Sometime back I had written an article on how US government officials had expressed reservations on adopting cloud computing (See: Does Moving to the Cloud work for the US Federal Government?). However, as per the testimonies from several Federal officials before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, it would seem that, in spite of cloud proponent former CIO Vivek Kundra’s departure (See: Will Vivek Kundra’s Departure Affect Government’s Flight to the Clouds?), cloud computing will continue to find favor in the official administration.
There have been concerns about security on the cloud, especially in the light of several recent incidents (See: Should You Be Concerned? A List of Recent Cloud Computing Failures – I), and this was raised by committee chairman Rep. Daniel Lungren (California) who said how important it is “to have a promise that the security of the cloud is going to be measurably better than the security we have in the current system.”
Responding to the Congressman’s concerns, David McClure, associate administrator for the General Services Administration’s (GSA’s) Office of Citizen Services and Innovative Technologies, said, “Our problems with security are not unique to cloud-computing systems.” In other words, any issues with security cannot be blamed on cloud computing as a technology, but may be attributed to current systems as a whole. However, he did say that new security controls and standards being developed will address these concerns.
Department of Homeland Security (DHS) CIO Richard Spires testified that cloud computing is needed for the government to achieve cost-cutting goals (See: How Much Can the US Government Save By Going to the Cloud?) and to keep up with the technology trends. “Cloud computing is going to transform IT as things become more commoditized. We need to move to it,” he said.
Recently departed CIO Kundra had earlier gone before the Senate to defend his stance on cloud computing and he will be happy that his faith is shared by others in the administration (See: Update: What Do Government Officials Think of Cloud Computing?).
However, there were some valid concerns raised during the hearing. One was the involvement of foreign companies in developing government cloud networks. One company specifically mentioned was CGI Computing, an American firm owned by a Canadian company that was contracted by the DHS to migrate data from its servers. Spires assured the lawmakers that precautionary measures had been taken, including ensuring that all contractors were US citizens unless waived.
McClure also agreed that security concerns still prevent the movement of classified information to the cloud. “It’s going to be quite a while before we feel comfortable placing classified information into a private cloud environment,” he said.
By Sourya Biswas