{"id":7873,"date":"2015-11-02T15:09:06","date_gmt":"2015-11-02T21:09:06","guid":{"rendered":"https:\/\/www.tsl.texas.gov\/slrm\/blog\/?p=7873"},"modified":"2025-02-13T08:46:45","modified_gmt":"2025-02-13T14:46:45","slug":"cloud-storage","status":"publish","type":"post","link":"https:\/\/www.tsl.texas.gov\/slrm\/blog\/2015\/11\/cloud-storage\/","title":{"rendered":"Cloud Storage"},"content":{"rendered":"

\"cloud-823723_1280\"What is the Cloud?<\/strong><\/span><\/h2>\n

In our daily consulting, we often get asked questions about using the Cloud as a means of storing records. When we throw around the term \u201ccloud storage,\u201d we\u2019re really talking about cloud computing, which encompasses cloud storage, or \u201crenting\u201d space on a server for storage; but cloud computing is much bigger. According to the National Institute of Standards and Technology (NIST), cloud computing is a \u201cmodel for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction\u201c (NIST<\/a>).<\/p>\n

You\u2019ve probably been using cloud computing without even realizing it. Do you access your email via a login despite your location, or listen to music on your phone without music files taking up its precious storage space? Cloud computing makes these conveniences possible; unsurprisingly, cloud computing promotes availability<\/em>. Services should meet five necessary characteristics to be considered \u201cCloud\u201d: (1) on-demand self-service, (2) broad network access, (3) resource pooling, (4) rapid elasticity, and (5) measured service.<\/p>\n

There are three cloud-computing models that offer a variety of services. Software as a Service (SaaS) provides users with access to applications, like web-based email, without the inherent maintenance and ownership tasks. Platform as a Service (PaaS) offers users access to development tools and services without the ownership or responsibility of management, like an operating system, web server, or database. Infrastructure as a Service (IaaS) grants users access to services on-demand that keep a system operational, like security, backup, and storage.<\/p>\n

In today\u2019s post we\u2019ll focus on the IaaS model of cloud computing because this is the model for which state and local governments will contract cloud storage through. This service model allows the consumer, you and your government entity in this case, the ability to supplement your resources where they are lacking, perhaps in processing power,storage, or networks. The convenience and pay-for-what-you-need structure means the consumer does not control or manage the underlying cloud infrastructure.<\/p>\n

What does TSLAC say?<\/span><\/strong><\/h2>\n

TSLAC\u2019s publications and bulletins do not strictly address cloud storage requirements and suggestions. However there are some conclusions we can draw from what the publications do say.<\/p>\n

No matter where records are being stored, you still have responsibilities when it comes to record maintenance, storage conditions, and disposition. Namely, records cannot be destroyed before their retention period expires or compromised and changed due to migration, or changes in technology.<\/p>\n

According to Bulletin B, local governments<\/em> are responsible for ensuring records remain accessible as well as accurate and complete up until authorized destruction (13 Texas Administrative Code \u00a7 7.76<\/a>). This means establishing a migration strategy to avoid technology obsolescence. Records need to be accessible not only to the government entity, but also to the public they serve, no matter what type of electronic recordkeeping system the records exist within (13 Texas Administrative Code \u00a77.79<\/a>).<\/p>\n

Title 13 Texas Administrative Code \u00a77.76(b)<\/a> more specifically outlines how backup electronic media stored offsite must be maintained. Although these rules apply specifically to magnetic tapes and optical disks, the minimum requirements can easily be considered for the environmental conditions for offsite storage servers. When it comes to final disposition of electronic records, state agencies\u00a0<\/a>and local governments<\/a> follow different administrative rules; however, they essentially give the same message.<\/p>\n

For local governments, don’t destroy records unless you’re in compliance with \u00a0Local Government Code, Section 202.001<\/a>\u00a0or\u00a0Government Code Section 441.187(a)<\/a>\u00a0and even then, make sure any confidential information contained within records is appropriately protected.<\/p>\n

For state governments, there’s an added responsibility for archival records. In the event of an archival<\/em> electronic state record, the agency must maintain\u00a0the record’s accessibility\u00a0even through hardware and software changes (Section 6.95(b)<\/a>).<\/p>\n

Concerns<\/span><\/strong><\/h2>\n

Despite these requirements and procedures included in the administrative code and law, there are important potential problems and pitfalls to take into account when considering cloud storage.\u00a0NARA Bulletin 2010-05<\/a>\u00a0and “Governance for Protecting Information in the Cloud”<\/a>\u2020 identify many of these challenges.<\/p>\n

These challenges include matters of security<\/strong> during deletion of confidential information or protection against access. Records may contain personally identifiable information.<\/p>\n