Technology fads come and go, but cloud computing in the government is not a fad, says U.S. chief information officer Vivek Kundra. It's here to stay.
But in the end if there is a cloud security breach, it could have more disastrous effects because of the multi-tenant nature than a single-enterprise data center.
distinguished engineer and a security and cloud computing specialist for the company's federal teamIBM, Inc.
"Cloud computing is a major priority for [the Obama] administration," Kundra said at a recent National Institute of Standards and Technology forum on cloud computing. "It's not just a priority based purely on economics. It's also a priority based on what I view as a fundamental shift in the role of the [federal] CIOs and rethinking where they're spending their energy and how they provide services to the American people."
However, one of the biggest challenges ahead for government cloud computing is making sure that federal systems and data in the cloud are secure, Kundra said.
"I don't think there is a magic bullet," he said in an interview with TechTarget.
But Kundra noted that the private sector is "rising and responding" to the challenge of furnishing secure cloud services to government, citing .gov clouds developed in recent months by Google, Microsoft Corp. and Amazon. Earlier this year, for example, the White House moved its recovery.gov site to Amazon's Elastic Compute Cloud (EC2) environment, making it the first governmentwide site to move to the cloud.
Such initiatives are starting to generate more trust and confidence in handing off computing resources to commercial providers, according to Kundra. "Those are dedicated dot.gov clouds," he said. "Those companies built out these dot.gov platforms, whereas before, government [officials] would have said, 'we must have our data stored only in government systems.'"
Kundra advised agency managers concerned about cloud security to review the contents of www.fedramp.gov, the site for the just-launched Federal Risk and Authorization Management Program (FedRAMP). The White House considers FedRAMP a major step in creating a less fragmented approach to security requirements and risk management across the government. It offers a framework for assessing and authorizing cloud services and products and allows joint authorizations and continuous security monitoring services for cloud systems intended for multi-agency use.
In essence, FedRAMP propounds a common security risk model that can be leveraged across the government and provides a consistent baseline for cloud-based technologies.
"That's a body of work that was built over 18 months with Homeland Security, the Defense Department, the General Services Administration and a number of agencies from the federal CIO Council," Kundra told TechTarget.
Despite such strides toward the goal of ensuring security in the cloud, experts cautioned that the nature of cloud computing — moving from single-tenant to multi-tenant environments, for example — means that security issues have to be taken far more seriously.
"It's not like cloud security is giving us different kinds of threats," said K.S. Shankar, a distinguished engineer at IBM and a security and cloud computing specialist for the company's federal team. "We're going to be faced with same kind of threats. But in the end if there is a cloud security breach, it could have more disastrous effects because of the multi-tenant nature than a single-enterprise data center."
"It's analogous to the difference between a plane crash and an automobile accident," he added.
About the author:
Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 10 years.
This was first published in November 2010