Mapping and collecting data stored in an IaaS environment
As companies start to fully realize cost savings from outsourcing infrastructure, Fortune 1000 companies use of IaaS servicesAmazon Web Services and Cisco CloudVerse, for example,is rapidly increasing.
June 15, 2012 at 05:30 AM
8 minute read
The original version of this story was published on Law.com
In this three-part series, we will discuss some of the challenges and issues companies must recognize when litigation arises and the time comes to identify and map potentially relevant data that is stored with Infrastructure-as-a-Service (IaaS) providers. Some of the key issues that will be addressed arise from what, on the surface, appear to be simple questions:
- Who has my data?
- What control do I have over my data?
- Where is my data being stored?
We will also discuss specific steps that can be taken to collect data stored in the cloud order to defend the authenticity of that data.
As companies start to fully realize cost savings from outsourcing infrastructure, Fortune 1000 companies' use of IaaS services—Amazon Web Services and Cisco CloudVerse, for example,—is rapidly increasing. This paradigm shift away from onsite computing and data storage changes the way companies need to map their data to be prepared for possible litigation and changes how data will be collected in these instances.
Before getting into the nuts and bolts of identifying and subsequently collecting data in an IaaS environment, it makes sense to spend a little time discussing exactly what we mean by an IaaS environment. The National Institute of Standards and Technology defines the IaaS service model as follows:
“The capability provided to the consumer is to provision processing, storage, networks, and other Fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possible limited control of select networking components (e.g. host firewalls).”
So what we are seeing in an IaaS environment is that the approach is to move away from viewing computing equipment (workstations, servers, etc.) as physical assets to now viewing them as services to be provisioned when required. This is where significant cost savings can come into play, as organizations can now provision and equip computing resources on an as-needed basis, rather than worry about continuously purchasing new gear to replace older equipment.
In order to better understand the IaaS environment for when we discuss the identification and collection of data in parts two and three of this series, it may be better to review a case study that takes the abstract concept described above and puts it into a real-world scenario.
The mission of the Defense Information Systems Agency (DISA) is to provide a “globally accessible enterprise information infrastructure” to support the U.S. Armed Forces, and other national leaders. In that respect, their function is similar to the IT department in a large, multinational corporation.
To carry out its mission in a more efficient manner, DISA switched from a physical computing environment to an IaaS environment called Rapid Access Computing Environment (RACE). A concrete example of the savings and efficiency brought about by RACE is that provisioning new server space for users, which was a task that required three to six weeks in the old physical environment, now took only 24 hours.
While the efficiency and savings seen by the switch to RACE is certainly worth noting, of more importance for our discussion is that the data that was housed on hundreds of servers in disparate locations was migrated to the cloud and housed in a much smaller number of data centers. In this case, DISA implemented a private IaaS environment rather than use a commercial provider, but the basic concept of reducing the number of physical servers is the same as in a commercial implementation of an IaaS environment.
This fundamental switch from having data located on physical equipment located within an organization's facilities, and therefore readily identified, to having data exist on virtual machines located on servers in multiple data centers spread across the country (or across the world in the case of Amazon Web Services and Google Apps services) brings up our first real challenge in dealing with data stored in an IaaS environment—exactly where is it located?
In this three-part series, we will discuss some of the challenges and issues companies must recognize when litigation arises and the time comes to identify and map potentially relevant data that is stored with Infrastructure-as-a-Service (IaaS) providers. Some of the key issues that will be addressed arise from what, on the surface, appear to be simple questions:
- Who has my data?
- What control do I have over my data?
- Where is my data being stored?
We will also discuss specific steps that can be taken to collect data stored in the cloud order to defend the authenticity of that data.
As companies start to fully realize cost savings from outsourcing infrastructure, Fortune 1000 companies' use of IaaS services—
Before getting into the nuts and bolts of identifying and subsequently collecting data in an IaaS environment, it makes sense to spend a little time discussing exactly what we mean by an IaaS environment. The National Institute of Standards and Technology defines the IaaS service model as follows:
“The capability provided to the consumer is to provision processing, storage, networks, and other Fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possible limited control of select networking components (e.g. host firewalls).”
So what we are seeing in an IaaS environment is that the approach is to move away from viewing computing equipment (workstations, servers, etc.) as physical assets to now viewing them as services to be provisioned when required. This is where significant cost savings can come into play, as organizations can now provision and equip computing resources on an as-needed basis, rather than worry about continuously purchasing new gear to replace older equipment.
In order to better understand the IaaS environment for when we discuss the identification and collection of data in parts two and three of this series, it may be better to review a case study that takes the abstract concept described above and puts it into a real-world scenario.
The mission of the Defense Information Systems Agency (DISA) is to provide a “globally accessible enterprise information infrastructure” to support the U.S. Armed Forces, and other national leaders. In that respect, their function is similar to the IT department in a large, multinational corporation.
To carry out its mission in a more efficient manner, DISA switched from a physical computing environment to an IaaS environment called Rapid Access Computing Environment (RACE). A concrete example of the savings and efficiency brought about by RACE is that provisioning new server space for users, which was a task that required three to six weeks in the old physical environment, now took only 24 hours.
While the efficiency and savings seen by the switch to RACE is certainly worth noting, of more importance for our discussion is that the data that was housed on hundreds of servers in disparate locations was migrated to the cloud and housed in a much smaller number of data centers. In this case, DISA implemented a private IaaS environment rather than use a commercial provider, but the basic concept of reducing the number of physical servers is the same as in a commercial implementation of an IaaS environment.
This fundamental switch from having data located on physical equipment located within an organization's facilities, and therefore readily identified, to having data exist on virtual machines located on servers in multiple data centers spread across the country (or across the world in the case of
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllRecent Layoff/Callback Litigation Underscores Perils Employers Face From Every Direction
5 minute readOld Laws, New Tricks: Lawyers Using Patchwork of Creative Legal Theories to Target New Tech
In-House Gurus Say Inattention to Human Side of Tech Adoption Can Derail Best-Laid Plans
5 minute readNike Promotes Legal Chief to Marketing Chief as New CEO Launches Turnaround
Trending Stories
- 1Infant Formula Judge Sanctions Kirkland's Jim Hurst: 'Overtly Crossed the Lines'
- 2Preparing Your Law Firm for 2025: Smart Ways to Embrace AI & Other Technologies
- 3Mass. Judge Declares Mistrial in Talc Trial: 'Court Can't Accommodate This Case'
- 4It's Time Law Firms Were Upfront About Who Their Salaried Partners Are
- 5Greenberg Traurig Initiates String of Suits Following JPMorgan Chase's 'Infinite Money Glitch'
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250