Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
0
If our government is unsure of using Cloud Computing, why would businesses be all about it?
I came across an article that said, "Our government is unsure of using Cloud Computing." I'm thinking that's based on the security issue and not pricing. I know over time cloud computing is more effective because it stores everything in a single "cloud", but does cloud computing pose a serious threat to sensitive data?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
3 Answers
The first thing that needs to be understood is what the government means by “security.” For Federal-civilian agencies, requirements are derived from the Federal Information Security Act (FISMA). In the Department of Defense, the DoD Information Assurance Certification and Accreditation Process (DIACAP) is used. The Intelligence Community does not readily divulge the security standards that they use.
Both FISMA and DIACAP use “security controls” and to Certify and Accredit (C&A) a Federal system, you must demonstrate that you comply with all of the security controls at the level of sensitivity you are trying to accredit the system to and then continuously monitor the system to ensure that the controls remain in place and are effective. Cloud presents several challenges to Federal C&A compliance including the physical perimeter of the system extending to the Cloud Service Provider, the physical location of stored data, auditing, ownership rights, and retention times. In spite of these, the Government sees Cloud Computing as a strategic direction and has included requirements to assess it as an alternative in both its budget guidance for FY11, FY12, and FY13, and in the Federal Data Center Consolidation Initiative (http://www.cio.gov/pages.cfm/page/Federal-Data-Center-Consolidation-Initiative ).
To address the issues of security compliance in the cloud, The General Services Administration has initiated a program called the Federal Risk and Authorization Management Program (FedRAMP) http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-P... which goes live in September of this year. FedRAMP creates a uniform set of security requirements for both Federal civilian agencies and the DoD which must be adopted by both no later than 2014. This the very first time a single set of security requirements has EVER been agreed to across the government, and is a monumental step forward for both government and industry. So, it is not really that the government is unsure of cloud computing, what the government is unsure of is how to comply with Federal laws and regulations while exploiting cloud computing, and they have taken extraordinary steps to resolve the issues in the shortest time practicable.
When considering moving your sensitive data to the cloud, remember that you can outsource responsibility but you can’t outsource accountability, that is, the ultimate responsibility for ensuring the confidentiality and integrity of data rests with you. The European Network and Information Security Agency has an excellent paper on cloud computing called “Benefits, risks, and recommendations for information security” that you can use to guide your risk assessment for any cloud provider. That paper is available at http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-ass...
Effective, business=driven policies and processes protect sensitive information wherever that information is stored. Also, security in the cloud is rapidly moving and steadily improving. Perhaps most important here, the leading cloud computing vendors and their partners are themselves increasingly storing important information in the cloud, for themselves and for corporate clients. This makes them highly motivated to make and keep that information secure. All of these are good news for any company -- or government agency or supplier to government -- considering the cloud but concerned about security. For more help deciding, please check out my article, "10 Signs that It May be Time to Consider Software as a Service (SaaS)," at http://www.focus.com/ugr/how-to/hosting-bandwidth/10-signs-it-may-be-time-con.... Thanks, and good luck!
My first rule of cloud computing is:
Cloud Computing Rule 1: There is no cloud – there are only vendors selling internet access to infrastructure components for private and public use.
With this rule in mind, the government completely trusts no one to host its data. Therefore, the government remains unsure how it will implement cloud computing.
Businesses trusts other businesses and have done this well before “cloud computing”. Internet access to infrastructure components provides a competitive advantage for some businesses, better customer access, and reduced costs to do business for others. It is an easy decision for a business to make.
As with any technology investment, both business and the federal government should make decisions based on the business (mission) requirements. If a cloud computing element meets the needs, implement it. The federal government has the ability to create its own federal data cloud where it hosts secure resources for any agency to access. However, it is much cheaper to take advantage of the public internet. As someone who worked for the government, I recall a time when there was a separate secure system (cables) for all communications. Today, email handles a lot of this traffic – it just makes sense. Just as a cloud implementation makes sense when it meets the requirements for business or government.
Answer This Question