¿Riesgos despejados?estrategias proactivas como servicio en entornos de Cloud Computing

  1. Manuela Moro-Cabero 1
  2. Dunia Llanes-Padrón 2
  1. 1 Universidad de Salamanca, España
  2. 2 Universidad de La Habana, Cuba
Journal:
Revista española de documentación científica

ISSN: 0210-0614 1988-4621

Year of publication: 2018

Volume: 41

Issue: 1

Type: Article

DOI: 10.3989/REDC.2018.1.467 DIALNET GOOGLE SCHOLAR lock_openOpen access editor

More publications in: Revista española de documentación científica

Abstract

The increasing use of Cloud Computing services at organizations is an undeniable reality nowadays. Record managers must then adopt a proactive and compromised position, giving advice to users. However, as a consequence of lack of knowledge in the function and regulation of the field, the implementation of those services faces no little confrontation. This descriptive essay, supported by a relevant number of heterogeneous resources, systematizes the menaces of managing and storing information with these services. At the same time, the study establishes a set of action-strategies for both reaching and hiring agreements. The objective of the paper is, therefore, to make the professional aware of the potential of these services as assessing and controlling tools, as well as ensuring the digital continuity and the record resources preservation in the Cloud.

Funding information

The Coimbra Group Universities (Reference: CG-477.488.939, Brochure 2017-LLanes-Padrón) Financing Agency has funded this work through its scholarship program for academics and researchers from Latin America, which has granted Mrs. Dunia Llanes Padrón.

Funders

Bibliographic References

  • Bushey, J.; How, E.; McLelland, R. (2015). Trust in Cloud Service Contracts. Annotated Bibliography. InterPARES Trust Project. Research Report, 19 p. Accesible en: https://interparestrust.org/ assets/public/dissemination/NA14_20150505_ C l o u d S e r v i c e C o n t r a c t s _ N A W o r k s h o p 5 _ AnnotatedBibliography.pdf
  • Bushey, J.; Demoulin, M.; McLelland, R.(2015). Cloud Service Contracts: an issue of Trust. CJILS, 39 (2), 128-153. https://doi.org/10.1353/ils.2015.0009
  • Bushey, J.; Demoulin, M.; How, E.; McLelland R. (2016). Lista de verificación para los contratos de servicio en la nube. Versión final. Accesible en: https://interparestrust. org/assets/public/dissemination/ABAITRUSTNA14_ FINAL_checklist_julio-29_2016TRAD.AB_.pdf
  • CAARA-Council of Australasian Archives and Records Authorities. (2010). ADRI. Advice on managing the recordkeeping risks associated with cloud computing. V.1.0 Accesible en: http://www.sro.wa.gov.au/sites/ default/files/adri_cloud_computing.pdf
  • CAIS -Canadian Association for Information Science (2015). The Canadian Journal of Information and Library Science. Toronto: University of Toronto Press.
  • Comisión Europea (2014). Cloud Services level Agreement Standardisation Guidelines. Bruselas. Accesible en: https://ec.europa.eu/digital-singlemarket/en/news/cloud-service-level-agreementstandardisation-guidelines
  • Cotino-Hueso, L. (2015). Algunas cuestiones clave de protección de datos en la nube. Hacia una regulación nebulosa. Revista Catalana de Dret Públic, 51, 86-103.
  • European Telecommunications Standards Institute (2012). ETSI/ TR 103 125. V1.1.1 Cloud. SLAs for cloud services. Accesible en: http://www.etsi.org/ deliver/etsi_tr/103100_103199/103125/01.01.01_6 0/tr_103125v010101p.pdf
  • Giannakouris, K; Smhily, M. (2016). Cloud Computing for business yet to go mainstream in the EU. Eurostat. Cloud computing-Statistics on the use by enterprises. Accesible en: http://ec.europa.eu/eurostat/statisticsexplained/index.php/Cloud_computing_-_statistics_ on_the_use_by_enterprises
  • Goh, E.; Sengsavang, E. (2016). Survey results on the use of cloud services for records management purposes by international organizations. InterPARES Trust Project. Research Report, 24 p. Accesible en: https:// interparestrust.org/assets/public/dissemination/ T R 0 1 _ 2 0 1 6 0 9 2 8 _ R M i n I O s _ T R Wo r k s h o p 7 _ SurveyReport_Final.pdf
  • Government of South Australia (2015). Cloud Computing and Records Management. Guideline. V.1. State of Records of South Australia, Accesible en: http:// government.archives.sa.gov.au/sites/default/ files/20150706%20Cloud%20Computing%20and%20 Records%20Management%20Final%20V1.pdf
  • Gulia, P.; Sood, S. (2013). Comparative Analysis of Present Day Clouds Using Service Level Agreements. International Journal of Computer Applications, 71 (3). Accesible en: http://research.ijcaonline.org/volume71/ number3/pxc3888603.pdf
  • Guo, W.; Fan, Y. W.; Li, D. (2015). Archives as a trusted thier party in maintaining and preserving digital records in the cloud environment. Record Management Journal, 26 (2), 170-184. https://doi.org/10.1108/RMJ-07-2015-0028
  • Hackett, Y.; McLelland, R.; Hurley, G. (2016). Contrat terms with Cloud Service Providers. Final. V.3. Interpares Trust Project. Final Report. https://interparestrust.org/assets/ public/dissemination/NA10_20160130_ContractTerms_ InternationalPlenary3_FinalReport_Final.pdf
  • InterPares 3Project. (2013). Modulo 8. Introducción al cómputo en la nube. Accesible en: http://interpares. org/ip3/display_file.cfm?doc=ip3_canada_gs12_ module_8_sp.pdf
  • Instituto Nacional de Estadística (2016). Servicios en la nube. Cifras INE. Boletín informativo, enero. Accesible en: http://www.ine.es/ss/Satellite?L=es_ES&c=INECif rasINE_C&cid=1259949557512&p=1254735116567& pagename=ProductosYServicios%2FPYSLayout
  • Jansen, A.; Duranti, L. (2013). The InterPARES Trust ProjectTrust and Digital Records in an Increasingly Networked Society. INfuture, 2013 The Future of Information Science:“Information Governance”, pp. 63-68. Zagreb: University of Zagreb.
  • Leverich, M.; Nalliah, K.; Suderman, J. (2015). Historical Study of Cloud-based Services. Final.2.0. Interpares Trust Project. Research Report. https://interparestrust. org/assets/public/dissemination/NA11_20150109_ HistoricalStudyCloudServices_InternationalPlenary2_ Report_Final.pdf
  • McKemmish, S. (2013). Recordkeeping and Archiving in the Cloud. Is There a Silver Lining? Actas INfuture, 2013 The Future of Information Science: “Information Governance”, pp. 17-29. Zagreb: University of Zagreb. Accesible en: http://infoz.ffzg.hr/INFuture/2013/ papers/1-02%20McKemmish,%20Recordkeeping%20 and%20Archiving%20in%20the%20Cloud.pdf
  • McLelland, R.; Hurey, G.; Hackett, Y.; Collins, D. (2014). Agreements between Cloud Service Providers and their Clients: A Review of Contract Terms. Arxius i Industries Culturals, Girona, del 11 al 15 de octubre. Accesible en http://www.girona.cat/web/ica2014/cat/comunicacions.php
  • McLeod, J.; Gormly, B. (2016). Economic models for cloud storage decision-making: An investigation into the use of economic models for making decisions about using the cloud for records storage. Interpares Trust Project. Research Final Report. Accesible en: https://interparestrust. org/assets/public/dissemination/EU20_20160609_ CloudEconomicModels_EUWorkshop8_FinalReport.pdf
  • Ministerio de la Presidencia. (2014) Guía de seguridad de las TIC (CCN-STIC-823). Utilización de servicios en la nube. Madrid: Centro Criptológico Nacional. Accesible en: https://www.ccn-cert.cni.es/series-ccn-stic/800
  • Oliver, G.; Knight, S. (2015). Storage is a Strategic Issue: Digital Preservation in the Cloud. D-Lib Magazine. The Magazine of Digital Lirary Research, 21 (3/4). Disponible en: http://www.dlib.org/dlib/ march15/oliver/03oliver.html
  • Organización Internacional de Normalización (2011). ISO/IEC 27031 Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity. Ginebra.
  • Organización Internacional de Normalización (2012). ISO/ TR 17068 Information and documentation Trusted third party repository for digital records. Ginebra.
  • Organización Internacional de Normalización (2012). ISO/16363 Space data and information transfer systems. Audit and certification of trustworthy digital repositories. Ginebra. (UNE-ISO: 2017).
  • Organización Internacional de Normalización (2013). ISO/IEC 27002. Information technology. Security techniques. Code of pratice for information Security Controls. Ginebra.
  • Organización Internacional de Normalización (2014). ISO/ IEC 17788 Information Technology. Cloud computingover views and vocabulary. Ginebra.
  • Organización Internacional de Normalización (2014). ISO/ IEC 17789 Information Technology. Cloud computingReference arquitecture. Ginebra.
  • Organización Internacional de Normalización (2014). ISO/IEC 27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. Ginebra.
  • Organización Internacional de Normalización (2015). ISO/IEC 27017 Information technology. Security techniques. Code of practice information security controls based in ISO/IEC 27002 for cloud services. Ginebra.
  • Organización Internacional de Normalización (2015). ISO/ IEC 19831 Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol — An Interface for Managing Cloud Infrasructure. Ginebra.
  • Organización Internacional de Normalización (2016). ISO/IEC DIS 19086-1 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1. Overview and concepts. Ginebra.
  • Organización Internacional de Normalización (2016). ISO/ IEC 27036-4 Information technology. Security techniques. Information security for supplier relationships. Part 4: Guidelines for security of cloud services. Ginebra.
  • Ostrzenski, V. (2013). Cloud Computing and Risk: a look at the EU and the aplication of the Data Protection Directive to cloud computing. Infopreneurship Journal, 1 (1), 29-38. Accesible en: http://eprints.rclis.org/20201/1/ Cloud%20Computing%20and%20Risk%2C%20 InfoJour%201%281%29%20pp.29-38%20.pdf
  • Palma-Villalón, M. V. (2014). La computación en la nube en Europa y en España: una oportunidad de negocio. Revista Transformación Digital. Accesible en: http:// www.revistatransformaciondigital.com/2014/03/18/ httpwww-revistagestiondocumental-com20140317lacomputacion-en-la-nube-en-europa-y-en-espanauna-oportunidad-de-negocio/
  • Pan, W.; Mitchell, G. (2015). Software as a Service (SaaS) Quality Management and Service Level Agreement. Infuture 2015: e-Institutions-Openness, Accessibility and preservation. pp 225-234. Zagreb: University of Zagreb. https://doi.org/10.17234/INFUTURE.2015.26
  • Park, E. (2015). Legal compliance and technical capability for privacy-sensitive data protection in the cloud. Infuture 2015: e-Institutions-Openness, Accessibility and preservation. pp 131-133. Zagreb: University of Zagreb. https://doi.org/10.17234/INFUTURE.2015.15
  • PROV. Public Records Office of Victoria (2013). Guideline. Cloud Computing Decision Making Version Number: 1.0. Accesible en: https://www.prov.vic.gov.au/ recordkeeping-government/document-library/cloudg2-cloud-computing-tools-guideline
  • Radack, Sh. (2012). Cloud computing: a review of features, benefits, and risks, and recommendations for secure, efficient implementations. ITL Bulletin, Junio. Accesible en: http://csrc.nist.gov/publications/nistbul/ june-2012_itl-bulletin.pdf
  • Sobczak, A. (2015). Public cloud archives: dream or reality? CJILS, 39 (2), 228-234. https://doi. org/10.1353/ils.2015.0014
  • Sprout, B.; Jordan, M. (2015). Archivemática as a service: COPPUL`S shared digital preservation platform. CJILS, 39 (2), 235-244. https://doi.org/10.1353/ ils.2015.0016
  • Stancic, H.; Rajh, A.; Milosevic, Y. (2013). Archiving-as-aService. Influence of Cloud Computing on the Archival Theory and Practice. En: Duranti, L.; Shaffer, E. (eds.). The Memory of the World in the Digital Age: Digitization and Preservation. UNESCO, 108-125. https://www. researchgate.net/publication/310452684
  • Stancic, H.; Rajh, A.; Brzica, H. (2015). Archival Cloud Services: portability, continuity, and sustainability. Aspects of long-term preservation of electronically signed records. CJILS, 39 (2), 210-227. https://doi. org/10.1353/ils.2015.0012