The Cloud - Florida Gulf Coast ARMA Chapter

earsplittinggoodbeeInternet and Web Development

Nov 3, 2013 (4 years and 8 months ago)


The Cloud

Earl C. Rich, CRM

We’re Gonna Talk About:

Define what The Cloud is

Discuss the different types of Clouds

Discuss Cloud service

RIM issues in The Cloud

Data Security issues in The Cloud

Legal challenges with The Cloud

Why IT likes The Cloud

Contracts are the key

Review Cloud Computing Agreements

Open Discussion / Questions

IT Stuff

RIM Topics


What is “The Cloud”?

“The Cloud” is a metaphor inspired by the cloud symbol used to
represent the Internet in flow charts and diagrams.

Techie Definition

Cloud computing describes the disruptive transformation of IT
toward a service
based economy, driven by economic, technological,
and cultural conditions.

World Definition

Cloud is a style of computing where scalable and elastic IT
related capabilities are provided as a service to external customers
using Internet technologies.

1: Tom Jenkins, “Managing Content in the Cloud” (2011, October)


Types of Clouds

Types of IT Clouds

Public Cloud

Traditional model where vendors dynamically
allocate resources through web applications.

Private Cloud

Computing platform is dedicated to a single
customer and can be housed internally or externally.

Hybrid Cloud

Your organization’s hardware interacts with a
hosted service (e
mail archiving, web filtering, etc...). This
model can also be used for “
Cloud Bursting
” where an
organization’s infrastructure is used for normal computing needs, but
cloud resources are used to carry peak loads.

Community Cloud

Infrastructure is shared between similar
organizations (i.e., all agencies within a government), but not with
other outside parties. This model may also be referred to as a
“government cloud”.

Public, Private and Hybrid Clouds

Cloud Service

Infrastructure as a Service (

The capability provided to the consumer is
to provision processing, storage, networks,
and other fundamental computing

Platform as a Service (


offerings typically include workflow
facilities for application design, application
development, testing, deployment and

Software as a Service (

Software is accessible via the client’s Web
browser Instead of on a local

network or hard

Cloud Computing Diagram

So Far, So Good… right?

Data Security Issues


If the data contains Protected Health Information (45 C.F.R.
160.103), then the
two groups (yours and theirs) must enter into a “business associate contract” (45

FMLA and the ADA:

Both contain confidentiality provisions that restrict access to first aid and safety
personnel, supervisors/managers, government officials, etc... (29 C.F.R.
825.500(g); 29 C.F.R.
1630.14 (c)(1))

Section 817.5681, Florida Statutes:

Breach of security for “personal information” (
Fla Stat.
) must be
noticed to the owner of the data (
) within 10 days, and to residents of

Florida within 45 days (
Fla. Stat.)

Legal Matters


Cloud vendors may be directly served a subpoena (Section 215 of the U.S. Patriot
Act) and may not be allowed to disclose the existence or nature of the subpoena.

Discovery/Rule 26 and Destruction Holds:

All data, regardless of where it is stored, must be disclosed (Rule 26(a),

(2010)). A party is required to produce data in a reasonably usable form, and is
required to preserve electronically stored information [ESI] once litigation is
anticipated or has commenced (Rule 37(f),



Both parties should agree on a “home” jurisdiction, but if a cloud computing
provider is located outside of the United States, it may be difficult to enforce

any judgement of a U.S. court.

RIM Issues

Public Records Issues:

Data stored or created in The Cloud

records (whether F.O.R. or duplicate)!

The entity that “owns” the data is responsible for adhering to Chapter 119

The data must be retrievable and in a meaningful format to fulfil PRR standards

26.003, F.A.C. (1B

If the items are File of Record (F.O.R.), then 1B
26 requirements must be met
(storage methods, security standards, maintenance methods, etc...)

Records Retention and Destruction:

The Cloud provider

be able to maintain records for the prescribed lifecycle

The user (you, not them) must have the ability to initiate destruction of records

Why IT Likes the Cloud



Cloud Computing Value

Pros & Cons of Cloud Computing

A Good Contract is your Key to the Clouds

The main point of this entire presentation is
that care should be taken during the
contracting process to make sure that each
issue is addressed and fully negotiated in any
contract or SLA.

Review of two real
life Cloud Computing agreements

Cloud Computing Roadmap