Security is better in the cloud, Google maintains, but others aren't so certain about that.
In Washington on Thursday, government officials held a hearing to examining the benefits and risks of the federal government’s transition to cloud computing.
The hearing, held by the House Committee on Oversight and Government Reform and the Subcommittee on Government Management, Organization, and Procurement, featured federal CIO Vivek Kundra and other government IT leaders, Carnegie Mellon University professor Gregory Ganger, and representatives from EMC, Google, Microsoft, and Salesforce.com.
To hear Google tell it, cloud computing is mostly a good thing. Mike Bradshaw, director of Google's federal government group, said that cloud computing can improve security, save tax dollars, and improve efficiency and collaboration.
"Agencies face significant challenges with lost or stolen laptops that contain sensitive data," he said in prepared testimony. "The cloud enhances security by enabling data to be stored centrally with continuous and automated network analysis and protection."
Scott Charney, president of Microsoft's trustworthy computing group, also had nice things to say about cloud computing, but he was more careful about talking up the security benefits.
"Cloud computing in its many forms creates tremendous new opportunities for cost savings, flexibility, scalability and improved computing performance for government, enterprises and citizens," he said in a summary of his remarks. "At the same time, it presents new security, privacy and reliability challenges, which raise questions about functional responsibility (who must maintain controls) and legal accountability (who is legally accountable if those controls fail)."
As described by Charney, security is a shared responsibility that cloud providers and government clients need to address, through the communication of requirements and transparency about the utility of controls put in place to meet those requirements.
The Government Accounting Office, in a report released on Thursday, offers perhaps the most realistic assessment of cloud computing. "Cloud computing can both increase and decrease the security of information systems in federal agencies," the GAO concludes, noting that 22 out of 24 major federal agencies are either concerned or very concerned about potential information security risks associated with cloud computing.
Cloud computing may be inevitable in government IT, but Google, Microsoft and the rest of the vendor community aren't done selling the idea.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.