Government cloud initiative introduced, security focus promised

Share this article:
Government cloud initiative introduced, security focus promised
Government cloud initiative introduced, security focus promised

Vivek Kundra, the federal CIO appointed by President Obama in March, announced on Tuesday a cloud computing initiative designed to cut spending on government data centers, but maintain a high level of security.

Speaking at NASA's Ames Research Center in Mountain View, Calif., Kundra said the government should leverage what exists on public websites.

“Nearly $19 billion [per year] is spent on government infrastructure,” he said. “We need a new model to lower costs and innovate. The government should solve problems, not run data centers.”

Kundra also announced, starting immediately, the availability of a website for federal agencies to acquire commercial products, including Google and Salesforce.com services. The website, called Apps.gov, resembles an online store, complete with product descriptions and shopping carts.

As for security, nonclassified data would be managed by approved product providers on Apps.gov, Kundra said. But classified data and processes will be handled separately, though a cloud computing platform developed by NASA called Nebula.

“Our focus is on security, and the aim is to embed security into applications,” he said. “These are legitimate concerns.”

He also stressed that the distribution of security products through a central website will help to reduce risk.

“Even today, some smaller agencies do not have much security,” he said. “To be effective, security must come from the center.”

Still, Kundra admitted that the initiative may take as long as a decade to fully implement, and some critics suggested the security issues may remain beyond that.

“We have a lot of work to do in determining the actual risk in moving our existing IT assets to the cloud,” Adam Vincent, CTO of public sector solutions at cloud security vendor Layer 7, told SCMagazineUS.com Tuesday. “The legal and ownership ramifications must be examined closely.”

Internet-based services, even ones that are not classified, will introduce additional cybersecurity risks, beyond what is seen today, Vincent said.

“The government has significant requirements in terms of identity management and audit,” he said. “These will not be solved quickly in cloud computing.”



Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.