Security still a big concern around cloud

You might have heard about that survey on the state of virtualization in the federal government.

It was developed by the Government Business Council (GBC) in partnership with GTSI and Oracle Corporation and showed that many federal agencies still face a variety of hurdles when it comes to implementing virtualization and cloud computing.

Today we speak with Mohamed Elrefai, vice president of the enterprise solutions group and marketing at GTSI, who tells us more about how the survey was conducted and what it reveals.

ME: We were hearing a lot from government customers that they really wanted to hear what their peers were thinking. It really felt like, by and large, that industry was doing a lot of yelling about virtualization — that, to every hammer the world’s a nail — that virtualization was going to solve every problem. . . .

Frankly, there’s been a bit of discrepancy between adoption at the enterprise, versus test and dev. So, we really wanted to understand that better. I think that was our motivation, and I think, also, our motivation was really to help the government really be able to glean what was going on in and around the community in a way that was important.

The second area was . . . there wasn’t a lot being asked [geared] to decision makers in government. So, we teamed with the government business council to really focus this survey on decision makers, and I think that really allowed us to key in more on whether virtualization was really helping to solve some of the business and organizational issues, versus just another IT service delivery model. We were able to get some information in that regard.

FCB: How did you go about getting the word out about the survey, and who took the survey?

ME: The survey was conducted by the Government Business Council. We did work with them to really vet the questions, because we really weren’t looking to try to push an idea. We really wanted to get feedback. I think we had about 250 or so respondents, and they ranged across civilian and DoD agencies. So, we got a very wide swath and they were all at the GS level, for the most part. So, we really were dealing with people that were in the decision making or policy orientation.

FCB: Were there any lessons learned, best practices [discovered], that sort of thing?

ME: Government has been on, it would seem, a long-term trajectory around IT modernization. We’ve seen this phenomenon-related virtualization before, largely with the notion of — I can reduce operating costs, I can potentially be more innovative — really around standardization. [That] was really the early form of it. People looked to really push out operational costs through standardization. The next movement was around consolidation, and what we found with standardization and consolidation is the same phenomenon that [these] approaches didn’t solve every business issue. They were really more technology-oriented than they were solving every business issue.

So, the top three things that we found out about virtualization . . . is awareness and education. This was a surprise. We found that nearly one-third of the respondents said they had no knowledge of the concept of virtualization. About 54 percent said they had intermediate [knowledge] and only 13 percent said they were very familiar. So, I think the gap between people that implement knowledge [and] who focus not only on IT service delivery, but the return on that — there was definitely a gap there. We really felt like, as a best practice, one of the things that the industry needs to do a better job of is educating and creating awareness and not just about the technology benefits. It’s really the notion of — if there’s truly organizational or business benefit that can break the inertia around change, that’s really where it’s going to meet the mark — and that education and awareness broadly throughout the levels of government, not just to an IT manager specifically.

The second one really [centers] around the notion of virtualization solving a bunch of technology problems. What we’ve found was that implementing and operating a virtual environment is a challenge, and I think when you get past the benefit of operationalized virtualization in an environment, it’s very different to manage. The management and governance and security — creating that as part of an enterprise implementation — you really end up with a lot of issues around how you operate it, versus just implementing it and getting the short term benefits [like] cost reduction.

The last piece, which I think is common and we’re all hearing about is security. Security remains a consistent concern across the board. According to recent research, 60 percent of virtual servers are less secure than the ones they replace. So, we found that 75 percent of folks were concerned about isolation and confidentiality of data, 74 percent were concerned with unauthorized access to multiple systems and resources, and 73 percent were concerned with hyper-jacking, which is when someone installs a rogue hypervisor and takes control of the whole server.

This notion of security — it’s interesting — many of the choices we gave, people really responded across the board in terms of security. That still seems to be very pervasive as a concern. So, I’d say, while there were many things in the survey that clearly you can glean, those were the top three areas that we really saw.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: