The Government Accountability Office (GAO) was recently asked to testify in front of the House of Representatives Committee on Oversight and Government Reform and its Subcommittee on Government Management, Organization, and Procurement, on the benefits and risks of moving federal information technology into the cloud. The testimony resulted in a report that GAO issued on July 1, 2010 detailing what the cloud was, several different models for cloud implementation and a recommendation for the steps that the government should take to implement cloud computing.
When it came to answering the question of should the government embrace cloud computing the GAO clearly delivered an overwhelming “yes” in the report.
The reason? In a time when the government is struggling with budget deficits and national debt, the switch to cloud computing is something that can yield large savings over time. In addition, the GAO found that there were multiple other benefits to cloud computing in the federal government, which a survey of 25 agencies identified as:
- a reduced need to carry data in removable media
- the ability to access the data through the Internet, regardless of location
- low-cost disaster recovery and data storage
- the ability to apply security controls on demand
Despite both the significant savings and additional benefits towards continuity of operations, disaster recovery, flexibility and other areas, the GAO’s survey and subsequent report shows federal agencies are still approaching cloud computing with caution. In fact, only two of the 24 agencies polled felt comfortable that cloud computing provided the security needed for federal government data. Their concerns were related almost exclusively to having an outside vendor control their cloud environments, specifically:
- the possibility that ineffective or non-compliant service provider security controls could lead to vulnerabilities
- the potential loss of governance and physical control over agency data and information
- the insecure or ineffective deletion of agency data by cloud providers once services have been provided and are complete
- potentially inadequate background security investigations for service provider employees
The GAO report proves that although cloud computing is increasingly necessary in the federal government, the architecture is critical to agency adoption and security. While public clouds and multitenancy tend to play into these fears and make government data more susceptible, there are delivery methods that could actually make government data even more secure than it was prior to the cloud.
Technologies and effective best practices exist today to deliver private cloud environments inside federal organizations that yield all the dramatic cloud improvements in IT efficiency, while also providing the security required to protect sensitive information. When implemented correctly, these cloud environments can be much more secure than today’s IT environments, which are often protected by inadequate perimeter security practices and vulnerable to cyber exploitation.
Government IT decision makers are beginning to see the inevitability of cloud computing adoption. It’s necessary for robust virtualization, automation, broad access, and economic scale in the federal government. However, these decision makers need to contemplate their needs and security requirements to identify the cloud delivery model that can provide all of the benefits of cloud computing and reduce perceived risk.
Filed under: Uncategorized | Tagged: cloud computing, Committee on Oversight and Government Reform, federal government, GAO, Government Accountability Office, House of Representatives, Subcommittee on Government Management Organization and Procurement | Leave a Comment »