September 08, 2010

TO: Heads of Federal agencies

SUBJECT:   Guidance on Managing Records in Cloud Computing Environments

EXPIRATION DATE: September 30, 2013
WRITTEN BY: David S. Ferriero, Archivist of the United States

1. What is the purpose of this bulletin?

This bulletin addresses records management considerations in cloud computing environments and is a formal articulation of NARA’s view of agencies’ records management responsibilities. As agencies are increasingly evaluating, piloting, and adopting these technologies, they must comply with all Federal records management laws, regulations, and policies.

2. How does this bulletin differ from “Frequently Asked Questions about Managing Federal Records in Cloud Computing Environments”?

NARA issued an FAQ in February 2010 to provide agencies with a basic overview of cloud computing. This bulletin expands on that discussion by including a more detailed definition, Federal agency examples of cloud computing, records management guidelines, and contract language to consider when procuring cloud computing services.

3. What is cloud computing?

Cloud computing is a technology that allows users to access and use shared data and computing services via the Internet or a Virtual Private Network. It gives users access to resources without having to build infrastructure to support these resources within their own environments or networks.

General interpretations of cloud computing include “renting” storage space on another organization’s servers or hosting a suite of services. Other interpretations of cloud computing reference particular social media applications, cloud-based e-mail, and other types of Web applications. However, the National Institute of Standards and Technology (NIST) has been designated to develop standards and guidelines for the Federal cloud computing effort and to provide an authoritative definition.

NIST defines cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (NIST Definition of Cloud Computing, Version 15, 10-07-2009) NIST has stated that the definition of Cloud Computing is evolving. The user should consult the most current definition available from NIST and other resources.
NIST also identifies five essential characteristics of cloud computing:

On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.

Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.

Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.

Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

(NIST Definition of Cloud Computing, Version 15, 10-07-2009)

The terminology above is used in the IT community and by NIST to describe characteristics of cloud computing.

4. What are cloud computing service and deployment models?

 

Return on Investment (ROI) is at the heart of every significant business decision.

 

 In the simplest of terms it is a measure of what you get for what you give.

 

Research by Ohio State University found that 4 out of 5 buyers seek “value” before price. In other words, most people will give more to get more. “Value” includes Quality, Flexibility of the offering and Availability all as a function of Price. “Quality” means the product delivers what is required (or wanted) and does what is promised. Economists call this the “Law of Marginal Utility.” For the rest of us, it means what blows your hair back won’t necessarily interest the next guy.  When we talk about ROI, we have to keep it in the context of what is important to the buyer.

 

What are businesses requiring today?

 

 First, they want more customers and more sales. That is pretty well true no matter what the economic conditions are. Beyond that, however, is that business today is desperately seeking ways to engineer cost out of the business. Most of the improved earnings reports are the result of cost reductions. And while cost reduction began as a way to respond to the recession, evidence suggests that it is quickly becoming a permanent part of business culture.

 

With a paper-based invoice processing system the company incurs a significant “cost” in handling paper, but it is difficult to quantify the short-run cash savings. Creating a long-run “saving” by installing imaging, for example, doesn’t add value if I still have the floor space, the employees and all my other out-of-pocket expenses. The value may be intrinsic, but few businesses are investing today based upon intangible value. The CFO will say “Show me the money!”

 

FileBound offers a rare opportunity to eliminate work at a value-based price.  A major task in the AP department is entering data from paper invoices into the Accounting System. Typical information entered is a vendor name, purchase order number, invoice number, payment due date and general ledger account code (s) and total due. Because this information is normally put into the accounting system after all processing and approvals, other logging and data entry of the invoice typically takes place before the invoice is ready for entry to the accounting system.

 

With FileBound all of this changes. Invoices are scanned immediately upon arrival. The needed information is electronically picked up off the invoice and captured eliminating data entry and other manual tasks to a fraction of the time normally required. Routing and review of invoices is all handled electronically, eliminating hand routing and handling of the invoices. Finally, the scanned information is automatically imported into the general ledger accounting system and invoices can be paid without further data entry.

 

Best of all, not only is the work more efficient, much of the original work (key entering data) is gone forever. This provides the opportunity to either repurpose staff to cash-producing work (such as AR collections and sales proposal follow-ups) or eliminate head count. Either way, the business gets cash returns for the investment.

 

Added benefits include improved accuracy and reduced mailing expense. Errors in data entry create extra work and cost. With FileBound , that problem is gone forever because the information is picked up electronically from the invoice. Invoices received at field offices are now scanned eliminating mailing or courier expense.

 

High value for a low price with FileBound – an easy ROI!

 

Record Storage Systems can show you a demo of the FileBound document management system.  Call 704/588-2820 to schedule.