US loosens rules for defense data in the cloud

The U.S. State Department recently revealed that it is loosening its rules for the use of cloud computing solutions as they pertain to potentially sensitive defense data, The Wall Street Journal reported.

The news source noted that in an advisory opinion delivered to startup Perspecsys Inc., the State Department implied, but did not confirm, that the company could store defense data within cloud environments as long as the organization took all the necessary steps to ensure that only U.S. residents could view the information.

A complex issue
The source noted that the International Traffic in Arms Regulations has long been seen as a major obstacle in the way of greater cloud integration for defense-related organizations. This law prohibits defense contractors from taking physical arms or, critically, information concerning their construction outside of the United States without express permission from the government.

Considering the fact that cloud services providers frequently store customer data at various hubs around the globe, the International Traffic in Arms Regulation has long been seen as preventing companies from leveraging cloud resources when handling sensitive U.S. military data. This was the case even if organizations utilized advanced encryption tools, according to Josephine Aiello LeBeau, an attorney with Wilson Sonsini Goodrich & Rosati with expertise in this area, the news source reported.

The State Department's recent comments suggest that encryption may now be seen as an acceptable safeguard, enabling many contractors to leverage cloud solutions for the first time. However, they did not go so far as to explicitly provide the go-ahead for these efforts.

"What we've said is that if a U.S. person takes sufficient means to ensure data is only viewed by authorized U.S. persons we're fine with them putting it on the cloud," a State Department official told The Wall Street Journal. "We're not saying whether those means exist yet."

This official added that the department will deliver greater clarification concerning the legality of putting sensitive defense data in cloud environments before the end of the year.

Defense and the cloud
This move represents a wider cloud integration effort for the Department of Defense. Earlier this year, Rep. Niki Tsongas, D-Mass., and Rep. Derek Kilmer, D-Wash., proposed legislation that would lead to the creation of clear standards for DOD cloud security. Among other steps, the law would require the CIO of the DOD to work with the U.S. comptroller general to assess the department's cloud computing security needs.

Michael Hartigan, a spokesperson for Rep. Tsongas, focused on the issue of data storage as a key reason for the DOD to embrace cloud solutions. He noted that storing data internally on DOD servers is a growing expense, one which cloud integration could effectively mitigate to a great degree, NextGov reported. 

As cloud computing grows in popularity both in the public and private sector, the DOD and other government agencies will almost certainly continue to open up more to the potential offered by the technology.