Government Technology

Cloud Computing Gains Momentum but Security and Privacy Issues Persist

September 25, 2009 By

It's official: Cloud computing has arrived -- and it appears to be the hit of the party. The Pew Internet & American Life Project released survey results in September 2008 reporting that 69 percent of Americans who are online use Web-based e-mail, store data or use software applications over the Internet. In October 2008, the market research firm IDC forecast that spending on IT cloud services would reach $42 billion by 2012.

Government agencies are starting to use cloud computing for storage, applications or development; these services are hosted on a remote server in order to save money on implementation and management. Cloud services are increasingly pervasive and may forever transform how government employees access and manage digital information.

Cloudiness Ahead

But with so many clouds on the horizon for IT, some people worry about potential storms ahead.

"What tends to worry people [about cloud computing] are issues like security and privacy of data -- that's definitely what we often hear from our customers," said Chris Willey, interim chief technology officer of Washington, D.C.

Willey's office provides an internal, government-held, private cloud service to other city agencies, which allows them to rent processing, storage and other computing resources. The city government also uses applications hosted by Google in an external, public cloud model for e-mail and document creation capabilities.

Cloud computing is delivered to users via three main delivery models: software as a service, platform as a service and infrastructure as a service (known as SaaS, PaaS and IaaS, respectively). With SaaS, customers use applications stored on a provider's server. In a PaaS environment, the provider gives customers tools to create their own applications that are stored on the provider's server. IaaS allows customers to rent networking, storage or other IT resources from providers to support in-house infrastructure.

In all arrangements, the clients' data wind up in someone else's hands somewhere along the way. For government, citizens' data is sacred, as is data involving internal business processes. Even when a third-party provider is reputable, it's understandable to experience a tinge of anxiety. You can't control another company's activities the way you can your own.

"For the last 15 years, people have been used to the client-server model," said Kevin Paschuck, vice president of public sector for RightNow Technologies, a company that delivers SaaS. "They've been used to hugging their servers. They walk out the door, and they can see their data and their hardware. They control their own destiny."

But remote hosting can inhibit that feeling of control.

"I don't know exactly where my data is,'" said Tim Grance, a computer scientist in the Computer Security Division of the National Institute of Standards and Technology. "It could be cut into tiny little pieces and dispersed across a large geographical area, and that inherently makes people nervous."

These qualms, however, don't just come from apprehension about the activities of third-party partners. They may stem from external threats too. If an agency's server is hacked, the agency's employees know how they'll handle it, but they don't know how someone else might. It's a given that, and other big companies aren't slouches in the security department, but their size makes them attractive targets for cyber-attacks.

"Google has had to spend more money and time on security than D.C. government will ever be able to do," Willey said. "They have such a robust infrastructure, and they're one of the biggest targets on the Internet in terms of hacks and denial-of-service attacks."

| More


Anonymous    |    Commented September 29, 2009

Those who think fears about data security are unfounded or overstated should read

Anonymous    |    Commented September 29, 2009

Those who think fears about data security are unfounded or overstated should read

Anonymous    |    Commented September 29, 2009

Those who think fears about data security are unfounded or overstated should read

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
View All

Featured Papers