For some U.S. government agencies and organizations, deploying the cloud may feel like building their IT infrastructure all over again. Despite the growing popularity of the disruptive technology, deep knowledge of the details surrounding its use and inner-workings are lost on many federal IT executives and professionals.
To ultimately change this – educate government organizations and ensure they are leveraging the services of cloud computing effectively and appropriately, the CIO Council and the Chief Acquisitions Officers Council recently said in a joint report.
“This paper is the next step in providing Federal agencies more specific guidance in effectively implementing the ‘cloud first’ policy and moving forward with the ‘federal cloud computing strategy’ by focusing on ways to more effectively procure cloud services within existing regulations and laws,” the report’s executive summary states.
Currently, the U.S. government is in the midst of widespread migration, as agencies and organizations are working to comply with the Obama administration’s call for greater use of the cloud to reduce IT costs and complexities. Still, concerns and several roadblocks to adoption exist – not the least of which is cloud security.
Given the sensitive nature of information that many government organizations deal with, there is a widespread notion that storing the data online will present data security vulnerabilities.
The National Institute of Standards and Technology (NIST) has been at the forefront of the government’s work to improve confidence in cloud security measures and capabilities. Most recently, the organization came to an agreement with Maryland officials for a $10 million National Cybersecurity Center of Excellence.
The facility will be a public-private collaboration where security tools are researched and tested with the goal of accelerating their adoption among organizations in all sectors.
Challenges that will be addressed include interoperable cybersecurity templates, health IT, cloud and mobile computing, cryptography and the need for continuous monitoring of IT systems.
Of course, security was also a major area discussed in the CIO Council and Chief Acquisition Officers Council joint report.
“Placing agency data on an information system involves risk, so it is critical for federal agencies to ensure that the IT environment in which they are storing and accessing data is secure,” the report said. “As such, all IT systems used by federal agencies must meet the requirements of the Federal Information Security and Management Act (FISMA) and related agency-specific policies.”
Furthermore, the report identified several other key areas for data security that all agencies should consider when implementing the cloud. They include the need for clear authorization requirements, constant monitoring of cloud apps and services, an incident response strategy and plans and audits for cloud security preparedness.
The joint report also touched on the fact that privacy must be upheld in the cloud. Much of the data stored by government organizations is classified as sensitive, including personally identifiable information and personal health information, among others. It’s imperative that all types are protected.
Since taking office in 2009, President Barack Obama and his administration have stressed the need to revamp the U.S. government’s bloated federal IT program, which operates with an annual budget of about $80 billion.
Among the key components of the administration’s efforts has been a massive data center consolidation project, which aims to shutter about 800 of the government’s more than 2,000 facilities. And by focusing on the cloud, according to former federal CIO Vivek Kundra, the government stands to save about $5 billion each year.
Cloud Computing News from SimplySecurity.com by Trend Micro