Obama takes a leap of faith and trusts the government to the cloud

Obama takes a leap of faith and trusts the government to the cloud

Summary: Given the US Government's track record in keeping data secure, what makes anyone think moving Federal IT operations to the cloud is a good idea?

SHARE:

There have been a huge number of articles in the last few months talking about the President's tacit acknowledgment of the future of cloud computing by pushing a federal budget that relies heavily on the cloud as part of the datacenter consolidation that is being required by the plan to control governmental IT costs. Now I realize that a President's actual contribution to the design of the federal budget likely amounts to little more than accepting what they are told by their advisors, but one really has to wonder why those advisors are so readily drinking the cloud Kool-Aid.

Or perhaps those advisors aren't but are instead pandering to a vague public perception that "the cloud is the solution." Every time I write about the cloud, I get a flood of public and private responses that have a very common theme; how can you trust the security of a solution that you cannot control end to end? Even the cloud-positive responses often focus on a specific set of security or data control issues which the writer feels their business has properly addressed.

The National Institute of Standards and Technology, in light of the "cloud-first" directive from US government CIO Vivek Kundra, has issued two NIST Special Publications; SP 800-144, Guidelines on Security and Privacy in Public Cloud and SP 800-145, The NIST Definition of Cloud Computing. The main problem with the security document it is that it really presents nothing new; the guidelines presented are pretty much the same as the recommendations that any competent IT security professional would give their employer or client.  The issues that cloud security will present as the technology matures and becomes more prevalent, which also means that more bad guys will be looking for cracks, isn't really discussed.

The fact that NIST  is basically recommending that agencies take their own responsibility for security and not just trust the cloud vendor falls in that same category of common sense advice. The problem is that given the widely reported security problems with existing governmental and military networks, with failures in preventing unrestricted unauthorized physical access and a raft of malware, Trojan and virus attacks by foreign governments, including the recent successful Anonymous attack on HBGary, what makes anyone think that there will be a simple, or even near-term, solution to securing the potential petabytes of governmental data that will be migrated to the cloud?

The reality is that any cloud service provider with a contract with a US government agency will become a lightning rod for external attacks from everyone from bored script kiddies to inimical foreign agents. And the cloud just isn't ready for that.

Topics: Government US, Cloud, Government, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Well, given the ineptness of the federal government, the cloud has to be

    safer. In times of large budget deficits, cloud computing will save a lot of money, and be just as safe, probably safer.
    DonnieBoy
    • I wouldn't say a lot

      I mean... they'll save a decent amount, but it's impossible to save "a lot" in relativity to the budget.
      Michael Alan Goff
      • RE: Obama takes a leap of faith and trusts the government to the cloud

        @Michael Alan Goff Thank you for the information~~!! <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy"> <a href="http://www.classicchanelbags.org">chanel bags</a> <a href="http://www.classicchanelbags.org">chanel replica bags</a>
        yantangseo
    • Depends on how you term &quot;save&quot;

      @DonnieBoy
      Not putting locks on your house saves you money, but then comming home to your house that's been cleaned out of all you valuables becomes a loss.
      John Zern
      • If your house has been getting robbed on a daily basis...

        @John Zern
        ... the locks you have suck. Get better locks or pay someone else to protect your stuff.
        jasonp@...
      • Jason, My locks work fine

        nothing gets taken.

        It's called an analogy. Placing stuff on the cloud means you're not around, don't know what's been taken.
        John Zern
      • RE: Obama takes a leap of faith and trusts the government to the cloud

        @John Zern
        So was his.
        hoaxoner
  • RE: Obama takes a leap of faith and trusts the government to the cloud

    Oh, stop worrying. If Obama decrees that the government create a plan to move their data services to the cloud, the plan will be finished just in time for the 2044 Olympics. The first procurements will take place in 2053, the awards in 2056, the installations in 2060 through 2080, and the whole thing will be up and running.... never.

    What I want to know is where they intend to get the guys to maintain the IBM 370's until then.
    Robert Hahn
  • Great idea ..... Mr Moron President

    Let us put US documents in servers in unknown countries so that anybody can access them whenever they want.
    wackoae
    • As opposed to...

      @wackoae
      servers in our own country that anybody can access whenever they want.
      jasonp@...
  • To be fair...

    The government hasn't done well in protecting data. By turning this function over to real experts, what's the worst that can happen? The same that's been happening?
    jasonp@...
    • RE: Obama takes a leap of faith and trusts the government to the cloud

      @jasonp@...
      Experts means who?
      Ram U
  • RE: Obama takes a leap of faith and trusts the government to the cloud

    More like a Storm cloud, 'Katrina' anyone? Politicians are habitual liars and cheats, that is why they got into politics.
    james347