Schmidt's Can-Do Spirit on Cloud Computing
Someone at the RSA Conference 2010 in San Francisco last week - sorry, I can't remember who - said the IT security conclave's three top topics were cloud computing, cloud computing and cloud computing.
No doubt, the perceptions of efficiencies and cost savings drive the interest in cloud computing. Still, the naysayers voiced valid concerns why securing sensitive data the government generates in the cloud could prove all but impossible. But don't count White House Cybersecurity Coordinator Howard Schmidt among the cloud computing cynics.
Schmidt expresses confidence that those concerns can be surmounted, perhaps not for every piece of data, but sufficiently that cloud computing can become a viable, secure platform for a sizeable portion of government. To accomplish that, he said, the focus must be placed on securing the data, regardless of the computing platform. Here's what Schmidt said in my one-on-one interview with him at RSA:
"Data is the gold, the silver and the diamonds of the world we live in today. Money, in many cases is just a bunch of zeros and ones moving through a wire, so we have to be very protective of the data. In the past, we've focused on the networks and not the stuff that runs on the network, whether it's data at rest, data in transit, data on a portable device."
To protect the data, Schmidt said, the spotlight will shift to authentication, encryption, service level agreements and legal requirements.
"When you start packaging those things together, cloud computing makes a lot of sense, but we need to make sure that the policies are in place, the legal framework is in place. As you know, with any legal document, it's back and forth between you and the vendor and negotiating terms.
"And, the other thing is how you do the validation. It's great for us to say that from now on that everything you type on your computer, we'll encrypt it. But, what about the day you forget? How do you validate that it's being done continuously? So, those are the sort of the mechanisms we're looking at now and ensuring those controls are in place which then don't create the price point where it's no longer valuable to do it."
Schmidt's approach to cybersecurity seems simple. If a technology exists that advances government's goals, the experts will figure out how to exploit it securely. The approach is simple but Schmidt recognizes the work behind it is hard. Yet, he exudes a faith in the IT security professionals in government and its private-sector partners to make it happen.
Other postings from my RSA interview with Schmidt: