In today’s GovWin webinar, “To the Cloud!,” a range of experts concurred: Cloud computing is no passing fad. The government agrees: Federal, state and local governments are clamoring for cloud services and guidance.
The panel, which included a range of industry experts, discussed cloud computing as a concept, its security implications and what contractors can do to get involved.
Watch the Cloud Executive Roundtable Video Below
Cloud computing offers major advantages for government agencies even beyond the immediate cost, energy and environmental benefits. Agencies with no previous redundancy or facility control for data storage will both as they move data sets to the cloud, putting them on a level with security-conscious agencies such as the Department of Defense. Small agencies can get the same technology, security and services as major ones at the same price point.
Security and the Cloud
The government says that three factors will be required to make the cloud work: security, interoperability and portability.
The security debate for cloud computing is “just warming up.” Chris Mankle, CTO and Vice President of Innovation at ACS, thinks that the concept of “security” will be replaced with that of “trust” and networks of trusted entities. Government moves to the cloud may even have an unexpected side effect: Security could get tighter across the board as new security initiatives affect all government computing. “You’re going to see security get higher where it was lax before,” said Ted Brufke, U.S. Software as a Service (SaaS) Sales Leader, IBM.
A poll of webinar attendees was evenly split when asked whether moving to the cloud would make the government more secure, less secure, or neither.
Though community clouds are perceived to be the most secure, the experts — and the audience, when polled — agreed that there are no major differences in security between cloud types. Bill Perlowitz, Vice President of Advanced Technology at Apptis, said, “A leak is a leak. It doesn’t matter what type of cloud it came from.” Mankle cautioned that “We get focused on Internet security, but USB is always an issue. Maybe devices [that connect to the cloud] don’t always need to have USB.”
Identity management is still an issue with government use of cloud computing; Homeland Security Presidential Directive 12 (HSPD-12) “appears not to have been the answer.” Whether there will be a government-wide solution anytime soon is unknown, but in general, “you use whatever you’d normally use when working with the private sector,” said Perlowitz. The cloud “doesn’t really change the way you do business.” The resources are shared, but all other factors remain the same.
Chief security officers at agencies are still responsible for their data, whether it is housed on site or remotely. “You can scatter the data where you want, but it will all be in hardened data centers,” Brufke said.
Some agencies will use the National Institute of Standards and Technology (NIST) security guidelines released this week [PDF]; others will add to them as needed. Perlowitz pointed out that the continuous monitoring required by FedRAMP also provides a minimal level of security.
The government is also looking to implement security solutions that private-sector organizations such as Amazon have been using in cloud computing for years. The NIST has five working groups dedicated to cloud computing; one of these groups deals exclusively with security. The NIST will reveal the groups’ findings at an early April conference.
[Find the full article on GovWin]
Authored by Lindley Ashline
Leave a Reply
You must be logged in to post a comment.