The Cloud - Florida Gulf Coast ARMA Chapter

earsplittinggoodbeeInternet and Web Development

Nov 3, 2013 (4 years and 1 month ago)

77 views

The Cloud

Earl C. Rich, CRM

We’re Gonna Talk About:


Define what The Cloud is


Discuss the different types of Clouds


Discuss Cloud service
-
types



RIM issues in The Cloud


Data Security issues in The Cloud


Legal challenges with The Cloud


Why IT likes The Cloud


Contracts are the key


Review Cloud Computing Agreements


Open Discussion / Questions

IT Stuff

RIM Topics

Contracts

What is “The Cloud”?


“The Cloud” is a metaphor inspired by the cloud symbol used to
represent the Internet in flow charts and diagrams.



Techie Definition
:



Cloud computing describes the disruptive transformation of IT
toward a service
-
based economy, driven by economic, technological,
and cultural conditions.
¹



Real
-
World Definition
:




Cloud is a style of computing where scalable and elastic IT
-
related capabilities are provided as a service to external customers
using Internet technologies.
²

1: Tom Jenkins, “Managing Content in the Cloud” (2011, October)

2: Gartner.com

Types of Clouds

Types of IT Clouds


Public Cloud



Traditional model where vendors dynamically
allocate resources through web applications.



Private Cloud



Computing platform is dedicated to a single
customer and can be housed internally or externally.



Hybrid Cloud



Your organization’s hardware interacts with a
vendor
-
hosted service (e
-
mail archiving, web filtering, etc...). This
model can also be used for “
Cloud Bursting
” where an
organization’s infrastructure is used for normal computing needs, but
cloud resources are used to carry peak loads.



Community Cloud



Infrastructure is shared between similar
organizations (i.e., all agencies within a government), but not with
other outside parties. This model may also be referred to as a
“government cloud”.


Public, Private and Hybrid Clouds

Cloud Service
-
Types

Infrastructure as a Service (
IaaS
)



The capability provided to the consumer is
to provision processing, storage, networks,
and other fundamental computing
resources.


Platform as a Service (
PaaS
)



PaaS

offerings typically include workflow
facilities for application design, application
development, testing, deployment and
hosting.


Software as a Service (
SaaS
)


Software is accessible via the client’s Web
browser Instead of on a local

network or hard
-
drive.



Cloud Computing Diagram

So Far, So Good… right?

Data Security Issues


HIPAA:


If the data contains Protected Health Information (45 C.F.R.
§
160.103), then the
two groups (yours and theirs) must enter into a “business associate contract” (45
C.F.R.
§
164.504(e)(2))



FMLA and the ADA:


Both contain confidentiality provisions that restrict access to first aid and safety
personnel, supervisors/managers, government officials, etc... (29 C.F.R.
§
825.500(g); 29 C.F.R.
§
1630.14 (c)(1))



Section 817.5681, Florida Statutes:


Breach of security for “personal information” (
§
817.5681(5),
Fla Stat.
) must be
noticed to the owner of the data (
you
) within 10 days, and to residents of

Florida within 45 days (
§
817.5681(1)(a);
§
817.5681(2)(a),
Fla. Stat.)

Legal Matters


Subpoenas:


Cloud vendors may be directly served a subpoena (Section 215 of the U.S. Patriot
Act) and may not be allowed to disclose the existence or nature of the subpoena.



E
-
Discovery/Rule 26 and Destruction Holds:


All data, regardless of where it is stored, must be disclosed (Rule 26(a),
F.R.C.P.

(2010)). A party is required to produce data in a reasonably usable form, and is
required to preserve electronically stored information [ESI] once litigation is
anticipated or has commenced (Rule 37(f),
F.R.C.P.

(2010)).



Jurisdiction:


Both parties should agree on a “home” jurisdiction, but if a cloud computing
provider is located outside of the United States, it may be difficult to enforce

any judgement of a U.S. court.

RIM Issues


Public Records Issues:


Data stored or created in The Cloud
are

records (whether F.O.R. or duplicate)!


The entity that “owns” the data is responsible for adhering to Chapter 119


The data must be retrievable and in a meaningful format to fulfil PRR standards



1B
-
26.003, F.A.C. (1B
-
26):


If the items are File of Record (F.O.R.), then 1B
-
26 requirements must be met
(storage methods, security standards, maintenance methods, etc...)



Records Retention and Destruction:


The Cloud provider
must

be able to maintain records for the prescribed lifecycle


The user (you, not them) must have the ability to initiate destruction of records

Why IT Likes the Cloud

1.








2.


Cloud Computing Value

Pros & Cons of Cloud Computing

A Good Contract is your Key to the Clouds


The main point of this entire presentation is
that care should be taken during the
contracting process to make sure that each
issue is addressed and fully negotiated in any
contract or SLA.


Review of two real
-
life Cloud Computing agreements

Cloud Computing Roadmap

Questions