"The first question they are going to ask the external provider is: 'What kind of procedures will you follow for physically securing the servers, for assuring the authenticity of the log-in, for security of the data during transit to and from your site?'" IBM's Dave McQueeney says.
The evolution of IT security requires human ingenuity. Machines are fast but dumb, yet using human brainpower can help reject quickly harmful traffic aimed to damage critical IT systems, says Phyllis Schneck, McAfee CTO/public sector.
Cybersecurity is truly a bipartisan issue in Congress, but measures aimed at enhancing the protection of military IT systems fell victim to political squabbling over the repeal of the don't ask, don't tell policy on gays in the military.
Sensitive information maintained by three federal departments - Defense, Homeland Security and Health and Human Services - isn't fully safeguarded from the inquisitive eyes of government contractors, putting the data at risk of unauthorized disclosure or misuse.
"What we are trying to do in Michigan is to set the framework, which means that these cloud solution providers meet our requirements, not the other way around," says Ken Theis, director of the state Department of Technology, Management and Budget.
People who customize software often don't know what they're doing, creating an environment where adversaries can exploit unintended vulnerabilities, says Robert Lentz, the longtime Defense chief information security officer.
Microsoft Federal Chief Technology Officer Susie Adams and Chief Security Officer Bill Billings praise the new Federal Risk and Authorization Management Program that should make cloud computing easier to adopt by government agencies.
It's not just the need to educate federal officials, but the necessity to build trust in cloud computing to get the government to adopt the relatively nascent technology, says Mel Greer, Lockheed Martin's cloud computing chief strategist.