¿Riesgos despejados? Estrategias proactivas como servicio en entornos de <em>Cloud Computing</em>

Manuela Moro-Cabero; Dunia Llanes-Padrón

doi:10.3989/redc.2018.1.467

Authors

Manuela Moro-Cabero Departamento de Biblioteconomía y Documentación. Facultad de Traducción y Documentación. Universidad de Salamanca https://orcid.org/0000-0001-5301-1924
Dunia Llanes-Padrón Departamento de Ciencias de la Información. Facultad de Comunicación. Universidad de La Habana https://orcid.org/0000-0001-8639-4706

DOI:

https://doi.org/10.3989/redc.2018.1.467

Keywords:

records in the Cloud, services in the Cloud, Risks, agreement of services in the Cloud, preservation in the Cloud

Abstract

The increasing use of Cloud Computing services at organizations is an undeniable reality nowadays. Record managers must then adopt a proactive and compromised position, giving advice to users. However, as a consequence of lack of knowledge in the function and regulation of the field, the implementation of those services faces no little confrontation. This descriptive essay, supported by a relevant number of heterogeneous resources, systematizes the menaces of managing and storing information with these services. At the same time, the study establishes a set of action-strategies for both reaching and hiring agreements. The objective of the paper is, therefore, to make the professional aware of the potential of these services as assessing and controlling tools, as well as ensuring the digital continuity and the record resources preservation in the Cloud.

Downloads

Download data is not yet available.

References

Askhoj, J.; Sugimoto, S.; Nagamori, M. (2011). Preserving records in the cloud. Records Management Journal, 21 (3), 175-187. https://doi.org/10.1108/09565691111186858

Asociación Española de Normalización (2014). UNE-ISO/ TR 18128 Información y documentación Apreciación del riesgo en procesos y sistemas de gestión documental. Madrid.

Asociación Española de Normalización (2015). UNE-ISO/TR 14721 Sistema de transferencia de datos e información espaciales. Sistema abierto de información de archivo (OAIS). Modelo de referencia. Madrid.

Asociación Española de Normalización (2015). UNE-ISO 14641-1 Archivo electrónico. Parte 1. Especificaciones para el diseño y funcionamiento de un sistema de información para la preservación de información digital. Madrid.

Asociación Española de Normalización (2016). UNE-ISO 15489-1 Información y documentación. Gestión de documentos. Parte 1: Conceptos y principios. Madrid.

Baset, S. (2012). Cloud SLAs: Present and Future. ACM SIGOPS Operating Systems Review, 46 (2), 57-66. https://doi.org/10.1145/2331576.2331586

Beagrie, N.; Charlesworth, A.; Miller, P. (2014). Guidance on Cloud Storage and Digital Preservation, 40 p. Londres: The National Archives of United Kingdom. Accesible en: http://www.nationalarchives.gov.uk/ documents/archives/cloud-storage-guidance.pdf

Borglund, E. (2015). What about trust in the cloud? Archivist'wiews on Trust. CJILS 39 (2), 114-127.

Brown A.; Fryer, Ch. (2014). Achieving sustainable digital preservation in the cloud. Arxius I industries Culturals, Girona, del 11 al 15 de octubre. Accesible en: http:// www.girona.cat/web/ica2014/ponents/textos/id87.pdf

Bushey, J.; How, E.; McLelland, R. (2015). Trust in Cloud Service Contracts. Annotated Bibliography. InterPARES Trust Project. Research Report, 19 p. Accesible en: https://interparestrust.org/ assets/public/dissemination/NA14_20150505_CloudServiceContracts_NAWorkshop5_ AnnotatedBibliography.pdf

Bushey, J.; Demoulin, M.; McLelland, R.(2015). Cloud Service Contracts: an issue of Trust. CJILS, 39 (2), 128-153.

Bushey, J.; Demoulin, M.; How, E.; McLelland R. (2016). Lista de verificación para los contratos de servicio en la nube. Versión final. Accesible en: https://interparestrust. org/assets/public/dissemination/ABAITRUSTNA14_ FINAL_checklist_julio-29_2016TRAD.AB_.pdf

CAARA-Council of Australasian Archives and Records Authorities. (2010). ADRI. Advice on managing the recordkeeping risks associated with cloud computing. V.1.0 Accesible en: http://www.sro.wa.gov.au/sites/ default/files/adri_cloud_computing.pdf

CAIS -Canadian Association for Information Science (2015). The Canadian Journal of Information and Library Science. Toronto: University of Toronto Press.

Comisión Europea (2014). Cloud Services level Agreement Standardisation Guidelines. Bruselas. Accesible en: https://ec.europa.eu/digital-single-market/en/news/cloud-service-level-agreement-standardisation-guidelines

Cotino-Hueso, L. (2015). Algunas cuestiones clave de protección de datos en la nube. Hacia una regulación nebulosa. Revista Catalana de Dret Públic, 51, 86-103.

European Telecommunications Standards Institute (2012). ETSI/ TR 103 125. V1.1.1 Cloud. SLAs for cloud services. Accesible en: http://www.etsi.org/ deliver/etsi_tr/103100_103199/103125/01.01.01_6 0/tr_103125v010101p.pdf

Giannakouris, K; Smhily, M. (2016). Cloud Computing for business yet to go mainstream in the EU. Eurostat. Cloud computing-Statistics on the use by enterprises. Accesible en: http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_ on_the_use_by_enterprises

Goh, E.; Sengsavang, E. (2016). Survey results on the use of cloud services for records management purposes by international organizations. InterPARES Trust Project. Research Report, 24 p. Accesible en: https:// interparestrust.org/assets/public/dissemination/ TR01_20160928_RMinIOs_TRWorkshop7_ SurveyReport_Final.pdf

Government of South Australia (2015). Cloud Computing and Records Management. Guideline. V.1. State of Records of South Australia, Accesible en: http:// government.archives.sa.gov.au/sites/default/ files/20150706%20Cloud%20Computing%20and%20 Records%20Management%20Final%20V1.pdf

Gulia, P.; Sood, S. (2013). Comparative Analysis of Present Day Clouds Using Service Level Agreements. International Journal of Computer Applications, 71 (3). Accesible en: http://research.ijcaonline.org/volume71/ number3/pxc3888603.pdf https://doi.org/10.5120/12335-8603

Guo, W.; Fan, Y. W.; Li, D. (2015). Archives as a trusted thier party in maintaining and preserving digital records in the cloud environment. Record Management Journal, 26 (2), 170-184. https://doi.org/10.1108/RMJ-07-2015-0028

Hackett, Y.; McLelland, R.; Hurley, G. (2016). Contrat terms with Cloud Service Providers. Final. V.3. Interpares Trust Project. Final Report. https://interparestrust.org/assets/ public/dissemination/NA10_20160130_ContractTerms_ InternationalPlenary3_FinalReport_Final.pdf

InterPares 3Project. (2013). Modulo 8. Introducción al cómputo en la nube. Accesible en: http://interpares. org/ip3/display_file.cfm?doc=ip3_canada_gs12_ module_8_sp.pdf

Instituto Nacional de Estadística (2016). Servicios en la nube. Cifras INE. Boletín informativo, enero. Accesible en: http://www.ine.es/ss/Satellite?L=es_ES&c=INECif rasINE_C&cid=1259949557512&p=1254735116567& pagename=ProductosYServicios%2FPYSLayout

Jansen, A.; Duranti, L. (2013). The InterPARES Trust Project- Trust and Digital Records in an Increasingly Networked Society. INfuture, 2013 The Future of Information Science:"Information Governance", pp. 63-68. Zagreb: University of Zagreb. PMCid:PMC3679730

Leverich, M.; Nalliah, K.; Suderman, J. (2015). Historical Study of Cloud-based Services. Final.2.0. Interpares Trust Project. Research Report. https://interparestrust. org/assets/public/dissemination/NA11_20150109_ HistoricalStudyCloudServices_InternationalPlenary2_ Report_Final.pdf

McKemmish, S. (2013). Recordkeeping and Archiving in the Cloud. Is There a Silver Lining? Actas INfuture, 2013 The Future of Information Science: "Information Governance", pp. 17-29. Zagreb: University of Zagreb. Accesible en: http://infoz.ffzg.hr/INFuture/2013/papers/1-02%20McKemmish,%20Recordkeeping%20and%20Archiving%20in%20the%20Cloud.pdf

McLelland, R.; Hurey, G.; Hackett, Y.; Collins, D. (2014). Agreements between Cloud Service Providers and their Clients: A Review of Contract Terms. Arxius i Industries Culturals, Girona, del 11 al 15 de octubre. Accesible en http://www.girona.cat/web/ica2014/cat/comunicacions.php

McLeod, J.; Gormly, B. (2016). Economic models for cloud storage decision-making: An investigation into the use of economic models for making decisions about using the cloud for records storage. Interpares Trust Project. Research Final Report. Accesible en: https://interparestrust. org/assets/public/dissemination/EU20_20160609_ CloudEconomicModels_EUWorkshop8_FinalReport.pdf

Ministerio de la Presidencia. (2014) Guía de seguridad de las TIC (CCN-STIC-823). Utilización de servicios en la nube. Madrid: Centro Criptológico Nacional. Accesible en: https://www.ccn-cert.cni.es/series-ccn-stic/800-guia-esquema-nacional-de-seguridad/541-ccn-stic- 823-seguridad-en-entornos-cloud/file.html

Oliver, G.; Knight, S. (2015). Storage is a Strategic Issue: Digital Preservation in the Cloud. D-Lib Magazine. The Magazine of Digital Lirary Research, 21 (3/4). Disponible en: http://www.dlib.org/dlib/ march15/oliver/03oliver.html https://doi.org/10.1045/march2015-oliver

Organización Internacional de Normalización (2011). ISO/IEC 27031 Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity. Ginebra.

Organización Internacional de Normalización (2012). ISO/ TR 17068 Information and documentation - Trusted third party repository for digital records. Ginebra.

Organización Internacional de Normalización (2012). ISO/16363 Space data and information transfer systems. Audit and certification of trustworthy digital repositories. Ginebra. (UNE-ISO: 2017).

Organización Internacional de Normalización (2013). ISO/IEC 27002. Information technology. Security techniques. Code of pratice for information Security Controls. Ginebra.

Organización Internacional de Normalización (2014). ISO/ IEC 17788 Information Technology. Cloud computing-over views and vocabulary. Ginebra.

Organización Internacional de Normalización (2014). ISO/ IEC 17789 Information Technology. Cloud computing- Reference arquitecture. Ginebra.

Organización Internacional de Normalización (2014). ISO/IEC 27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. Ginebra.

Organización Internacional de Normalización (2015). ISO/IEC 27017 Information technology. Security techniques. Code of practice information security controls based in ISO/IEC 27002 for cloud services. Ginebra.

Organización Internacional de Normalización (2015). ISO/ IEC 19831 Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol — An Interface for Managing Cloud Infrasructure. Ginebra.

Organización Internacional de Normalización (2016). ISO/IEC DIS 19086-1 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1. Overview and concepts. Ginebra.

Organización Internacional de Normalización (2016). ISO/ IEC 27036-4 Information technology. Security techniques. Information security for supplier relationships. Part 4: Guidelines for security of cloud services. Ginebra.

Ostrzenski, V. (2013). Cloud Computing and Risk: a look at the EU and the aplication of the Data Protection Directive to cloud computing. Infopreneurship Journal, 1 (1), 29-38. Accesible en: http://eprints.rclis.org/20201/1/ Cloud%20Computing%20and%20Risk%2C%20 InfoJour%201%281%29%20pp.29-38%20.pdf

Palma-Villalón, M. V. (2014). La computación en la nube en Europa y en España: una oportunidad de negocio. Revista Transformación Digital. Accesible en: http:// www.revistatransformaciondigital.com/2014/03/18/ httpwww-revistagestiondocumental-com20140317la-computacion-en-la-nube-en-europa-y-en-espana-una-oportunidad-de-negocio/

Pan, W.; Mitchell, G. (2015). Software as a Service (SaaS) Quality Management and Service Level Agreement. Infuture 2015: e-Institutions-Openness, Accessibility and preservation. pp 225-234. Zagreb: University of Zagreb. PMid:25943636

Park, E. (2015). Legal compliance and technical capability for privacy-sensitive data protection in the cloud. Infuture 2015: e-Institutions-Openness, Accessibility and preservation. pp 131- 133. Zagreb: University of Zagreb.

PROV. Public Records Office of Victoria (2013). Guideline. Cloud Computing Decision Making Version Number: 1.0. Accesible en: https://www.prov.vic.gov.au/ recordkeeping-government/document-library/cloud-g2-cloud-computing-tools-guideline

Radack, Sh. (2012). Cloud computing: a review of features, benefits, and risks, and recommendations for secure, efficient implementations. ITL Bulletin, Junio. Accesible en: http://csrc.nist.gov/publications/nistbul/ june-2012_itl-bulletin.pdf

Sobczak, A. (2015). Public cloud archives: dream or reality? CJILS, 39 (2), 228-234.

Sprout, B.; Jordan, M. (2015). Archivemática as a service: COPPUL`S shared digital preservation platform. CJILS, 39 (2), 235-244.

Stancic, H.; Rajh, A.; Milosevic, Y. (2013). Archiving-as-a- Service. Influence of Cloud Computing on the Archival Theory and Practice. En: Duranti, L.; Shaffer, E. (eds.). The Memory of the World in the Digital Age: Digitization and Preservation. UNESCO, 108-125. https://www. researchgate.net/publication/310452684

Stancic, H.; Rajh, A.; Brzica, H. (2015). Archival Cloud Services: portability, continuity, and sustainability. Aspects of long-term preservation of electronically signed records. CJILS, 39 (2), 210-227.