President Obama is pushing cloud computing and the U.S. government has created an app store (Apps.gov). Yet federal officials still have plenty of questions and concerns surrounding security on the cloud. A recent PCWorld magazine article cited a GAO report that was released this week that listed several security concerns — among them, vendors using ineffective security practices, agencies not able to examine the security controls of cloud suppliers , criminals targeting data-rich clouds, and agencies losing access to their data if the relationship with a vendor ends.
The report apparently is in response to federal agencies embracing the cloud too passionately, if I can use that term in connection with the government. Cloud computing will give the U.S. government multiple benefits, including much lower IT costs. But agencies are migrating their data to the cloud before the White House Office of Management and Budget (OMB) and supporting agencies have developed a government-wide security strategy, Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO), was quoted saying in the article.
And the government is taking action to address security issues. For one, several agencies have joined a new effort called the Federal Risk and Authorization Management Pilot program (FedRAMP) in order to develop security and certification standards.
In the piece, Mike Bradshaw, director of Google Federal, stated his firm belief that the cloud would actually improve data security for the government, as Cloud vendors store data on multiple servers in multiple locations — making it difficult for cybercriminals to target one location, he said. Redundancy also means agencies are protected against data loss. “The cloud enhances security by enabling data to be stored centrally with continuous and automated network analysis and protection,” Bradshaw said. “When vulnerabilities are detected they can be managed more rapidly and uniformly. Cloud security is able to respond to attacks more rapidly by reducing the time it takes to install patches on thousands of individual desktops or hundreds of uniquely configured on-premise servers.”
Another point: use of cloud computing will help the government reduce the number of data centers that it uses, helping to save money. Over the past 10 years, the number of government data centers rose from about 430 to 1,100. An April study by the Brookings Institution found that U.S. agencies can save 25% to 50% of IT costs by moving to cloud computing, according to the article.
OK, so security is still an issue — especially in light of some very public platform failures. But I don’t think the government will ever consider abandoning cloud computing initiatives, considering how far it’s come, and how vocal it’s been for its advancement. Yet, clearly, security remains on the minds of the U.S. government, but also the private sector.
And until we all come up with some industry-wide standards, the safest bet is for both government and private industry to employ cloud-based IT monitoring solutions to track the performance of third parties (what everybody is worried about in the first place) who are entrusted with clients’ private data. Monitoring solutions can take care of important tasks like checking on cloud platform up-time and SLAs as well as notify you of breaches and downtime.
There’s plenty of evidence out there dramatizing how monitoring solutions have benefited companies. Why not take some time to check out the stories?