Cloud Security in 2012 & Beyond!
Jan 10, 2012
The year 2012 is upon us and I wanted to shed some light on one of the key technologies the federal government is going to focus on this year – Cloud Computing. At the Gartner Symposium/ITxpo in Orlando in October last year, the analyst firm rolled out its top 10 strategic technologies for 2012. It should come as no surprise that cloud is one of the technologies tapped for top ten. Cloud computing, social media, and mobile solutions also top research firm IDC’s top 10 predictions for the government IT market in 2012. Federal, state, and local governments will spend about $82.4 billion on hardware, software, and IT services in 2012, according to IDC Government Insights, and that investment will align with four key themes: operational efficiency, mobility, smart government, and economic stability.
With its future-focused IT goals, the federal government has been emphasizing growing technological trends like cloud computing. New cloud standards released by the White House underscore the government’s interest in the cloud. There is no doubt that 2012 and beyond will see increased cloud adoption both amongst Federal and STLG customers. From a cloud perspective, security is top of mind with most of the federal agencies. With the increasing IT outsourcing to the cloud, this year could see hackers and cyber criminals target clouds. When an agency uses the cloud, it is outsourcing the security to a service provider so it is essential that proper security due diligence is carried out.
Basically, most of the customers’ concerns over cloud security fall into two broad areas: concerns over availability, and concerns over confidentiality. The integration of cloud and traditional security practices is complex but definitely doable. Technical, as well as process, hand-offs are often unclear to both the cloud provider and cloud consumer alike, and this complexity is likely to introduce opportunities for both accidental and malicious attacks that are new to many agencies.
However, having said that, I firmly believe cloud security has come a long way. The technology is evolving and security standards are maturing. There are several customers both in the federal and commercial space that are not hesitating to put sensitive data in the cloud. I was very happy to see that last month, federal CIO Steven VanRoekel announced the Federal Risk and Authorization Management Program (FedRAMP). The memo, titled Security Authorization of Information Systems in Cloud Computing Environments, has been widely anticipated and lays out the administration’s steps toward securing cloud computing. The government-wide program will provide and enforce cloud standards for security, authorization, and monitoring. FedRAMP aims to accelerate the adoption of and confidence in cloud products and services by improving security. The program also intends to increase practices of automation for constant monitoring of real-time data. It is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.
Federal and STLG governments as consumers of cloud need to be aware of the security questions and issues associated with the cloud and what technologies are available and deployed to overcome these challenges. A great area of concern for most cloud customers is the possibility that a customer’s data may be comingled in various ways with data belonging to others. This is generally not a risk unless one encounters a failure mode that results in information exposure.
It’s now clear that the cloud computing is evolving and maturing fast. The focus on Cloud security is likely to grow in 2012, as it increasingly includes privacy, compliance, and governance. The new trend is that IT departments will start dealing with various regulations and required processes for deciding which cloud technology to implement under each specific situation. Meanwhile, compliance rules will force agencies to adopt cloud services with heightened security, and governing the cloud environment will become vital. Tightly and well-defined Service Level Agreements will be of paramount importance in cloud adoption.
Improving the security and privacy of data in the cloud will be a significant trend during the next 12 months. GTSI will be hosting this year’s first Technology Leadership Seminar (TLS) on the topic of Cloud Security on Jan 19th at a half-day event in Washington D.C. Attendees of the half-day event will learn:
• How regulatory and compliance concerns can be overcome
• What technologies have been successful in securing the cloud
• Case studies of how agencies have securely transitioned specific applications and workloads to the cloud
• Best practices in cloud migration
Plus, you’ll hear the first findings of a new survey revealing what government IT managers and administrators are thinking about government cloud security – and the risks and rewards they see now and in the future. You will have an opportunity to hear from me and several other industry and government speakers at this event. I would encourage you to register free at the following link :
Are you seeing similar trends within your respective agencies? Let me hear your thoughts.
To know more about federal technology trends, you can follow me on Twitter at @FedTrends