In an era in which the top 10 metropolitan cities lack the budget to create disaster recovery plans for its email systems, storage in the cloud is tempting.
A talented panel comprised of:
- Mary Beth Herkert, State Archivist, Oregon State Archives
- Robert Ballard, Government IT Strategy Advisor, Microsoft
- Mark Giguere, Lead IT Specialist of Policy & Planning, National Archives and Records Administration
commented to the attendees of the annual joint meeting of the Council of State Archives (CoSA), the National Association of Government Records Administrators and Archives (NAGARA), and the Society of American Archivists (SAA) at the Marriott Wardman Park today on the records and information management implications of outsourcing IT infrastructure.
The Cloud - The Good and the Bad
The message was clear: one cloud or many clouds, local or internationally -- when data resides in the cloud, entities must state explicitly in the contract information ownership and control amongst parties. The group reiterated the positives of cloud computing. It’s easy, fast to implement, cost-effective, and there’s little need to reinforce infrastructure.
But entities should be concerned about privacy, security and location of where data resides. Retention, disposition, and ediscovery adds a layer of complexity. The panel reminded the audience that cloud computing is a tool in the toolbox -- the idea has merit, but it doesn’t solve every problem.
Four Ways of Looking at the Cloud
Ballard cautioned against the universal application of the term to non-pertinent topics. He outlined the types of service (SaaS, PaaS, IaaS) and the four ways to look at the cloud:
- Private organization (a single organization)
- Public cloud (full multi-tenant)
- Hybrid cloud (any combo of others)
- Community cloud (a single organization plus other closely aligned organizations).
He reiterated that organizations take advantage of cloud computing for flexibility, cost efficiency, collaboration, a reduced carbon footprint, agility, disaster recovery, transparency, focus, and remote access. During negotiating proceedings records colleagues should annotate the contract around a security model for preservation of data that includes communication, collaboration, infrastructure, and the application platform.
Document fidelity is also important (how would a word web app alter the file?). In an era in which the top ten metropolitan cities lack the budget to create disaster recovery plans for its email systems, storage in the cloud is tempting. He advised each audience member to be in the room during negotiations.
What is Essential to the Cloud?
Giguere announced that a bulletin will be published soon from NARA on cloud computing (the FAQ is here). He referenced the NIST Definition of Cloud Computing, which lists the essential characteristics of cloud computing as:
- On-demand self service
- Broad network access
- Resource pooling
- Rapid elasticity
- Measured service
and deployment models as private, community, public, and hybrid.
He followed these comments with specific examples of implementations:
Giguere outlined the potential negatives of cloud computing to Records and Information Managers. If the benefits of the drivers outweigh the perceptions of records management responsibilities, if cloud solutions are procedure without consideration of records management requirements, or if particular cloud deployments present insurmountable obstacles to records management, one or more of these factors could weigh heavily against the success of a Records program.
A Records and Information Manager can debate the capabilities of the cloud solution:
- Can the solution implement records disposition schedules, including the ability to transfer and permanently delete records or perform other RM functions;
- Specific service and deployment models may not meet all of the records management requirements;
- Depending on the application, vendors of a public cloud or manager of a private cloud may not be able to ensure complete deletion.
Various cloud architectures lack formal technical standards to govern how data is stored and manipulated in cloud environments. This threatens long-term trustworthiness and sustainability of the data.
How Can RM Challenges Be Met?
Be responsible for planning development, deployment, and use of cloud computing solutions. Determine which copies of records will be declared as the record copy and manage these in accordance with juridical records management content.
Remember, the value of records in the cloud may be greater than the value of the other set because of indexing or other reasons. Solid records management policies and data governance practices set instructions to capture, manage, and retain records; how data will migrate to new formats and operating systems; how to transfer permanent records in the cloud to the records authority; and, create a framework for portability and accessibility issues.
The CoSA, NAGARA, and SAA 2010 Joint Annual Meeting begins today and will continue through Sunday, August 15, 2010 at the Marriott Wardman Park in Washington, D.C.