Cloud Computing: Not Just Fluff

Governments should embrace cloud computing as a means to strengthen and liberate their IT infrastructure. Pro or con?

Pro: Government IT Can Reach the Clouds

While it may be pegged as the newest industry buzzword, cloud computing has proved it can dramatically improve IT flexibility through its elastic compute model while offering a pay-as-you-go consumption model. Cloud computing also forces applications to be modernized through a service-oriented architecture, improving data-sharing between previously siloed applications and systems, and simplifying complex, aging IT infrastructures. The government is notorious for inefficient technology systems, applications, and processes, and as budgets continue to shrink, the public sector can’t afford to miss the boat on this platform-as-a-service (PasS) model.

There’s more to cloud computing than consolidating desktops and data centers—it’s about a change in the way computing is provisioned, accounted, shared, and stored. The cloud can provide the government with an exceptional level of scalability, security, and availability, and agencies now have options that can interoperate with traditional IT data centers.

Of course, the security concerns regarding cloud computing are real and require an enterprise-class level of cloud services. The safety and integrity of data ultimately come down to knowledge and execution of the right security programs and protocols—and those don’t change between the cloud and traditional environments. The important skill set in security is not architectural; it’s the ability to understand the complexity of security processes.

Vivek Kundra, America’s first federal CIO, has publicly endorsed cloud computing—and with his proven track record of success, he is just the man to guide the government into a new age of technological innovation.

Con: You’re Trusting Who with My Data?!

While cloud computing platforms such as Amazon (AMZN) EC2 and Microsoft Windows (MSFT) Azure provide a new and arguably better economic model for hosting modern business applications, the market has a significant amount of maturing to do. In its current incarnation, it’s a disconnect for government and the data with which it is entrusted. The biggest disconnect is the fact that these new services are shared, multi-tenant architectures. The clouds place workloads from different organizations on the same physical systems and storage volumes. While every effort is taken to ensure there’s no commingling and one customer cannot hack into another, few of us would be comfortable with the idea of a hacker setting up shop on the same system as that of the FDIC, Treasury, or Homeland Security.

Cloud vendors can claims all they want about how secure their architectures are, but there are two real threats here. First, stopping hackers is an endless battle. During 2008, Symantec (SYMC) observed more than 31 million attacks from 808,000 unique domains, many from mainstream Web sites. And a common target: government agencies.

Second are attacks that happen from within the data center. Physical equipment can be stolen, administrator credentials breached, or someone could simply walk into the data center and leave with government data. For example, when hard drives fail, clouds are supposed to fully destroy any data on the drives before disposal—or shred the drives. What’s to prevent an authorized employee or contractor from diverting this equipment into the hands of a hacker?

A better alternative for sensitive government data today is to build cloud architectures within the secure confines of a government data center. Let the public clouds climb the maturity curve a bit more.

Opinions and conclusions expressed in the BusinessWeek Debate Room do not necessarily reflect the views of BusinessWeek, BusinessWeek.com, or The McGraw-Hill Companies.

Reader Comments

George Moore

Cloud computing? No way, not here. Not where I have to guarantee the authenticity of the Official Record of the United States, documenting citizens' rights and government responsibilities for oil, gas, coal, etc. Too much money involved. Too much politics involved. Liability can't be diluted. This data center stays here, in a federal computer, in a federal network, indexed for search using references reflecting the structure of the U.S. Code and the Code of Federal Regulations. Perhaps office, e-mail, or collaboration applications and services will be provisioned from the cloud, but not the images of the official record.

Brandan Holmes

Part of the appeal of the cloud is that it democratizes enterprise level software and hardware infrastructure, such that smaller entities can have access to this. It also encourages and allows open data sharing through open APIs--this helps break through the silos created by traditional architectures.

Is there any reason that government agencies could not use applications created for the "cloud" and just host them on their own, secure servers?

J. Boswell

The industrial model may not be appropriate for federal computing needs. But a closed federal system that used the cloud computing approach might be viable if the architecture were developed correctly.

I like that it has the potential to centralize many of IA and configuration mgmt issues. Don't like the potential this has for creating vulnerable centers of gravity for DoD. The architecture would have to be carefully designed and fail-safed to provide redundant redundancies (no pun intended).

While the current IT architecture is unwieldy and difficult to manage those challenges also are present for potential adversaries seeking to use IT as an Achilles heel. The current systems have a massive level of "stamina" due to the widespread redundancies and lack of uniform system configuration and management. It is very difficult to build a tool or e-weapon that will affect all DoD users equally and effectively.

Jake Burns

I can understand concern over information in the cloud, but companies like ours actually offer hosting of service behind a company's own firewall. This makes the the safety issue moot.

Squeezebox

You've heard that Facebook and MySpace data can be un-redacted by skilled hackers? Clouds are just too risky. What we need are more standalone systems that are not hooked to the web and don't talk to each other.

J-M

I agree with previous posts, in that the government should adopt the paradigm, and establish their own secure facilities. There's no reason to have duplicate infrastructure across disparate branches of government, when a few cloud-centers can do it all, more reliably, flexibly, cheaply, and with the least amount of energy requirements. The cloud paradigm is advancing at the fastest pace of any new technology I've seen, led by virtualization techniques, and concerns around security, and other issues, are being solved--e.g., EC2 is probably one of the most secure infrastructures out there, more so than traditional 'secure' data centers.

nissan skyline gtr

No.

BobP/CEO

This one is easy as we satisfy all. Yes, we as a quiet under the radar OEM just so happen to take care of all types of security problems "but prevention, too." That includes any network as we are not only backed by 100% science; we are transparent and interoperable also. Add the clouds and multiple formations, visualization, end point security and of course VoIP. No magic, just good old American engineering that ships trusted platforms meeting OSI Layer One plus our patented paradigm, common criteria, PCI-DSS, and DARPA 98. Oh yes, at commercial pricing.

M-H

I agree with J-M that there should be a centralized governmental cloud architecture that ensures a high degree of security for all data and applications that are within its command. The federal government should create a system that could be leased at an affordable rate to state and local agencies, ensuring that all levels of government are protected from intruders. These sorts of comprehensive security solutions are the only way we can ensure a high degree of security for all citizens, and the economies of scale should be adequate justification for appropriating funding. Wouldn't you prefer to have the NSA or FBI guarding your information than some lackey at the DMV?

Sivaranjani

On demand computing can be looked upon as a means to centralize the government resources from where consistent tracking of data can be made possible. Secuity is always a threat to all the technologies being developed. The smartness is in the way we tackle them.

sam

To me, business data is distilled money. A centralized government cloud would mean that businesses with corrupt and privileged access would be able to mine the data and sell it clandestinely. This would be a huge system full of security holes. The biggest holes would be inside the firewall.

jw

Would that be on Cloud 9?

Partly Cloudy

Security is always important. But as anyone who reads knows, many a laptop has been 'lost' by a government employee.

It would be a travesty for the government to not take advantage of the innovation in the private sector by using cloud, PaaS, and SaaS options. The American people need government IT to be efficient, and the benefits from the cloud are too great to ignore.

William Lu

Both sides of the argument make good points. Dynamic provisioning and sharing resources across the cloud are important to how a cloud functions. For government agencies and many commercial companies, however, it makes sense to go with private clouds confined to the organization. The real question is how the data is being moved within the private cloud and how that data is accessed. Extremely sensitive data is best entrusted to individual agencies, but less sensitive data could be shared among an inter-organization private cloud infrastructure for shared resource management. It’s ultimately a matter of how the data gets moved and the service levels granted to users that will keep data safe. Another issue with the public cloud is how to replicate the infrastructure, which goes far beyond CPU, memory, and web services. External clouds can provide these very basic compute resources. They don’t provide site specific infrastructure like high speed interconnects, floating application licenses etc.

Nexus

Could computing makes the assumption that the current vendor model will continue and companies and governments are going to hand over data, etc., to third parties. It is a similar situation to on-demand where companies assume that this will be the prevailing model and that again companies and governments will hand over their data. All are wrong. What large organizations are interested in is the model of on-demand or cloud computing but run and operated in their own environments. Other reasons why cloud computing is just another marketing fad are--first, the so called clouds are different ecosystems within the Internet, and second, these companies do not have the means to build the type of web resident hard core real time value chain applications that would be required to run business and government.

Join the Debate

 

Participate More!

Please send us your ideas for new Debate Room topics. If you're an academic, association officer, or other industry expert and would like to write a Debate Room essay, send us a query. Questions? See the

BW Mall - Sponsored Links

Buy a link now!