Government Technology

Cloud Computing Gains Momentum but Security and Privacy Issues Persist



September 25, 2009 By

It's official: Cloud computing has arrived -- and it appears to be the hit of the party. The Pew Internet & American Life Project released survey results in September 2008 reporting that 69 percent of Americans who are online use Web-based e-mail, store data or use software applications over the Internet. In October 2008, the market research firm IDC forecast that spending on IT cloud services would reach $42 billion by 2012.

Government agencies are starting to use cloud computing for storage, applications or development; these services are hosted on a remote server in order to save money on implementation and management. Cloud services are increasingly pervasive and may forever transform how government employees access and manage digital information.

Cloudiness Ahead

But with so many clouds on the horizon for IT, some people worry about potential storms ahead.

"What tends to worry people [about cloud computing] are issues like security and privacy of data -- that's definitely what we often hear from our customers," said Chris Willey, interim chief technology officer of Washington, D.C.

Willey's office provides an internal, government-held, private cloud service to other city agencies, which allows them to rent processing, storage and other computing resources. The city government also uses applications hosted by Google in an external, public cloud model for e-mail and document creation capabilities.

Cloud computing is delivered to users via three main delivery models: software as a service, platform as a service and infrastructure as a service (known as SaaS, PaaS and IaaS, respectively). With SaaS, customers use applications stored on a provider's server. In a PaaS environment, the provider gives customers tools to create their own applications that are stored on the provider's server. IaaS allows customers to rent networking, storage or other IT resources from providers to support in-house infrastructure.

In all arrangements, the clients' data wind up in someone else's hands somewhere along the way. For government, citizens' data is sacred, as is data involving internal business processes. Even when a third-party provider is reputable, it's understandable to experience a tinge of anxiety. You can't control another company's activities the way you can your own.

"For the last 15 years, people have been used to the client-server model," said Kevin Paschuck, vice president of public sector for RightNow Technologies, a company that delivers SaaS. "They've been used to hugging their servers. They walk out the door, and they can see their data and their hardware. They control their own destiny."

But remote hosting can inhibit that feeling of control.

"I don't know exactly where my data is,'" said Tim Grance, a computer scientist in the Computer Security Division of the National Institute of Standards and Technology. "It could be cut into tiny little pieces and dispersed across a large geographical area, and that inherently makes people nervous."

These qualms, however, don't just come from apprehension about the activities of third-party partners. They may stem from external threats too. If an agency's server is hacked, the agency's employees know how they'll handle it, but they don't know how someone else might. It's a given that Salesforce.com, Amazon.com and other big companies aren't slouches in the security department, but their size makes them attractive targets for cyber-attacks.

"Google has had to spend more money and time on security than D.C. government will ever be able to do," Willey said. "They have such a robust infrastructure, and they're one of the biggest targets on the Internet in terms of hacks and denial-of-service attacks."


| More

Comments

Anonymous    |    Commented September 29, 2009

Those who think fears about data security are unfounded or overstated should read http://www.timesunion.com/AspStories/story.asp?storyID=847057

Anonymous    |    Commented September 29, 2009

Those who think fears about data security are unfounded or overstated should read http://www.timesunion.com/AspStories/story.asp?storyID=847057

Anonymous    |    Commented September 29, 2009

Those who think fears about data security are unfounded or overstated should read http://www.timesunion.com/AspStories/story.asp?storyID=847057


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
View All

Featured Papers