caninclude operating systems and applications. The consumer does not manage or controlthe underlying cloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networking components(e.g., host firewalls).Depending upon user needs, and other considerations, cloud computing services aretypically deployed using one of the following four models as defined by NIST:
 
 Private cloud.
 
The cloud infrastructure is operated solely for an organization. It maybe managed by the organization or a third party and may exist on premise or off premise.
 
Community cloud.
The cloud infrastructure is shared by several organizations andsupports a specific community that has shared concerns (e.g., mission, securityrequirements, policy, and compliance considerations). It may be managed by theorganizations or a third party and may exist on premise or off premise.
 
 Public cloud.
 
The cloud infrastructure is made available to the general public or alarge industry group and is owned by an organization selling cloud services.
 
 Hybrid cloud 
.
The cloud infrastructure is a composition of two or more clouds(private, community, or public) that remain unique entities but are bound together bystandardized or proprietary technology that enables data and application portability(e.g., cloud bursting for load-balancing between clouds).(All definitions are from NIST Definition of Cloud Computing, Version 15, 10-07-2009)Public and private clouds are terms of art used in the IT community and by NIST to describevarious cloud configurations. These terms are not related to whether records in those cloudsare publicly accessible. In addition, definitions do not preclude agency responsibilities tomanage the records.5.
 
How are Federal agencies using cloud computing?
NARA interviewed
 
agencies that areusing cloud computing services to achieve benefits such as cost savings, accessibility,scalability, collaboration, and flexibility.In one example, an agency dealing with globally-dispersed employees needed a rapidsolution for information sharing. Using a commercial contractor, the agency deployed aprivate cloud to share financial data, capture reports, provide world-wide access toinformation, and solve security challenges. In this instance, the agency used a separatecommercial platform to prevent unauthorized users from using the application as a back door to access secure agency servers.
The agency said the system meets all fiscal auditrequirements, but also said it recognizes that records management requirements were not addressed,and all data is currently retained.
 
In another example, at least two units in the same agency built and offer cloud computingservices as providers to other offices in different parts of the agency. Both units deal with

You're Reading a Free Preview

Download
scribd