01:59 PM
John Foley
John Foley
Connect Directly
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Where's Government Data In The Cloud?

Amid the Obama administration's 'cloud first' strategy, federal agencies face the prospect of seeing their data go offshore. There's a lesson to be learned from WikiLeaks.

Top 20 Government Cloud Service Providers
(click image for larger view)
Slideshow: Top 20 Government Cloud Service Providers

The U.S. government has adopted a "cloud first" strategy -- a policy baked into the Office of Management and Budget’s new IT reform plan -- and federal IT pros are mulling how to get started. They might begin with this question: Where exactly will my agency’s data be stored in the cloud?

Cloud computing is a borderless concept, where workloads are distributed across global data centers, yielding the benefits of scale, efficiency, and resilience. Theoretically, you shouldn't have to worry about the physical location of virtual servers and storage because the cloud is engineered for optimal -performance.

But ignorance isn't bliss when it comes to data governance in the cloud. What you don't know about the whereabouts of your organization’s data can hurt you. The risks include security breaches, violations of U.S. laws and regulations, and even snooping by foreign governments.

Marsha McIntyre, an attorney with Hughes Hubbard & Reed who specializes in export control law, recently laid out a slew of issues associated with data that is subject to U.S. export controls, such as the International Traffic In Arms Regulations and the Export Administration Regulations. Those rules can apply to blueprints, drawings, models, specifications, photos, and plans, all of which are common in government offices. "Providing export-controlled data to a data center located outside the U.S. could be considered an export to the data center location, which could require export authorization," McIntyre wrote in a column for InformationWeek. Penalties for violating the law can reach $1 million and 20 years in prison.

Given OMB's top-down push for cloud computing adoption, you'd think it would have articulated a formal policy on where cloud data gets stored. So far, however, there is no such guidance, which could explain why two agencies -- the General Services Administration and the U.S. Department of Agriculture -- outlined different requirements in their pursuit of cloud services contracts.

GSA announced earlier this month that it has awarded a five-year, $6.7 million contract to Unisys, which will be working with Google to provide Google Apps to 17,000 GSA employees and contractors. The deal raised the ire of Microsoft, which called attention to the fact that GSA's request for proposals -- which originally specified that "data at rest" must reside within the United States -- had been modified to allow for the offshoring of its data.

Why the change? That's not clear, but the implication is that it was done to accommodate one of the cloud vendors bidding on the job, which went to Unisys-Google. When asked about it, GSA CIO Casey Coleman acknowledged that "GSA did not constrain the offerers geographically," but she emphasized that data security and compliance with federal regulations are of utmost importance, and that those are more a function of appropriate processes and procedures than location.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.