Where's Government Data In The Cloud? - InformationWeek
01:59 PM
John Foley
John Foley
Connect Directly

Where's Government Data In The Cloud?

Amid the Obama administration's 'cloud first' strategy, federal agencies face the prospect of seeing their data go offshore. There's a lesson to be learned from WikiLeaks.

Top 20 Government Cloud Service Providers
(click image for larger view)
Slideshow: Top 20 Government Cloud Service Providers

The U.S. government has adopted a "cloud first" strategy -- a policy baked into the Office of Management and Budget’s new IT reform plan -- and federal IT pros are mulling how to get started. They might begin with this question: Where exactly will my agency’s data be stored in the cloud?

Cloud computing is a borderless concept, where workloads are distributed across global data centers, yielding the benefits of scale, efficiency, and resilience. Theoretically, you shouldn't have to worry about the physical location of virtual servers and storage because the cloud is engineered for optimal -performance.

But ignorance isn't bliss when it comes to data governance in the cloud. What you don't know about the whereabouts of your organization’s data can hurt you. The risks include security breaches, violations of U.S. laws and regulations, and even snooping by foreign governments.

Marsha McIntyre, an attorney with Hughes Hubbard & Reed who specializes in export control law, recently laid out a slew of issues associated with data that is subject to U.S. export controls, such as the International Traffic In Arms Regulations and the Export Administration Regulations. Those rules can apply to blueprints, drawings, models, specifications, photos, and plans, all of which are common in government offices. "Providing export-controlled data to a data center located outside the U.S. could be considered an export to the data center location, which could require export authorization," McIntyre wrote in a column for InformationWeek. Penalties for violating the law can reach $1 million and 20 years in prison.

Given OMB's top-down push for cloud computing adoption, you'd think it would have articulated a formal policy on where cloud data gets stored. So far, however, there is no such guidance, which could explain why two agencies -- the General Services Administration and the U.S. Department of Agriculture -- outlined different requirements in their pursuit of cloud services contracts.

GSA announced earlier this month that it has awarded a five-year, $6.7 million contract to Unisys, which will be working with Google to provide Google Apps to 17,000 GSA employees and contractors. The deal raised the ire of Microsoft, which called attention to the fact that GSA's request for proposals -- which originally specified that "data at rest" must reside within the United States -- had been modified to allow for the offshoring of its data.

Why the change? That's not clear, but the implication is that it was done to accommodate one of the cloud vendors bidding on the job, which went to Unisys-Google. When asked about it, GSA CIO Casey Coleman acknowledged that "GSA did not constrain the offerers geographically," but she emphasized that data security and compliance with federal regulations are of utmost importance, and that those are more a function of appropriate processes and procedures than location.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll