Advantages of Hiring UIUX Design Service Providers for Your Business
Distributed Computing - Cloud Computing and Other Buzzwords: Implications for Archivists and Records Managers
1. Crossroads
Distributed Computing -
Cloud Computing and Other Buzzwords:
Implications for Archivists and Records Managers
NAGARA Crossroads 2009-3
This issue of Crossroads continues a series of white papers on various topics related to electronic records written by
members of the Committee on Electronic Records and Information Systems (CERIS). This white paper covers the
topic of cloud computing. It was written by Mark Conrad, Archives Specialist, with the National Archives and
Records Administration’s Center for Advanced Systems and Technologies. The views expressed in this document
are the author's. While his perspective has been informed by his work at the National Archives and Records
Administration, he does not speak for the institution. All statements, opinions and conjectures are the author's unless
otherwise attributed.
CERIS White Paper
Distributed Computing - Cloud Computing and Other Buzzwords:
Implications for Archivists and Records Managers
Cloud computing is a term that is used a great deal these days. Many IT departments
and resource allocators are considering implementing technology related to this term.
Two of the reasons most cited for using cloud services are potential cost savings
brought about by economies of scale, and the ability to rapidly deploy new applications
and services.
Cloud computing has the potential to have a substantial impact on archival and records
management programs as well. It would be impossible to provide an exhaustive list, but
this document will explore a few of the possible implications of deployment of cloud
computing and related technologies for archivists and records managers and the
organizations that they serve.
Caveat Emptor
This paper will have a relatively short “shelf life.” To say that cloud computing continues
to evolve is a gross understatement.
Define Terms Rigorously
One of the biggest problems with the term, cloud computing, is that there is no
consensus on exactly what it means. In the August 2009 issue of Communications of
the ACM, there is an article concerning a roundtable discussion with some of the key
players in the development and deployment of cloud computing services. Even among
this group there was not much consensus on what exactly cloud computing is. One of
the more interesting quotes from the article comes from Lew Tucker, Chief Technology
Officer of cloud computing at Sun Microsystems. He said, “Cloud computing is not so
much a definition of a single term as a trend in service delivery taking place today. It’s
1 NAGARA Crossroads 2009-3
2. the movement of application services onto the Internet and the increased use of the
Internet to access a variety of services traditionally originating from within a company’s
data center.”1
On August 21, 2009 the National Institute of Standards and Technology issued version
15 of its, “Draft NIST Working Definition of Cloud Computing.” The document begins
with two interesting caveats:
Note 1: Cloud computing is still an evolving paradigm. Its definitions use cases,
underlying technologies, issues, risks, and benefits will be refined in a spirited
debate by the public and private sectors. These definitions, attributes, and
characteristics will evolve and change over time.
Note 2: The cloud computing industry represents a large ecosystem of many
models, vendors, and market niches. This definition attempts to encompass all of
the various cloud approaches.2
If your organization, or an organization that you provide services for, is proposing to
implement cloud computing, it will be very important to make sure that all parties
involved – including the potential vendors of the cloud solutions - share the same
understanding of what exactly is being proposed. From a records management and
archives point of view it will be very difficult to identify the recordkeeping implications of
implementing a cloud computing environment without having a clear understanding of
exactly what is being proposed.
Pieces of the Cloud
For example, the NIST draft definition identifies:
Five Essential Characteristics of Cloud Computing:
On-demand self-service – A person or organization can procure computer services such
as additional computing resources, server time, or network storage at any time without
having to communicate directly with people who provide the services.
Broad network access – The services should be available over the network (often the
Internet) using standardized tools that allow the user to access them from their office
computer, laptop, personal digital assistant, or mobile phone.
Resource pooling – In a typical organization most of the computational resources of that
organization sit idle for long periods of time or are not used at their full capacity. One of
the advantages of cloud computing is the ability to repurpose or reconfigure the
available computing resources on-the-fly. This enables rapid response to the changing
computing needs of the consumers of computing services. It also facilitates much more
efficient use of computing resources by quickly repurposing the resources for other
tasks once the current tasks have been completed. This allows organizations to operate
their computing resources at or near their capacity much of the time.
1
Creeger, “CTO roundtable,” 52.
2
Mell and Grance, “Draft NIST Working Definition of Cloud Computing, version 15,” 1-2.
2 NAGARA Crossroads 2009-3
3. Rapid elasticity – The consumer should have the ability to rapidly (often automatically)
increase or decrease the computing resources needed to carry out their work.
Measured Service – The cloud computing services are designed so that units of cost
can be established, measured, and billed. For example a cloud service vendor might
charge a fee based on the number of bytes of data an organization stores on their
storage system each month, the number of users from a particular organization that use
the vendor’s service, the number of computing cycles used, or the amount of bandwidth
consumed.
Three Service Models for Cloud Computing:
Cloud Software as a Service (SaaS) – Under this service model, the end-user is
provided with access to the vendor’s software applications over a network. Some
examples of this type of service would be vendor-provided, web-based e-mail and word-
processing, and spreadsheet applications that the end-user accesses over the Internet.
Cloud Platform as a Service (PaaS) – In this case the end-user organization deploys
their own applications on the vendor’s computing resources. The vendor usually limits
the programming languages, operating systems, etc., that they will support in order to
host these applications. For example, an organization might develop or acquire a new
enterprise-wide database application. Rather than purchase all of the necessary
servers, networks, storage, etc., the organization may decide to deploy the new
application on the computing resources of a cloud computing vendor.
Cloud Infrastructure as a Service (IaaS) – Under this service model the end-user
organization is provided access to the vendor’s underlying computing resources and is
given much wider latitude in terms of what applications, operating systems, etc., the
end-user can use on the vendor’s computing resources. Essentially the end-user is
outsourcing the majority of their IT infrastructure while maintaining their prerogatives as
to what applications, operating systems, etc., they deploy on that infrastructure.
Four Deployment Models for Cloud Computing:
Private cloud - The cloud infrastructure is operated solely for one organization. That
infrastructure may be on premise or off premise. The organization or a third party may
provide the infrastructure.
Community cloud – The cloud infrastructure is operated for several organizations with
similar requirements for particular cloud services. It may be managed by the
organizations or a third party and may exist on premise or off premise.
Public cloud – The cloud infrastructure is made available to the general public or a large
segment of the public and is owned by an organization selling cloud services.
Hybrid cloud – The cloud infrastructure is a combination of the other deployment models
that operates as a single cloud infrastructure.
Getting on the Same Page
Given the many possible ways an organization could use cloud computing services, it is
important to ensure that all stakeholders are involved in the decision-making process.
3 NAGARA Crossroads 2009-3
4. Archivists and records managers should be among those stakeholders. In fact, many of
the issues that would be concerns for records managers and archivists could serve as
the basis for reaching consensus among all of the stakeholders as to exactly how the
organization is going to use cloud computing services.
Listed below are a few issues that archivists and records managers might want to
consider if their organization is considering using cloud computing services. This is by
no means an exhaustive list.
Scope – What organizational information will be stored, processed, accessed through
the cloud? Will restricted data (personally identifiable information, trade secrets, law
enforcement information, etc.) be stored, processed, and/or accessed through the
cloud?
Retention – Cloud computing services often create multiple copies of the data that they
store for an organization on geographically-dispersed computing resources in order to
ensure that no data is lost and that it is constantly available to the end-user. It would be
important to know how the vendor would ensure the destruction of all copies of records
that had reached the end of their retention period.
Location – Cloud computing is often implemented in such a way that the end-user has
no idea where their information is stored or processed. Some cloud service providers
will let you place broad limits on where your data will be stored (e.g., in the continental
United States, in a particular state, etc.) If your organization is contemplating placing
data in a cloud that must be maintained within jurisdictional boundaries it will be
important to establish that as a requirement before you procure services and ensure
that it is included in the contract with the vendor.
Legal/Policy Compliance – The issues surrounding the ability of cloud services –
especially public/community cloud services - to comply with the rules, regulations, laws
and policies that govern the management of an organization’s information are often
cited as one of the most significant barriers to wide-spread adoption of cloud computing
by government entities and highly-regulated organizations. Vivek Kundra, the U.S. Chief
Information Officer, in announcing the launch of Apps.gov, indicated that, “we will need
to address various issues related to security, privacy, information management and
procurement to expand our cloud computing services.”3 Debra Logan, an enterprise
content management analyst at Gartner, Inc., has indicated security, privacy, and
compliance concerns will prevent many highly-regulated industries and global
organizations from adopting cloud services through 2012.4
Analysts have listed a number of compliance issues that they believe most public cloud
services cannot meet at the time this paper was written. For example, at the October
2009 Gartner Symposium IT/Expo, a Gartner analyst indicated that he did not believe
that public cloud services were appropriate at that time for credit card information that
would be covered by the Payment Card Industry (PCI) security requirements.5 Some of
the other requirements that are frequently cited include:
3
Kundra, “Streaming at 1:00: In the Cloud | The White House.”
4
Tucci, “Addressing compliance requirements in cloud computing contracts.”
5
Messmer, “Gartner on cloud security: 'Our nightmare scenario is here now'.”
4 NAGARA Crossroads 2009-3
5. The Health Insurance Portability and Accountability Act (HIPAA)
The Sarbanes-Oxley Act of 2002
The Federal Information Security Management Act of 2002 (FISMA)
E-Discovery – If your organization is involved in an e-discovery exercise you will have
to be able to locate relevant information throughout your organization quickly. You also
have to be able to place litigation holds on all responsive information subject to
destruction under existing records schedules. How do you ensure that you can comply
with an e-discovery order if some or all of your information is stored in a cloud? Caryn
Wojcik outlined many of the questions that a records management program must be
prepared to answer when confronted with a discovery order in a previous CERIS white
paper.6 That paper also cites a list of potential questions that Caryn developed that
could be asked of information technology departments as part of a legal discovery
process. These same questions would be good to ask any potential vendor of cloud
services.
Interoperability – Because the information stored in many information systems will
need to be kept and used long after the system has become obsolete, it is important to
consider an exit strategy at the same time that an organization considers the
deployment of any new information technology. Cloud computing services are no
different. It is important to ensure that your information is not trapped in a proprietary
system in a manner that will require considerable expense or effort to remove it from
that system and move it to another system.
Several groups are attempting to address this issue. The Open Grid Forum
(www.ogf.org) is working on the Open Cloud Computing Interface. The Distributed
Management Task Force (DMTF) has formed the Open Cloud Standards Incubator
(www.dmtf.org/about/cloud-incubator). The Open Cloud Consortium
(www.opencloudconsortium.org) is working on a standard that would create an
intermediary format that would make it easier to migrate distributed data and
applications across cloud platforms.7 There are other efforts underway as well. Many
vendors and other interested parties have indicated their support for the Open Cloud
Manifesto (www.opencloudmanifesto.org). Given the large number of cloud
interoperability initiatives underway it is hard to predict if one or more of these initiatives
will emerge as de facto standards in the near term.
Security – Currently there is a debate taking place as to whether or not cloud services
provide more or less security than “traditional” IT infrastructure. Bob Gourley
summarizes some of the arguments on both sides in his white paper for the National
Security Council and the Homeland Security Council:
Security typically improves due to centralization of data, increased security-
focused resources, increased ability to patch and upgrade, increased ability to
monitor, increased ability to encrypt and many other reasons. However, there are
6
Wojcik, “Discovery: How the Legal Process Can Impact Records Management
Professionals,” 2-3.
7
Lawton, “Addressing the Challenge of Cloud-Computing Interoperability.”
5 NAGARA Crossroads 2009-3
6. concerns about loss of control over certain sensitive data. When designed in at
the beginning, security of cloud architectures is significantly higher than non-
cloud approaches. Enterprises requiring significantly enhanced security should
consider private clouds, where the data center is controlled by the enterprise vice
outsourced. 8
The Jericho Forum (www.jerichoforum.org) and the Cloud Security Alliance
(www.cloudsecurityalliance.org) are just two organizations that are looking at how to
address security issues related to cloud computing.
Getting Started
Non-sensitive information
Many organizations at all levels of government are beginning to procure and use cloud
computing services. Often these organizations undertake their first foray into cloud
computing with a project using non-sensitive information.
Private Cloud
Many organizations that want to put sensitive information in a cloud are opting for a
private cloud. Under this deployment model the cloud services are only made available
to a single organization – often in the organization’s data center. This approach allows
the organization to better utilize its computing resources and at the same time maintain
a greater measure of control over its information.
Pilot Project
In an effort to entice organizations to use their services, some vendors are letting
potential customers try their services for free for a limited period of time (e.g., 30 days).
This is a relatively risk-free way of trying cloud computing services.
Community Cloud
Some organizations are planning and implementing clouds for a consortium of similar
organizations that have similar requirements. For example, the State of Utah is planning
to offer e-mail and other web-based applications to cities and counties throughout the
state.9 Similarly, the State of Michigan is developing cloud services for state agencies,
cities, counties, and schools across Michigan.10 At least one major vendor of cloud
computing services has announced that they will provide a government cloud – a
separate infrastructure for just government agencies.11
Audits
Many providers of cloud services are now furnishing their clients with Statement on
Auditing Standards (SAS) No. 70 Service Auditor's Reports. SAS No. 70 is an auditing
standard developed by the American Institute of Certified Public Accountants. A SAS 70
8
Gourley, “Cloud Computing and Cyber Defense,” 4.
9
Towns, “Utah Plans Private Cloud for Local Agencies.”
10
Towns, “Michigan Plans New Data Center and Government Cloud.”
11
Williams, “Q&A: Former Salesforce.com Executive Steve Cakebread Sees Big Move to Cloud for
Government.”
6 NAGARA Crossroads 2009-3
7. Audit Report indicates that a vendor has had an audit conducted to demonstrate that
they have adequate controls and safeguards when they host or process data belonging
to their customers. There are two types of Service Auditor's Reports – Type 1 and Type
2. Type 2 reports are the more thorough of the two types of reports. Type 2 reports
require an auditor to monitor a vendor’s systems and controls over a minimum of a six
month period.12 Such audit reports should not be used as a substitute for due diligence.
Conclusion
Many analysts say that it is not a matter of if, but when, cloud computing services will be
used by most organizations. When your organization or an organization you serve
contemplates deploying cloud computing services, it will be important to make sure that
issues like those raised in this document are addressed upfront. Cloud computing
services will continue to evolve over the near term. It will be important to continually
monitor new developments in this area. Because of the complex nature of both the
technology and policy implications of cloud computing it will be important for archivists
and records managers to work in concert with other stakeholders in addressing these
developments.
References
“About SAS 70.” About SAS 70. http://www.sas70.com/about.htm.
Creeger, Mache. “CTO roundtable: cloud computing.” Communications of the ACM 52,
no. 8 (2009): 56, 50.
Gourley, Bob. “Cloud Computing and Cyber Defense,” March 21, 2009.
http://www.whitehouse.gov/files/documents/cyber/Gourley_Cloud_Computing_an
d_Cyber_Defense_21_Mar_2009.pdf.
Kundra, Vivek. “Streaming at 1:00: In the Cloud | The White House.” White House Blog,
September 15, 2009. http://www.whitehouse.gov/blog/streaming-at-100-in-the-
cloud/.
Lawton, George. “Addressing the Challenge of Cloud-Computing Interoperability.” IEEE.
Computing Now | News | September 2009 | .
http://www.computer.org/portal/web/computingnow/archive/news031.
Mell, Peter, and Tim Grance. “Draft NIST Working Definition of Cloud Computing,
version 15.” National Institute of Standards and Technology, October 7, 2009.
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc.
Messmer, Ellen. “Gartner on cloud security: 'Our nightmare scenario is here now'.”
TechWorld, October 22, 2009.
http://www.techworld.com.au/article/323110/gartner_cloud_security_our_nightma
re_scenario_here_now.
Towns, Steve. “Michigan Plans New Data Center and Government Cloud.” Government
Technology. http://www.govtech.com/718213.
---. “Utah Plans Private Cloud for Local Agencies.” Government Technology, August 24,
2009. http://www.govtech.com/gt/714321.
12
“About SAS 70.”
7 NAGARA Crossroads 2009-3
8. Tucci, Linda. “Addressing compliance requirements in cloud computing contracts.”
SearchCIO.com, June 11, 2009.
http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1359026,00.htm
l.
Williams, Matt. “Q&A: Former Salesforce.com Executive Steve Cakebread Sees Big
Move to Cloud for Government.” Government Technology, October 29, 2009.
http://www.govtech.com/gt/732506?id=732506&full=1&story_pg=2.
Wojcik, Caryn. “Discovery: How the Legal Process Can Impact Records Management
Professionals.” Crossroads 2009, no. 1. CERIS White Papers.
http://www.nagara.org/associations/5924/files/Crossroads_2009_1.pdf.
For Further Reading:
Defining Cloud Computing
Armbrust, Michael, Armando Fox, Rean Griffith, Anthony Joseph, Randy Katz, Andy
Konwinski, Gunho Lee, et al. Above the Clouds: A Berkeley View of Cloud
Computing, February 10, 2009.
www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf.
Brodkin, Jon. “FAQ: Cloud computing, demystified: What is cloud computing, and can it
be trusted? Key questions answered,” May 18, 2009.
http://www.networkworld.com/supp/2009/ndc3/051809-cloud-faq.html.
Buyya, Rajkumar, Chee Yeo, and Srikumar Venugopal. “Market-Oriented Cloud
Computing: Vision, Hype, and Reality for Delivering IT Services as Computing
Utilities.” In HPCC '08: Proceedings of the 2008 10th IEEE International
Conference on High Performance Computing and Communications, 13, 5. IEEE
Computer Society, 2008. http://dx.doi.org/10.1109/HPCC.2008.172.
Creeger, Mache. “CTO roundtable: cloud computing.” Communications of the ACM 52,
no. 8 (2009): 56, 50.
Foster, I, Yong Zhao, I Raicu, and S Lu. “Cloud Computing and Grid Computing 360-
Degree Compared.” In Grid Computing Environments Workshop, 2008. GCE '08,
10, 1, 2008. http://dx.doi.org/10.1109/GCE.2008.4738445.
Jaeger, Paul, Jimmy Lin, Justin Grimes, and Shannon Simmons. “Where is the cloud?
Geography, economics, environment, and jurisdiction in cloud computing.” First
Monday 14, no. 5 (2009).
http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2456.
Mell, Peter, and Tim Grance. “Draft NIST Working Definition of Cloud Computing,
version 15.” National Institute of Standards and Technology, October 7, 2009.
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc.
Leavitt, N. “Is Cloud Computing Really Ready for Prime Time?.” Computer 42, no. 1
(2009): 15-20.
8 NAGARA Crossroads 2009-3
9. Vaquero, Luis, Luis Merino, Juan Caceres, and Maik Lindner. “A break in the clouds:
towards a cloud definition.” ACM SIGCOMM Computer Communication Review
39, no. 1 (2009): 55, 50.
Viega, J. “Cloud Computing and the Common Man.” Computer 42, no. 8 (2009): 106-
108.
Getting Started
“17 Steps to Cloud Migration -- Washington Technology.”
http://washingtontechnology.com/microsites/cloud-computing/17-steps-to-the-
cloud.aspx.
Schultz, Beth. “How to buy cloud computing services: Five key questions to ask any
prospective cloud provider .”, May 18, 2009.
http://www.networkworld.com/supp/2009/ndc3/051809-cloud-buy-services.html.
Stantchev, Vladimir, and Christian Schröpfer. “Negotiating and Enforcing QoS and SLAs
in Grid and Cloud Computing.” In Advances in Grid and Pervasive Computing,
25-35, 2009. http://dx.doi.org/10.1007/978-3-642-01671-4_3.
Interoperability
Bernstein, D, E Ludvigson, K Sankar, S Diamond, and M Morrow. “Blueprint for the
Intercloud - Protocols and Formats for Cloud Computing Interoperability.” In
Internet and Web Applications and Services, 2009. ICIW '09. Fourth International
Conference on, 336, 328, 2009. http://dx.doi.org/10.1109/ICIW.2009.55.
Lawton, George. “Addressing the Challenge of Cloud-Computing Interoperability.” IEEE.
Computing Now | News | September 2009 | .
http://www.computer.org/portal/web/computingnow/archive/news031.
Nelson, Michael R. “Building an Open Cloud.” Science 324, no. 5935 (June 26, 2009):
1656-1657.
Security
Cloud Security Alliance. “Security Guidance for Critical Areas of Focus in Cloud
Computing,” April 2009.
http://www.cloudsecurityalliance.org/guidance/csaguide.pdf.
“cloud_cube_model_v1.0.” Jericho Forum, April 2009.
http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf.
Douglis, F. “Staring at Clouds.” Internet Computing, IEEE 13, no. 3 (2009): 4-6.
Everett, Catherine. “Cloud computing - A question of trust.” Computer Fraud & Security
2009, no. 6 (June 2009): 5-7.
Gourley, Bob. “Cloud Computing and Cyber Defense,” March 21, 2009.
http://www.whitehouse.gov/files/documents/cyber/Gourley_Cloud_Computing_an
d_Cyber_Defense_21_Mar_2009.pdf.
9 NAGARA Crossroads 2009-3
10. Kaufman, Lori. “Data Security in the World of Cloud Computing.” IEEE Security &
Privacy Magazine 7, no. 4 (July 2009): 64, 61.
Messmer, Ellen. “Gartner on cloud security: 'Our nightmare scenario is here now'.”
TechWorld, October 22, 2009.
http://www.techworld.com.au/article/323110/gartner_cloud_security_our_nightma
re_scenario_here_now.
National Institute of Standards and Technology. “Recommended Security Controls for
Federal Information Systems and Organizations,” August 2009.
http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf.
Marinos, Alexandros, and Gerard Briscoe. “Community Cloud Computing” (2009).
http://arxiv.org/abs/0907.2485.
Perez, Sarah. “Forget Google and Amazon, the DoD Shows Off What a Real Cloud
Platform Can Do.” ReadWriteWeb, October 7, 2009.
http://www.readwriteweb.com/archives/forget_google_and_amazon_the_dod_sh
ows_off_what_a_real_cloud_platform_can_do.php.
---. “Gartner: Vetting security of third-party partners in five steps.” SearchCIO-
Midmarket.com, May 6, 2009. http://searchcio-
midmarket.techtarget.com/news/article/0,289142,sid183_gci1355739,00.html.
Government Implementations
“GSA Outlines U.S. Government's Cloud Computing Requirements -- Cloud Computing
-- InformationWeek.” http://www.informationweek.com/news/government/cloud-
saas/showArticle.jhtml?articleID=218900541.
Sarno, David. “Los Angeles adopts Google e-mail system for 30,000 city employees |
Technology | Los Angeles Times.” Los Angeles Times, October 27, 2009.
http://latimesblogs.latimes.com/technology/2009/10/city-council-votes-to-adopt-
google-email-system-for-30000-city-employees.html.
“The White House - Blog Post - Streaming at 1:00: In the Cloud.”
http://www.whitehouse.gov/blog/streaming-at-100-in-the-cloud/.
Towns, Steve. “Federal Web Portal Moves to Cloud Computing Platform.” Government
Technology, May 1, 2009. http://www.govtech.com/gt/654240.
---. “Michigan Plans New Data Center and Government Cloud.” Government
Technology. http://www.govtech.com/718213.
---. “Utah Plans Private Cloud for Local Agencies.” Government Technology, August 24,
2009. http://www.govtech.com/gt/714321.
“White House unveils cloud computing initiative | Geek Gestalt - CNET News.”
http://news.cnet.com/8301-13772_3-10353479-52.html.
Williams, Matt. “Feds Launch Apps.gov Cloud Storefront for Purchasing.” Government
Technology, September 15, 2009.
http://www.govtech.com/gt/723606?id=723606&full=1&story_pg=1.
10 NAGARA Crossroads 2009-3
11. ---. “Q&A: Former Salesforce.com Executive Steve Cakebread Sees Big Move to Cloud
for Government.” Government Technology, October 29, 2009.
http://www.govtech.com/gt/732506?id=732506&full=1&story_pg=2.
Compliance
Howard, Alexander. “Gartner and CA on addressing compliance requirements in cloud
computing.” IT Compliance Advisor, June 11, 2009.
http://itknowledgeexchange.techtarget.com/it-compliance/gartner-and-ca-on-
addressing-compliance-requirements-in-cloud-computing/.
Joint, Andrew, Edwin Baker, and Edward Eccles. “Hey, you, get off of that cloud?.”
Computer Law & Security Review 25, no. 3 (2009): 270-274.
Navetta, David. “Legal Implications of Cloud Computing — Part One (the Basics and
Framing the Issues).” InfoSecCompliance.com - Technology, Privacy and
Security Law & Risk Management » Blog Archive », September 18, 2009.
http://infoseccompliance.com/2009/08/18/legal-implications-of-cloud-computing-
part-one-the-basics-and-framing-the-issues/.
---. “PCI Service Provider Contracting.” InfoSecCompliance.com - Technology, Privacy
and Security Law & Risk Management » Blog Archive » , June 11, 2009.
http://infoseccompliance.com/2009/06/11/pci-service-provider-contracting/.
Pearson, Siani. “Taking account of privacy when designing cloud computing services.”
In CLOUD '09: Proceedings of the 2009 ICSE Workshop on Software
Engineering Challenges of Cloud Computing, 52, 44. IEEE Computer Society,
2009. http://dx.doi.org/10.1109/CLOUD.2009.5071532.
Tucci, Linda. “Addressing compliance requirements in cloud computing contracts.”
SearchCIO.com, June 11, 2009.
http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1359026,00.htm
l#.
Watkins, John. “Cloud Computing - The Legal Issues Are Somewhat Cloudy in the
Cloud.” Ezine@rticles. http://ezinearticles.com/?Cloud-Computing---The-Legal-
Issues-Are-Somewhat-Cloudy-in-the-Cloud&id=2532393.
All hyperlinks in this issue were valid as of the date of publication.
Issues of Crossroads are available on the NAGARA Web site at www.nagara.org in Portable Document Format
(PDF) for downloading and easy printing.
Crossroads is sponsored by the NAGARA Committee on Electronic Records and Information Systems (CERIS).
CERIS members include LaDonna Wagers (Chair), State Library and Archives of Florida; Glenn McAninch (Vice
Chair), Kentucky Department of Libraries & Archives; Mark Conrad, National Archives and Records Commission;
Cindy Bendroth, Pennsylvania Historical and Museum Commission; Scott Leonard, Kansas State Historical Society
Caryn Wojcik, State Archives of Michigan; and Patty Davis, Ohio Historical Society.
Crossroads is edited by LaDonna Wagers, State Library and Archives of Florida, 500 S. Bronough Street, Mail
Station 9A, Tallahassee, Florida 32399, 850-245-6777, lwagers@dos.state.fl.us.
11 NAGARA Crossroads 2009-3