Government decision-makers need security assurances from cloud vendors

It's no secret that the federal government as a whole is actively seeking to deploy cloud computing solutions to a wider degree. Ever since the unveiling of the Cloud First initiative in 2011, agencies have been mandated to consider cloud-based solutions as the de facto option whenever they aim to introduce a new IT service. This, combined with the obvious appeal of cloud benefits in general, has led to growing cloud deployments throughout federal agencies.

However, despite this cloud integration progress, the fact remains that federal use of hosted solutions remains significantly lower than it could and, arguably, should be. There are a number of reasons for this, but one of the biggest is also the most obvious: cloud cybersecurity concerns. To resolve this issue, agencies and vendors must come together to develop reliable, optimized options.  

Progress and obstacles
Without a doubt, federal cloud use has progressed tremendously. CIO pointed out that public sector spending on cloud services is projected to reach $6.5 billion by 2017, a 72 percent increase over 2012 levels. Government agencies are moving quickly to embrace the cloud and all of its attendant benefits. The most notable of these, according to Alan Boissy, product manager of VMware's vCloud Government Service solution, is the potential for cost savings.

"Cloud is basically a business decision," he explained, according to CIO.

"Agency CIOs remain worried about the security of cloud-based workloads."

At the same time, though, there's no denying that federal cloud adoption efforts have significant room for expansion and improvement. According to the source, there are two primary issues holding back such efforts. First and foremost is the question of cloud security. Agency CIOs remain worried that moving workloads into the cloud may put those assets in danger of loss, theft or exposure, as they are not fully convinced of hosted environments' security capabilities. This is an exceedingly common issue in private sector as well, but the stakes may be even greater for federal decision-makers, given the extremely sensitive nature of many agencies' data and other digital assets.

Second, the source noted that federal CIOs are worried about the geographic location of their cloud-stored data. This can have a major impact on the overall utility of a cloud solution for any organization. When it comes to the federal government, the issue becomes even more complex, as compliance regulations and legal issues enter the picture. 

Vendor issues
Both the federal government and cloud vendors have taken steps to overcome these issues. The most notable example of this progress is likely the FedRAMP program, which vets cloud services to ensure they are sufficiently secure and reliable for government use. 

However, the government's cloud adoption rate suggests that FedRAMP alone is not enough to assuage decision-makers worries. Stu Fleagle, vice president of government solutions for Carpathia, argued that vendors should engage with public sector agencies more directly and with greater flexibility. Far too often, cloud service providers instead offer only relatively static, suboptimal solutions that have not been tailored to address government needs. 

"Agency leaders need to understand their own precise cloud needs and goals."

At the same time, it's fair to say that government IT leaders should take additional steps in this area, as well. After all, agencies will not be able to find the ideal cloud solutions unless they have a robust, thorough understanding of their precise cloud needs and goals. Yet achieving this level of awareness is easier said than done. In order to fully prepare themselves for cloud services at every stage – from vendor comparisons to solution development to deployment and beyond – agencies need to audit their existing IT, evaluate their short- and long-term goals and more.

All of this suggests that many government agencies looking to increase their cloud use while ensuring they remain as secure and compliant as possible at all times should look for a third-party cloud integration service provider. With external assistance, any given government body will gain the benefit of expertise and experience that they simply lack in-house, and this will lead to greater confidence when seeking out superior cloud capabilities.

Security benefits
When government IT leaders adopt a carefully considered, expert-driven approach to cloud adoption, security not only ceases to be an impediment – it actually can become a selling point, as CSO Online contributor Jonathan Trull recently highlighted.

"The cloud can and should be a security asset, not a liability."

Cloud-based security solutions offer a number of benefits relative to on-premise counterparts, the writer explained. Notably, cloud security services are constantly updated by the vendor. This means that a given agency will not become or remain vulnerable simply because it forgot to install a software security patch.

Additionally, cloud services providers will have staff dedicated to providing security for clients, whereas most government agencies are too small to justify such an investment of human resources. 

The cloud can and should be a security asset, not a liability. To reach this point, though, government IT leaders must pursue optimized deployments. A third-party cloud integration specialist is often essential for achieving this goal.