Government cloud initiative introduced, security focus promised

Share this article:
Government cloud initiative introduced, security focus promised
Government cloud initiative introduced, security focus promised

Vivek Kundra, the federal CIO appointed by President Obama in March, announced on Tuesday a cloud computing initiative designed to cut spending on government data centers, but maintain a high level of security.

Speaking at NASA's Ames Research Center in Mountain View, Calif., Kundra said the government should leverage what exists on public websites.

“Nearly $19 billion [per year] is spent on government infrastructure,” he said. “We need a new model to lower costs and innovate. The government should solve problems, not run data centers.”

Kundra also announced, starting immediately, the availability of a website for federal agencies to acquire commercial products, including Google and Salesforce.com services. The website, called Apps.gov, resembles an online store, complete with product descriptions and shopping carts.

As for security, nonclassified data would be managed by approved product providers on Apps.gov, Kundra said. But classified data and processes will be handled separately, though a cloud computing platform developed by NASA called Nebula.

“Our focus is on security, and the aim is to embed security into applications,” he said. “These are legitimate concerns.”

He also stressed that the distribution of security products through a central website will help to reduce risk.

“Even today, some smaller agencies do not have much security,” he said. “To be effective, security must come from the center.”

Still, Kundra admitted that the initiative may take as long as a decade to fully implement, and some critics suggested the security issues may remain beyond that.

“We have a lot of work to do in determining the actual risk in moving our existing IT assets to the cloud,” Adam Vincent, CTO of public sector solutions at cloud security vendor Layer 7, told SCMagazineUS.com Tuesday. “The legal and ownership ramifications must be examined closely.”

Internet-based services, even ones that are not classified, will introduce additional cybersecurity risks, beyond what is seen today, Vincent said.

“The government has significant requirements in terms of identity management and audit,” he said. “These will not be solved quickly in cloud computing.”



Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.