Securing the Cloud5 Government Cybersecurity Challenges in 2010: Part 4
Cloud computing hasn't been on the radar for many of those charged with securing federal IT assets, but in the coming year its visibility is bound to rise. Even without any major government cloud project, two of five federal senior federal IT professionals surveyed by the think tank Ponemon Institute this past fall recognize the security challenges cloud computing presents.
Indeed, the hacking from China of the Gmail e-mail accounts of some human rights activists revealed by Google in January exposed the frailties of secure cloud computing that must be fixed if widespread adoption by the government is to occur. Gmail is a Google cloud computing offering.
"Along the way, we will need to address various issues related to security, privacy, information management and procurement to expand our cloud computing services," said Federal CIO Vivek Kundra, the government's biggest cloud computing champion, at the launch of Apps.gov, an online storefront where federal agencies can purchase cloud computing services.
The advantages and disadvantages of cloud computing for government are detailed in a European Union report that has implications for the United States. "The cloud's economies of scale and flexibility are both a friend and a foe from a security point of view," the report said. "The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defenses can be more robust, scalable and cost-effective."
Former FBI agent and GovInfoSecurity.com blogger Eric Fiterman sees cloud services as benefiting government agencies in secure data during distributed denial of services attacks. "Cloud computing services provide flexible hosting resources that can grow to accommodate a surge in demand," Fiterman wrote. Imagine if the agencies that were affected by the attacks had been sitting in the cloud when the malicious traffic started rolling in. ... These providers likely have plenty of bandwidth to sustain the attack and provide service with little to no service disruption."
The Computer Security Division of the National Institute of Standards and Technology is expected to issue guidance to help federal agencies securely employ cloud computing technology. "Everybody is very interested in ensuring security," said Peter Mell, who leading the drafting of NIST's cloud computing guidance. "What I see most discussed is security compliance issues. Can I document it, implement it, test it and show that it meets the federal government requirements for the security assistance?"