Weitere ähnliche Inhalte Ähnlich wie How the Cloud Can Make Government Archiving More Secure and Less Expensive (20) Mehr von Osterman Research, Inc. (20) Kürzlich hochgeladen (20) How the Cloud Can Make Government Archiving More Secure and Less Expensive1. WHITE PAPER
How the Cloud Can Make Government
Archiving More Secure and Less Expensive
ON An Osterman Research White Paper
Published July 2012
SPONSORED BY
sponsored by
SPON
sponsored by
Osterman Research, Inc.
P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA
Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • info@ostermanresearch.com
www.ostermanresearch.com • twitter.com/mosterman
2. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
EXECUTIVE SUMMARY
OVERVIEW
Government agencies at all levels – city, county, state and Federal – have an
obligation to retain important records sent, received and stored in their email
systems. Because of Freedom of Information Act (FOIA) requirements, open records
laws, “Sunshine” laws and similar obligations, government agencies must retain all of
their relevant records, be able to find them easily, and produce them on demand in a
relatively short period of time. Moreover, government entities – like any other
employer – must also retain data for purposes of e-discovery and similar types of
obligations.
Callout
KEY TAKEAWAYS
• Government agencies must implement email archiving capabilities that will
permit them to capture very large amounts of information, retain it for many
years (or indefinitely in some cases), and produce it as accurately and as
inexpensively as possible.
• IT budgets for the deployment of new infrastructure are flat or declining because
most jurisdictions are experiencing a decline in tax revenue with simultaneous
increases in expenditure obligations.
• Cloud-based archiving should seriously be considered by all government agencies
as a means of satisfying their content-retention obligations. Archiving in the
cloud can be implemented at little or no up-front cost, allowing agencies to live
within their current expenditure obligations. Moreover, cloud-based archiving
offers more predictable costs over time, very high scalability, rapid deployment,
highly secure storage and high availability.
ABOUT THIS WHITE PAPER
This white paper explores the various obligations that government agencies have to
retain email and other content, and explains the benefits of using cloud-based
services to meet their archiving requirements. This white paper also provides a brief
overview of Sonian, the sponsor of this white paper, and their relevant offerings.
THE IMPORTANCE OF CONTENT RETENTION IN
GOVERNMENT
GOVERNMENT AGENCIES HAVE AN OBLIGATION TO RETAIN DATA
Every organization – regardless of its size, the industry it serves or how much data it
possesses – must retain important records for various lengths of time. The
requirement to retain data is imposed from a variety of sources, including legal
precedent in which courts establish standards for the length of time that data must
be retained, statutory obligations that specifically define the retention and production
obligations for certain types of data, and internal best practices. Retention
obligations apply for all forms of data, both physical and electronic.
Government agencies are no exception to retention requirements and, in fact, face
more such obligations than most other types of organizations. Because these
agencies must satisfy sunshine laws and FOIA requirements, the obligations to
preserve data are perhaps more strict for government agencies than for organizations
in virtually any other industry. Moreover, we can expect that oversight and
management of data will become stricter and more expansive in the future as
requirements for increased transparency of government operations become more
popular in theory, if not in practice.
©2012 Osterman Research, Inc. 1
3. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
NON-STATUTORY CONSIDERATIONS ARE ALSO IMPORTANT
However, aside from the statutory and related types of requirements to retain data
for long periods, there are three important reasons for government to implement
archiving technology:
• To lower IT costs
By migrating data from more expensive storage on email servers and other data
stores, archiving can reduce overall storage costs by placing older data into less
expensive archival storage systems. This can significantly reduce overall data
management costs, particularly for larger agencies that store voluminous
amounts of data.
• To improve storage management
An archiving system can make storage management much easier by indexing
content and making it more easily discoverable and accessible. This is
particularly important for agencies that must respond to sunshine-law or FOIA
requests frequently, since it minimizes the amount of time that employees must
spend searching for, filtering through and producing data for requestors.
• To improve email system performance
An archiving system can also dramatically improve email system performance by
minimizing the amount of “live” data that must be stored on email servers.
Because email messages and attachments older than 30 days are not accessed
frequently, it makes sense to migrate this content to an archiving system for
purely functional considerations. Doing so will reduce the amount of time
required to backup email servers, it will speed the restoration of a server from
backups when necessary, it will reduce the amount of overall downtime
experienced in the email system, and it will make message delivery faster.
PROBLEMS THAT GOVERNMENT AGENCIES FACE
There are four serious problems that government agencies face in the context of their
data management practices and obligations:
• Email is the de facto communications and file transport mechanism
For government agencies (and for most other types of organizations), email has
become the primary method for communications and for sending files. While
email is useful in this regard, using it in this way means that a large proportion
of records that must be retained for long periods get stored in email systems and
not in dedicated archiving or other systems focused on content management. If
this content is not archived appropriately, it can become lost as a result of server
crashes, data corruption or accidental deletion of information. Even if it is not
lost, extracting needed content from an email server or a backup tape is
arduous, expensive and time consuming.
• Content must be retained and readily available
Records generated and received by government agencies must be preserved for
many years and, in some cases, indefinitely. This creates an enormous problem
for agencies that do not have the indexing, storage and extraction capabilities in
place to manage this information properly. Poor content management can result
in an inability to produce information on demand, resulting in sanctions, adverse
judgments and other negative consequences.
• BYOD complicates retention
The trend of “consumerizing” IT – that is, employees using their personal devices
and a variety of Web 2.0 applications for work-related purposes, or Bring Your
Own Device (BYOD) – is increasing. Employees are motivated to do so because
they have the opportunity to use tools that they select and are specific to their
requirements. IT departments are warming to the idea of BYOD, at least for
hardware like smartphones, because employees are willing to bear the cost of
©2012 Osterman Research, Inc. 2
4. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
expensive communication and collaboration tools rather than requiring IT to pay
for them out of an agency budget.
That said, BYOD can significantly complicate content retention. For example, if
users are creating and receiving records on personal devices, this content must
be retained as if these records were created and received on agency-owned
devices. If they are creating government records using Twitter, Facebook or
other Web 2.0 applications, this content also must be retained. However, data
must be extracted and retained by the employer, not an easy task for most
agencies.
Enormous quantities of data make retention and access more difficult
Finally, another serious problem faced by government agencies is that enormous data
stores complicate the storage of content, make it more difficult to find and increasing
IT costs. For example, if we assume that each employee in a 7,500-employee
government agency generates 40 archivable records each day (five megabytes of
content), and that this content must be preserved for 10 years, this will generate 750
million records and 89 terabytes of content over that retention period. In the
absence of a robust and scalable storage and management infrastructure, finding
content in data stores this large is, at worst, impossible and, at best, very difficult
and expensive.
WHAT IF YOU’RE NOT ARCHIVING NOW?
Every government agency – regardless of the level of government – must retain
electronic records in their role as both the a) holder of personal and corporate
information and b) as an employer that might be called upon to produce information
for e-discovery or other purposes. Among the many requirements specific to
government to retain and otherwise manage records are the following:
FEDERAL REQUIREMENTS
• Federal Information Security Management Act (FISMA) of 2002
“Requires each federal agency to develop, document, and implement an agency-
wide program to provide information security for the information and information
systems that support the operations and assets of the agency…”
• The Freedom of Information Act
“Each agency, in accordance with published rules, shall make available for public
inspection and copying…copies of all records, regardless of form or format…”
• Coordination of Federal Information Policy
The Director of the Office of Management and Budget shall “oversee the
application of records management policies, principles, standards, and
guidelines, including requirements for archiving information maintained in
electronic format, in the planning and design of information systems.”
• OMB Circular A-130, par. 8a (1) (k)
Federal agencies must “incorporate records management and archival functions
into the design, development, and implementation of information systems.”
• 36 CFR 1234.10
Agencies must “establish procedures for addressing records management
requirements, including recordkeeping requirements and disposition, before
approving new electronic information systems or enhancements to existing
systems.”
• The Paperwork Reduction Act
Agencies must “implement and enforce applicable records management
procedures, including requirements for archiving information maintained in
©2012 Osterman Research, Inc. 3
5. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
electronic format, particularly in the planning, design, and operation of
information systems.”
SELECTED US STATE REQUIREMENTS
Every US state has a “sunshine” law, typically called a Public Records, Freedom of
Information Act, Open Records or similarly named law. Examples of these
requirements are provided below:
• Alaska Public Records Act
“The public records of all public agencies are open to inspection by the public
under reasonable rules during regular office hours. Public records are defined as
"any document, paper, book, letter, drawing, map, plat, photo, photographic file,
motion picture film, microfilm, microphotograph, exhibit, magnetic or paper tape,
punched card, electronic record, or other document of any other material,
regardless of physical form or characteristic, developed or received under law or
in connection with the transaction of official business."
• Arizona Public Records Law
Public records are “all books, papers, maps, photographs or other documentary
materials, regardless of physical form or characteristics, including prints or copies
of such items produced or reproduced on film or electronic media pursuant to
section 41-1348, made or received by any governmental agency in pursuance of
law or in connection with the transaction of public business” and are “open to
inspection by any person at all times during office hours.” Metadata has recently
been deemed as subject to open records requests.
• California Education Code Sections 35250-35258, Article 8
“The governing board of every school district shall…make or maintain such other
records or reports as are required by law.”
• California Public Records Act
Imposes a requirement on California’s state government to provide public
records.
• Florida 119.01 and Title XIX Chapter 286
Provides that all state, county, and municipal records are open for personal
inspection and copying by any person.
• Louisiana Sunshine Law
“All books, records, writings, accounts, letters and letter books, maps, drawings,
photographs, cards, tapes, recordings, memoranda, and papers…are ‘public
records’”.
• Massachusetts SPR Bulletin No. 1-99
“All email created or received by an employee of a government unit is a public
record.”
• Missouri Public Records Law
Almost all emails are public records.
• Ohio Public Records Act
Virtually every type of record created by a government entity in the state,
including those of alternative schools, is a public record.
• Oregon Public Records Law
“Every person has a right to inspect any public record of a public body in this
state, except as otherwise expressly provided.”
• Washington Public Records Act
“Each agency, in accordance with published rules, shall make available for public
©2012 Osterman Research, Inc. 4
6. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
inspection and copying all public records, unless the record falls within…specific
exemptions…”
• Wisconsin Public Records Law
“Except as otherwise provided by law, any requester has a right to inspect any
record.”
ARCHIVING IS A BEST PRACTICE FOR ANY AGENCY
Aside from the specific retention obligations imposed upon all government agencies
to retain records for FOIA or other requests is the fact that archiving is a best
practice for any organization, including government agencies. However, archiving of
government records is an area that continues to evolve, particularly as newer forms
of communication become more commonly used. Some important examples in this
regard are the following:
• In March 2011, the Utah legislature passed House Bill 477 (HB477)i, which
exempted lawmakers’ emails, text messages and other online communications
from the state’s public records disclosure requirements, the Government Records
Access and Management Act. HB477 was scheduled to go into effect on July 1,
2011, but was repealed in late March 2011 amid vigorous protests from a variety
of groups. A working group set up by the legislature following this debacle
developed SB177, a bill that requires more disclosure of public information.
• In the case of Quon v. City of Ontario,ii a police sergeant’s pager was searched
by Quon’s employer and sexually explicit text messages were discovered. The
Ninth Circuit Court of Appeals ruled that the City’s search violated Quon’s rights
under the Constitution’s Fourth Amendment, but this decision was overturned
unanimously by the US Supreme Court in 2010. The Supreme Court did not rule
on whether the plaintiff had a reasonable expectation of privacy in this
circumstance, but determined that “because the search was motivated by a
legitimate work-related purpose, and because it was not excessive in scope, the
search was reasonable..."
• In a February 2011 ruling by Judge Shira Scheindlin (who decided the famous
Zubulake v. UBS Warburg case), retention of metadata was determined to be
critical in the archiving process. In this case, National Day Laborer Organizing
Network v. U.S. Immigration and Customs Enforcement Agency,iii Judge
Scheindlin a) underscored the importance of metadata in her determination that
“certain key metadata fields are an integral part of public records,” and b) that
counsel must “make greater efforts to comply with the expectations that courts
now demand…with respect to expensive and time-consuming document
production.”
• In a somewhat similar case in 2010, the Washington state Supreme Court ruled
that metadata must be retained under the state’s Public Records Act. In the
case in question, a state resident requested a copy of an accusatory email that
she supposedly had sent to the Shoreline city council, but denied ever sending.
However, her request for the original email and its metadata was not honored by
the council. The city’s deputy mayor had sent the requested email to her
personal email account, which hid the identity of the person who actually had
sent it. The deputy mayor searched her work computer for the missing email,
but could not find it. The Washington Supreme Court ruled that the official’s
personal computer had to be searched for the requested content.
We draw three lessons from these and similar rulings:
• Content from newer information sources, such as text messaging or social
media, will increasingly need to be retained along with more traditional forms of
communication like email.
©2012 Osterman Research, Inc. 5
7. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
• Government agencies not only have a right to search for content on personal and
other devices, but also may have an obligation to do so in some cases.
• Metadata must be preserved.
SOLVING THE PROBLEM OF CONTENT
RETENTION IN GOVERNMENT
As discussed earlier in this white paper, government agencies face three fundamental
problems in the context of their content retention requirements:
• They must retain a wide variety of data for purposes of satisfying sunshine laws,
FOIA requests, potential responses to legal actions, and the like.
• They must make this data easily accessible to staff members responding to these
requests and to others that may need ready access to important data.
• Given the financial strain that most government agencies are under, they must
satisfy these requirements as inexpensively as possible.
WHY THE CLOUD MAKES SENSE FOR DATA RETENTION
Given these critical requirements, here is our view on the 11 key reasons that cloud-
based archiving makes sense for use by government agencies:
• The US Federal government is open to the cloud
While many decision makers in government may continue to resist any move to
the cloud, the US Federal government is increasingly open to it. For example,
the Federal Cloud Computing Strategy document issued in February 2011
concludes that “Cloud computing has the potential to play a major part in
addressing [government IT’s] inefficiencies and improving government service
delivery. The cloud computing model can significantly help agencies grappling
with the need to provide highly reliable, innovative services quickly despite
resource constraints.” Moreover, the report estimates that of the $80 billion
spent annually on IT by the US government, 25% could be spent on cloud-based
services.
• Low (or no) initial costs
One of the fundamental advantage of cloud-based anything – be it email,
security, archiving, etc. – is the fact that there are virtually no up front costs
associated with deploying a service. Because there are no initial requirements
for the purchase of servers, software and other infrastructure elements as is the
case with the on-premise, capital expenditure (CAPEX) model, the cloud
operating expense (OPEX) model allows agencies to implement a complete
archiving capability with virtually no up-front cost. While there may be some
minimal costs associated with IT staff to specify capabilities, ingestion of legacy
data and the like, these costs are in almost all cases very low.
• More predictable costs of ownership
Similarly, a cloud-based archiving system has more predictable costs of
ownership than the traditional on-premise model, largely because the cloud
provider defines the costs of the archiving capability up-front and these costs
remain constant over the life of the contract. With an on-premise system, there
will be periodic requirements to add more storage as more content is retained,
which can lead to off-budget costs at inopportune times.
• Lower overall total cost of ownership
The combination of minimal up-front cost, combined with more predictable on-
going costs, means that cloud-based archiving generally has a lower TCO than
on-premise archiving even when a large number of users are supported. While
©2012 Osterman Research, Inc. 6
8. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
lower TCO is of benefit to virtually any organization, it is especially advantageous
to government agencies that are – in these times of declining property tax and
other revenues – facing severe budget cutbacks. In short, the use of cloud-
based archiving can help government agencies to meet their content retention
obligations and to do so in an affordable manner, and it can reduce agencies’
current expenditure obligations.
• Rapid deployment of archiving capabilities
One of the chief benefits of cloud-based services is their ability to be deployed
much more rapidly than on-premise infrastructure. This allow government
agencies to deploy an archiving capability in a matter of a few hours or days,
unlike on-premise systems that might take a few weeks or more to evaluate,
specify, deploy and configure. Moreover, new capabilities can be added very
quickly with cloud-based services, such as the addition of more storage,
archiving of more users’ content, or retention of new content types.
• Scalable storage
One of the more important benefits of cloud-based archiving is that it offers a
virtually unlimited pool of storage, one that can be scaled to almost any level to
meet increased demand. Although on-premise systems can also provide scalable
storage, scalability is more easily accomplished in the cloud than with on-premise
systems.
• A high level of security
While some decision makers may be concerned about the security of sensitive or
confidential content in the cloud, cloud-based archiving actually offers better
security than most on-premise archiving systems can provide. Because cloud
providers can afford to pay for more robust security measures than most
government agencies can afford, cloud security is generally better than what
these agencies could hope to provide on-premise.
• Protection against changing storage standards
Particularly relevant for government agencies that must retain data for long
periods is the need to “future-proof” content against changing storage standards.
Because these standards change over time, content stored in on-premise storage
systems must be updated periodically to reflect new standards, new media types
and the like to ensure that data is still readable 10 or more years after it is
initially stored. However, this is not easily accomplished with on-premise
archiving systems. With cloud-based archiving, on the other hand, changing
storage standards become the provider’s problem and not the problem of the
agency that is charged with storing data. This not only reduces TCO, but also
ensures that records can easily be read for many years.
• High speed search capabilities
Cloud-based archiving can provide very high-speed search capabilities, allowing
agencies to respond to FOIA and other requests very quickly. This is particularly
important where FOIA searches are provided at no cost to the requestor, as in
the case of some non-commercial, non-scientific and non-media requestors
under US Federal FOIA laws who receive two hours of search services at no
chargeiv. The ability to search through enormous data stores quickly can reduce
the amount of time – and cost – for these searches.
• Highly available storage
Archiving in the cloud also results in highly available storage. Cloud-based
archiving can provide the same or higher level of uptime as on-premise
infrastructure – for example, Amazon’s S3 service guarantees server uptime of
99.99% (no more than 4.4 minutes of downtime per month). Moreover, leading
cloud providers replicate content to geographically separate data centers,
offering a level of disaster recovery that would be expensive to provide with on-
premise infrastructure.
©2012 Osterman Research, Inc. 7
9. How the Cloud Can Make
Government Archiving More
Secure and Less Expensive
• Significant financial benefits over the long term
Finally, cloud-based archiving can deliver significant financial benefits to
government in two ways. First, by eliminating virtually all up-front expenses,
cloud-based archiving can eliminate much of the initial expense associated with
archiving, allowing agencies to shift the bulk of their expenses to future years.
Second, cloud-based services are generally becoming less expensive over time.
This is not the case with on-premise capabilities, which – because of their
significant IT labor component – are becoming more expensive as the cost of
labor increases. This will result in greater long term return-on-investment
benefits for cloud-based archiving over time.
ABOUT SONIAN
Sonian, the pioneer in Cloud Powered Archiving and Search, offers it’s archiving
solutions at a fraction of the cost and complexity of other approaches. With over
8,000 customers across diverse industries and embedded into offerings from other
cloud innovators – Sonian is the future of Archive and Search in the Cloud.
While driving down costs is an integral part of our business model, so is developing
differentiating technologies. The challenging aspect of acquiring and making
petabytes of data search-able was a formidable hurdle Sonian achieved over the past
4 years. Several years ago, we perfected using the cloud to deliver a million search
hits within seconds. Today we are delivering that one-in-a-million search result within
a second. With our cloud-powered differentiating technology, we believe Sonian is in
a unique position to maintain a leadership position in cloud-based information
archiving and analytics.
Sonian ‘s next generation software and a business model is based on cloud compute
economics, security, and reliability. With over 8,000 customers across diverse
industries and embedded into offerings from other cloud innovators – Sonian is the
future of Archive and Search in the Cloud.
© 2012 Osterman Research, Inc. All rights reserved.
No part of this document may be reproduced in any form by any means, nor may it be
distributed without the permission of Osterman Research, Inc., nor may it be resold or
distributed by any entity other than Osterman Research, Inc., without prior written authorization
of Osterman Research, Inc.
Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes
legal advice, nor shall this document or any software product or other offering referenced herein
serve as a substitute for the reader’s compliance with any laws (including but not limited to any
act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively,
“Laws”)) referenced in this document. If necessary, the reader should consult with competent
legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no
representation or warranty regarding the completeness or accuracy of the information contained
in this document.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR
IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE
ILLEGAL.
i
http://le.utah.gov/~2011/bills/hbillamd/hb0477.htm
ii
http://www.supremecourt.gov/opinions/09pdf/08-1332.pdf
iii
http://ralphlosey.files.wordpress.com/2011/02/ndlon-v-ice-10-civ-3488-metadata-
foia_revised.pdf
iv
http://www.hanscom.af.mil/library/foia.asp
©2012 Osterman Research, Inc. 8