Imagine a world where every individual in every organization on any device can run any operating system. Seems unlikely, right? Well, that far-stretched world is here, the one we’re currently living in, and in the recent GovLoop online training, “The Real Journey to the Cloud,” expert panelists discussed the five actors of the cloud and their cross-cutting concerns from a security and privacy point of view. We also shared how Microsoft looks to blur the world between work and life experience with a great case study example from Illinois Department of Healthcare and Family Services
Looking back at how the cloud trekked through the early 2000s to now, the cloud has blossomed to become part of our daily lexicon, according to Anil Karmel, Founder and CEO of C2 Labs and Former Deputy Chief Technology Officer of National Nuclear Security Administration (NNSA), and he had the numbers to prove it. Total worldwide addressable market for cloud computing reached almost $160 billion in 2014, a dramatic increase from just three years prior – (126.5% increase from 2011), and by 2016, it will grow to become the bulk of new IT spend.
But, we can’t talk about cloud without security and risk. Compared to 2006, cybercrimes have increased by 782%, with malware activity occurring every three minutes. So how can we find the right balance between security and risk as we move to the cloud? Karmel discussed NIST’s Cloud-adapted Risk Management Framework that gives consumers the ability and need to understand what controls they own and manage. These six-steps are the “vehicle to quantify risks,” according to Karmel. There are split control and responsibilities, and a consumer will own less than the provider as they go up the stack of a cloud’s ecosystem: infrastructure, platform and software as a service.
Step 1: Categorize System to be migrated/deployed
Step 2: Identify Security Requirements, perform a Risk Assessment & select Security Controls
Step 3: Select best-fitting Cloud Architecture
Step 4: Assess Service Provider(s) & Controls
Step 5: Authorize Use of Service
Step 6: Monitor Service Provider (on-going, near real-time)
To find the right balance of security and privacy as you think about revolutionizing your data center, think of the design of security like a M&M, “very hard on the outside and soft and chewy on the inside; security baked down in the core based on the sensitivity of your information,” said Karmel.
Security and risk are only two barriers to consider when implementing the cloud. Stephen F.DePooter, Chief Information Officer for the Illinois Department of Healthcare and Family Services, discussed how time, risk, resources and cost factored into his decision to use Microsoft Dynamics CRM Online cloud solution when faced with implementing a complete replacement for their existing application.
DePooter shared that the solution needed to been accessible to the State of Illinois and 3rd party providers in remote locations, secured and kept up to date on a regular basis to keep up with security standards, and flexible enough to allow for rapid changes to keep up with the pace of state and federal regulations. Taking all of this into consideration and with the help of Microsoft, a three year plan turned into 12 weeks. The result: minimal customization (which lowered risk), and an increase in data transparency by configuring additional solutions across programs versus creating custom vertical solutions per program.
Microsoft manages the cloud service for DePooter and his state staff, allowing them to focus on configuration and integration, providing better customer service. This is just one showcase of what Susie Adams, Chief Technology Officer of Microsoft’s Federal government business, described as Microsoft’s plan to move to a mobile-first and cloud-first world, with their products and services helping information workers achieve their mission goals. Adams thinks of the cloud in five tenants:
- Most complete cloud designed for government
- Flexible, hyper-scale and focus on mission
- Open platform for development flexibility
- Rigorous security and compliance
- The right personal experience trusted in cloud
Learn more about how Microsoft has helped federal agencies and its CRM solution, as their goal is to be open and transparent as possible through the whole process, by listening to the on-demand version here.