While it may be pegged as the newest industry buzzword, cloud computing has proved it can dramatically improve IT flexibility through its elastic compute model while offering a pay-as-you-go consumption model. Cloud computing also forces applications to be modernized through a service-oriented architecture, improving data-sharing between previously siloed applications and systems, and simplifying complex, aging IT infrastructures. The government is notorious for inefficient technology systems, applications, and processes, and as budgets continue to shrink, the public sector can’t afford to miss the boat on this platform-as-a-service (PasS) model.
There’s more to cloud computing than consolidating desktops and data centers—it’s about a change in the way computing is provisioned, accounted, shared, and stored. The cloud can provide the government with an exceptional level of scalability, security, and availability, and agencies now have options that can interoperate with traditional IT data centers.
Of course, the security concerns regarding cloud computing are real and require an enterprise-class level of cloud services. The safety and integrity of data ultimately come down to knowledge and execution of the right security programs and protocols—and those don’t change between the cloud and traditional environments. The important skill set in security is not architectural; it’s the ability to understand the complexity of security processes.
Vivek Kundra, America’s first federal CIO, has publicly endorsed cloud computing—and with his proven track record of success, he is just the man to guide the government into a new age of technological innovation.
While cloud computing platforms such as Amazon (AMZN) EC2 and Microsoft Windows (MSFT) Azure provide a new and arguably better economic model for hosting modern business applications, the market has a significant amount of maturing to do. In its current incarnation, it’s a disconnect for government and the data with which it is entrusted. The biggest disconnect is the fact that these new services are shared, multi-tenant architectures. The clouds place workloads from different organizations on the same physical systems and storage volumes. While every effort is taken to ensure there’s no commingling and one customer cannot hack into another, few of us would be comfortable with the idea of a hacker setting up shop on the same system as that of the FDIC, Treasury, or Homeland Security.
Cloud vendors can claims all they want about how secure their architectures are, but there are two real threats here. First, stopping hackers is an endless battle. During 2008, Symantec (SYMC) observed more than 31 million attacks from 808,000 unique domains, many from mainstream Web sites. And a common target: government agencies.
Second are attacks that happen from within the data center. Physical equipment can be stolen, administrator credentials breached, or someone could simply walk into the data center and leave with government data. For example, when hard drives fail, clouds are supposed to fully destroy any data on the drives before disposal—or shred the drives. What’s to prevent an authorized employee or contractor from diverting this equipment into the hands of a hacker?
A better alternative for sensitive government data today is to build cloud architectures within the secure confines of a government data center. Let the public clouds climb the maturity curve a bit more.
Please send us your ideas for new Debate Room topics. If you're an academic, association officer, or other industry expert and would like to write a Debate Room essay, send us a query. Questions? See the