Curing the Cloud Computing Jitters
"Cloud computing is still very nascent and in fact the application of cloud computing in government, they are still taking root as well," Greet said in an interview with GovInfoSecurity.com (transcript below). "It's not surprising that there is a significant amount of folks who continue to need to have more information around cloud computing."
Lockheed Martin last year formed, a consortium of high-tech vendors called the Lockheed Martin Cybersecurity Alliance. The alliance issued a white paper earlier this year on the state of cloud computing in the federal government, which included results of a survey of federal IT decision makers.
The alliance and other organizations are developing ways to make cloud computing more secure while safeguarding privacy and confidentiality that ultimately will deliver the benefits of cost savings, speed and agility to government agencies.
"I don't think anybody believes we are there yet, but I'm absolutely sure we'll be able to get there," Greer said. "People are going to be prudent, people are going to take a look and see what makes sense, but it would be a surprise to me if within the next five years were aren't able to solve these kinds of problems and have a more widespread adoption. ... I don't believe it would too much longer until we have critical mass."
In the interview, Greer also addressed:
- Attitudes government IT leaders revealed about cloud computing, based on a survey unveiled in the white paper.
- How best the federal government should govern cloud computing.
- The need for vendors and service providers to build trust with the government to assure the safety of cloud computing.
GovInfoSecurity.com's Eric Chabrow interviewed Greer.
ERIC CHABROW: Last fall, Lockheed Martin formed the Lockheed Martin Cybersecurity Alliance. Being of this consortium of IT vendors is to collaborate resolutions that can help provide early threat detection, protection, and multilayer autonomic self-healing capabilities to safeguard IT systems. The alliance just issued a survey on cloud computing. It conducted of IT decision makers from federal, civilian, defense, military, and intelligence agencies. What was the key take away of that survey?
MEL GREER: The key take away is that there is still a strong need for awareness on the part of folks in the cybersecurity area about cloud computing. About 21 percent of those folks involved in cybersecurity, their agencies are unaware about cloud computing, and 34 percent of the respondents in total weren't familiar with the cloud. That is the real key-take away that awareness around the cloud as it relates to trust and security needs to continue to be increased.
CHABROW: I was somewhat surprised and quite frankly a bit disturbed to find that one-third of IT decision makers you queried said they were unfamiliar with cloud computing. In that same question, about a quarter of the respondents didn't know if the agencies employed cloud computing. Were you surprised by that number and how could such ignorance exist?
GREER: Well, I'm actually not surprised. Cloud computing is still very nascent and in fact the application of cloud computing in government, they are still taking root as well. It's not surprising that there is a significant amount of folks who continue to need to have more information around cloud computing. One of the core elements of the Cybersecurity Alliance as it relates to security and trust in the cloud is to increase that awareness, and of course, Lockheed Martin has a number of other activities associated with it over our cloud computing strategy that are targeted at focusing on the need for more information. Specifically, things like the development of drawn application set that can support mission capabilities for our government clients and the development of marketplace capabilities that are strategic and allow for the ready acquisition of cloud computing capabilities that support mission.
CHABROW: The survey also showed a lack of consensus on who should govern cloud computing in the federal government. Does that present a problem or an opportunity?
GREER: I think it is a bit of an opportunity. There is a strong desire on the part of the folks from the federal CIO and CTO's office to move agencies forward with their respective elements of cloud computing, but clearly the survey shows that there is a strong desire on the part of agencies as well to continue to hold the responsibility for utilizing whatever technical capabilities are required to meet their overall business and mission needs. While there is some cognitive dissidence around what governance in the cloud at the overall strategic level and government will be, I believe that there is some consensus which is encouraging that cloud computing is going to be look at in a serious way in terms of being able to support a mission and business capabilities from the agencies and at the federal level as a whole.
CHABROW: There is a new federal initiative called FedRAMP that simply allows agencies to collaborate together to establish security standards for the various IT wares, especially for cloud computing that will be obtained from outside service providers. How do you see FedRAMP encouraging adoption of cloud computing?
GREER: I think FedRAMP is a very encouraging activity. It is one where folks from NIST (National Institute of Standards and Technology) and OMB (Office of Management and Budget) and GSA (General Services Administration) are working very hard to ensure that when a single set of requirements are met with respect to security and privacy and confidentiality, certification and authentication that the time that it takes to provide strong and good capabilities to agencies across federal government to streamline. This FedRAMP activity is going to make it easier for providers of could services to provide their services to the agencies, and I think it will be easier for agencies to then acquire and, in fact, consuming those services. It will ultimately make our government more adaptive and agile.
CHABROW: Do you see a program like FedRAMP significantly increasing the adoption of cloud services in government?
GREER: I do. I think FedRAMP is going to have a contribution to that adoption. There is still a number of other areas associated with cloud computing that need to be worked on in order for adoption to be widespread, but clearly the ability to have a single authenticator around certification of a capability for the entire set of agencies is a step forward.
CHABROW: And what are some of those other areas that need to be addressed?
GREER: The survey outlines a couple of them. This idea of trust and who is actually going to be responsibility for setting trust. The idea of increasing the awareness, I think just the broad view of its overall impact in the acquisition space or IT areas that continue to need more addressing. In the survey that we put together highlights these areas as well.
CHABROW: The survey reveals as you just mentioned a significant amount of distrust of cloud computing. What needs to be done to build trust in the cloud?
GREER: Just like any other nascent technology capability, we need to increase awareness about what it is and what the impact is going to be agencies. I think there are a number of agencies that have however dipped their toe in the water, so to speak, with respect to clouds. So when we see things like NASA Nebula, the DOE Magellan project and others, it is an indication that folks are becoming more and more comfortable with cloud computing. But clearly the survey indicates that we need to do a better job of making people aware of the impact. I think the other key area would be things associated with data privacy, confidentiality and then security. These areas are important, not just because we hold dear the security tenants associated with the data, but because the federal government has a strong responsibility to ensure. especially in areas of war fighting and intelligence that data, is not compromised. The use of cloud computing while growing and becoming more well understood needs to be tempered with a strong understanding of how the new capabilities might impact our overall missions in areas of intelligence and war fighting.
CHABROW: There are those who believe that despite this still some considerable distrust in cloud computing, and what some see an insurmountable security hurdles, cloud computing is going to happen anyway because of one, the potential cost savings it provides, and two, the simple fact that data are growing exponentially and organizations whether the government or business will not be able to afford to build and support data centers to house that data. What are your thoughts on that?
GREER: I think that is clear that the federal government is making strong progress in the development and consolidation of data centers at the infrastructure level. There is a no nonsense approach to consolidating infrastructure capabilities and reducing the cost of those capabilities, not only because it makes good sense but because it saves money. This exponential growth of data, as you discussed, is going to be a key element, and it is one of the reasons why I think trust remains at the top of the list with respect to the deployment of cloud computing. I do however believe that with the intense focus that we have on security that we certainly are going to come up with new and innovated approaches that will obviate the need to continue to focus on it as a key inhibitor to adoption. Lockheed Martin, of course, is focusing with its Cybersecurity Alliance on the development of a number of these innovated solutions, and these continue to be developed so that we can meet the challenges with cloud computing especially on the areas of security, privacy, and confidentiality. Then ultimately deliver the benefits of house savings, speed and agility. I don't think that anybody believes we're there yet, but I'm absolutely sure that we will be able to get there.
CHABROW: Do you have timeframe on that?
GREER: No, I think that people are going to be prudent. People are going to take a look and see what makes sense, but it would be a surprise to me if within the next five years we weren't able to solve these kinds of problems and then have a more widespread adoption. ... This ability to deliver core capabilities and a consumption model makes it easier to understand and fit it into an ever increasing budget. I don't believe that it's going to take much more longer before we have critical mass.