What, exactly, is the cloud? Depends on who you ask

Moving into the cloud is a fairly new concept for many federal agencies and, as always, pitfalls happen.

GSA’s Dave McClure gave FCB insight into why some challenges might occur when it comes to securing information in the cloud. He said it’s not necessarily about the technology itself, but sometimes has to do more with government processes and culture.

It’s a virtual, rather than physical, control with assurances — and, again, I think some of this has to be worked out with the CIO Council, with OMB on what constitutes a quality review process and certification process when you’re moving information around in very different ways than what we’ve traditionally done.

So, what are these processes that need to be followed? Are they any different than what would be in a normal computing arrangement where you actually touch, feel, inspect and can analyze data on machines right in front of you.

FCB took a look at what the private sector is doing, because security struggles are clearly not just a federal government issue.

One of the biggest issues when dealing with security in the cloud, it seems, is defining what, exactly, a secure cloud constitutes.

An article from CIO.com gets perspective from six IT security practitioners, and each has a unique perspective about what it means to secure your cloud.

Some interesting points:

  • Matt Schneider, security consultant and senior Web design architect at Ford Motor Company, is quoted as wondering how concerned the average user is about cloud computing, “Look at Facebook and Twitter. There’s a couple of apps that have been hacked, yet that’s all you hear people talking about lately. If they really cared about security, I think they would just stop using those apps.”
  • Terry Woloszyn, CEO/CTO at PerspecSys Inc., “{I}n trying to answer the question of what is and isn’t cloud security, you are trying to establish a taxonomy.”
  • Michael Versace, partner, principal research contributor at The Wikibon Project, “Some are making cloud security more difficult to understand than it needs to be. Since security is a risk-based discipline, users need to understand the inherent risks in cloud services and implement the best set of organizational/management/business processes and technology controls to manage risks down to a profitable/acceptable level.”

Of course, these IT gurus are not working for our federal government, but their comments are valid and lead FCB to wonder . . . does operating in the cloud put more onus on the user in terms of security?

The Pew Internet & American Life Project released a survey last month that said about 69 percent of Americans who are online use cloud computing in some fashion or another.

51 percent who have done a cloud computing activity said, for the most part, they use cloud computing for its ease and convienence.

At the same time, however, 90 percent said they would be very concerned if the company that stored their data gave it to another company.

Which brings us back to yesterday’s post about Apps.gov. McClure told the FCB about some of the conditions surrounding apps offered on the site — one of them having to do with companies securing data.

The cloud is constantly evolving and, so too must security measures, it seems.

Something for agencies to keep in mind, we imagine.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: