Many government agencies are considering moving their data storage to the cloud to chase after the lower cost infrastructure, but privacy, server ownership and a defensible e-discovery process make that a difficult decision.
These were the issues covered at a panel presentation at last month’s Guidance Software Federal Summit, a one-day thought leadership event with, “a focus on data visibility,” that brought together top federal agency officials in charge of cyber security, e-discovery and digital investigation to discuss how they locate, manage and secure data in order to ensure compliance, reduce risk and secure organization assets.
On the “E-Discovery in the Cloud,” panel were Jamie Brown of the U.S. Commodity Futures Trading Commission, Faith Bell of the IRS, Bucky Methfessel of the U.S. Department of Education, Kathy Stewart of the USDA Forest Service and David Horrigan, an industry analyst covering electronic discovery and information governance for The 451 Group. Daniel Lim of Guidance Software moderated the session.
Ultimately, each of the panel participants admitted that their agency is at least “considering” cloud computing.
Methfessel opened the discussion with what seemed to be the theme of the day by pointing out that government agencies are faced with shrinking budgets. For this reason, he feels that cloud computing has a lot of potential based on its ability to minimize computing costs.
But agencies are proceeding with caution. Bell said that with 104,000 employees that handle some of the country’s most sensitive data including financial, social security and even daycare location information, the IRS is particularly cautious due to its extreme requirements for keeping data safe and private.
On the other hand, some cloud applications make sense in certain situations. The reality is that if you understand your requirements and your risk tolerance, you can safely put just about anything in “the cloud.” Stewart shared that all 17 agencies within the Forest Service already have email in the cloud.
In addition to the cost benefit of cloud computing, flexibility, meaning the ability to elastically turn up or turn down users, capacity, applications, etc. very quickly, is another upside. Methfessel said that he recently had a positive experience using the cloud for e-discovery in which his agency had a time sensitive issue and did not want to go through the normal acquisition process to obtain the added servers and storage needed to fulfill the e-discovery request.
He also pointed out that while there are a lot of great e-discovery tools out there, it’s not always easy to get a group of lawyers to use new tools. With e-discovery in the cloud environment, it is much easier to test these tools before making a purchase decision.
Disaster recovery is an important element of federal agency computing infrastructure and an area where the cloud can help. Analyst Horrigan pointed out that the events of Sept. 11, 2001 and the 2005 New Orleans hurricane, both caused lawyers to lose data that took weeks, months and even years to recover. This data most likely would have been off site and safe if it had been stored in the cloud [with a vendor that provided disaster recovery capabilities].
However, one of the biggest problems with cloud computing, Methfessel of the department of education, pointed out, is the fact that technology moves much more quickly than laws, leaving agencies to figure out how to legally move their infrastructure to cloud computing.
For example, the Federal Records Act was written in 1950 and the Privacy Act was written in 1974, well before ubiquitous computer use, let alone any concept of the “cloud.” These laws, as written, have jurisdiction and other requirements that could hinder some agencies from fully adopting cloud computing. Therefore information and privacy laws must be rewritten to address this new technology.
Brown, of the CFTC, echoed the jurisdiction issues, and emphasized the importance of knowing the cloud architecture of the vendor that you choose before diving in. She recommended examining the service in depth and really understanding what company has possession of your data and where the servers it resides on are physically located.
Another problem that Stewart, of the Forest Service, shared is that when handling e-discovery matters, the Forest Service has to gather mail data in the cloud, but also cull through the legacy data stored at various agencies and ultimately combine the two, which can be a very time-consuming process.
The IRS’s Bell urged the audience to not get swept up in the fervor over the cloud, but to consider cloud computing and how it fits into each agency’s specific model. She echoed Brown’s emphasis on really understanding the cloud by learning what happens to that data in the cloud and who has access to it. Stewart added that it is important to know what your capacity is in terms of being able to reach the data when needed.
Ultimately all of the panel participants agreed that the cloud has many benefits and a great deal of potential. Horrigan of The 451 Group summarized them as the four “Es” – easy, economical, efficient and great in the case of earthquakes (or other disasters). But as with any new technology, it is important to consider a fifth “E” – e-discovery, and your legal obligation to protect and retrieve data in the cloud.