Tim Willoughby presentation to cloud workshop 2016
Cloud_Computing_IIMC_v1
1. Cloud Computing Primer for
Municipal Records Management
Steven C. Markey,MSIS,PMP,CISSP,CIPP,CISM,CISA,STS-EV,CCSK
Principal,nControl,LLC
AdjunctProfessor
2. • Presentation Overview
– Cloud Overview
• General
• Business Case for Cloud Computing
• Security Guidance
• Selecting a Cloud Service Provider (CSP)
• Records & Info Management (RIM) in the Cloud
• Municipal Government in the Cloud
– Case Studies
• IlliniCloud
• Washington D.C.
Cloud Computing
6. • What is Cloud Computing?
– Re-Branded IT Business Model
• Application Service Provider (ASP)
• IT Outsourcing (ITO)
– Formal Characteristics
• Resource Pooling
• Rapid Elasticity
– Confusion
• Hosting
• Virtualization
• Service Provider
Cloud Computing
16. • Business Case for Cloud Computing
– Time-to-Market
– Global Presence
– Focus on Core Competency
– Elasticity
– Cost-Benefit Analysis (CBA)
Cloud Computing
18. • Partly Cloudy with a Chance of Risk!
– The Cloud is Perceived as Risky Business
• Lack of Control
• Regulatory Compliance
• Hacks, Outages, Disasters….Oh My!
Source: Youtube
Cloud Computing
22. • Selecting a CSP
– Service Provider/Consumer Process Alignment
– Portability/Interoperability
– Contractual/Legal Agreements
– Industry Tools
Cloud Computing
23. • Service Provider/Consumer Process Alignment
– Change/Configuration Management
– Loading/Offloading
– Disaster Recovery
– Incident Response
– Legal Hold/Litigation Response/e-Discovery
• Electronic Discovery Reference Model (EDRM)
– Records and Information Management (RIM)
• Generally Accepted Recordkeeping Principles (GARP)
• Information Governance Reference Model (IGRM)
• Information Lifecycle Management (ILM)
Cloud Computing
25. • Contractual/Legal Agreements
– Service Level Agreements (SLA)
• Up-Time
• Jurisdiction
• Data Ownership
– Escrow Data
– Include Metadata
• Exit Clause
• Testing
– Disaster Recovery
– Incident Response
– Legal Hold/Litigation Response/e-Discovery
Cloud Computing
26. • Contractual/Legal Agreements
– Service Level Agreements (SLA)
• Right to Audit
– Vendor & Vendor’s Vendors
– Public Sector Specific
Cloud Computing
31. Cloud Computing
• RIM in the Cloud
– Process
• Self-Service Provisioning
• CSP Brokerage, Monitoring & Metering
• CSP Information Governance
• CSP Adherence to Standards
– NIST
» SP 800-92: Log Management
– ISO
» 15489: Records Management
» 23081: Records Metadata
» 15386: Digital Archive
» 30300/303001: RIM Management System
» 17024: Conformity Assessment
32. Cloud Computing
• RIM in the Cloud
– People
• More Empowered: Shadow IT, Consumerized IT
– Millenials Expect Autonomy
– Bring Your Own Device (BYOD)
– Less Office Time, But Always On
• Increased Roles & Responsibilities
• Additional Tech/Analytical Skill-Sets Required
– Technology
• Commoditized
• CSP Metadata
• New Technologies: Non-Relational Database Architectures
• New Paradigms: Big Data (Data Lakes & Cloud)
35. • Municipal Government in the Cloud
– Budget/Size
– Technical Strategy
– Risk Appetite/Tolerance
– Constituents
Cloud Computing
36. • Municipal Government in the Cloud
– Budget/Size
–Not all municipalities are the same
–Economy of scale with vendors
–Bigger does not mean better
–Smaller = Nimble
–Community clouds
Cloud Computing
37. • Municipal Government in the Cloud
– Technical Strategy
–Internal Staff
–Outsourcing/In-Sourcing
–Vendors/Partners
–Best-of-Breed/Lowest Bidder
Cloud Computing
38. • Municipal Government in the Cloud
– Risk Appetite/Tolerance
–Not all risks are the same
–911 & Operational Risk
– Constituents
–Not all constituents are technical
Cloud Computing
42. • Case Study: IlliniCloud
– Lessons Learned
• One’s smallest client may be its largest consumer.
• A particular service (e.g., video conferencing) may be a
surprise hit.
• The delivery of a blended hardware/software solution
set may be appropriate in order to receive the
maximum return on investment (ROI).
• A service that may have been cost prohibitive before
may be cost effective in a cloud environment.
• Collaboration (with stakeholders) is key to enhanced
participation.
Cloud Computing
43. • Case Study: IlliniCloud
– Lessons Learned
• One’s smallest client may be its largest consumer.
• Community cloud consumers should not
underestimate the economies of scale/cost efficiencies
that can be reached by deploying a community cloud.
• An organization should focus on its core
competency/technical skill set, thus enabling the use
of these different skill sets throughout the
conglomerate.
• An organization can leverage a community cloud for
necessities, such as disaster recovery (DR).
• Community clouds leverage a grassroots approach for
stakeholder buy-in.
Cloud Computing
44. • Case Study: IlliniCloud
– Next Steps
• Master Data Management (MDM)
• Using Hypervisor Neutral Technologies
• Packaging Software/System Solutions
• Expanding User-base
• Federated Identities
Cloud Computing
45. Cloud Computing
• Case Study: D.C. IN the Cloud
– Background
– Drivers
– Technologies
– Limitations
– Risks
– Lessons Learned
– Next Steps
46. Cloud Computing
• Case Study: D.C. IN the Cloud
– Background
• 38,000 Employees/Contractors
– Drivers
• Cost
– Technologies
• Cloud: Google Apps (Docs), Drive (Storage) & Gmail
47. Cloud Computing
• Case Study: D.C. IN the Cloud
– Limitations
• Budget
– Risks
• Software/System Interoperability
• Data Privacy
• Intuitive Use
• Administration
48. Cloud Computing
• Case Study: D.C. IN the Cloud
– (Hypothetical) Lessons Learned
• Limited Cost Savings
• Vendor Lock-In
49. Cloud Computing
• Case Study: D.C. IN the Cloud
– (Hypothetical) Next Steps
• Test Gmail/Postini Message Discovery
• Use CloudLock Data Discovery
• Use Google AppEngine (PaaS) to Develop New Apps
• Federated Identities
50. Cloud Computing
• Presentation Take Aways
– Cloud = Re-Branded Business Model
–With New Bells & Whistles (Big Data, etc.)
– Paradigm Shift Towards Empowerment
– Strategy & Due Diligence Are VERY Important
–Must Consider the Business Ecosystem