Barbara Endicott-Popovsky and Joe Tennis are two of eight named to research the benefits and security risks of keeping records in a cloud computing environment.
The Social Sciences and Humanities Research Council of Canada grant will fund the project through 2016.
Principal investigator Luciana Duranti (SLAIS-University of British Columbia), and Co-investigators Victoria Lemieux (SLAIS-University of British Columbia, Anthony Sheppard (Law-University of British Columbia), Ronald Cenfetelli (Sauder School of Business, University of British Columbia), Barbara Endicott-Popovsky (iSchool-University of Washington), Joe Tennis (iSchool-University of Washington), Richard Marciano (SILS-University of North Carolina at Chapel Hill) and Erik Borglund (AIMS-Mid-Sweden University) will research the benefits and risks of keeping records in the cloud by addressing the following research questions:
- How can confidentiality of organizational records and data privacy be protected in the cloud?
- How can forensic readiness of an organization be maintained, compliance ensured, and ediscovery requests fully met in the cloud?
- How can an organization's records accuracy, reliability, and authenticity (i.e., identity and integrity) be guaranteed and verifiable in the cloud?
- How can an organization's records and information security be enforced in the cloud?
- How can an organization maintain governance upon the records entrusted to the cloud?
These questions arise directly from the findings of previous research and conducted in the context of the InterPARES Project (www.interpares.org) and the answers to them will support the achievement of the objectives of the proposed project, which are:
- To identify and examine in depth the management, operational, legal, and technical issues surrounding the storage and management of records in the cloud;
- To determine what formal policies and procedures a Cloud Services Provider (CSP) should have in place for fully implementing the records/archives management regime of the organization outsourcing the records, and for responding promptly to its needs;
- To determine what formal policies and procedures a CSP should have in place for detecting, identifying, analyzing and responding to incidents;
- To develop a methodology and an instrument for assessing the risks and benefits of outsourcing records/archives storage and processing to a CSP;
- To develop guidelines for contractual agreements between organizations and CSPs, and for certifications and attestations by CSP; and
- To develop policy and procedural models for the integration of outsourcing to the cloud with an organization's records management and information governance programs, or archival preservation program.
This project intends to build on the findings of the three phases of InterPARES (199902012) and to initiate a new phase called InterPARES-Trust.