Government cloud initiative introduced, security focus promised

Share this article:
Government cloud initiative introduced, security focus promised
Government cloud initiative introduced, security focus promised

Vivek Kundra, the federal CIO appointed by President Obama in March, announced on Tuesday a cloud computing initiative designed to cut spending on government data centers, but maintain a high level of security.

Speaking at NASA's Ames Research Center in Mountain View, Calif., Kundra said the government should leverage what exists on public websites.

“Nearly $19 billion [per year] is spent on government infrastructure,” he said. “We need a new model to lower costs and innovate. The government should solve problems, not run data centers.”

Kundra also announced, starting immediately, the availability of a website for federal agencies to acquire commercial products, including Google and Salesforce.com services. The website, called Apps.gov, resembles an online store, complete with product descriptions and shopping carts.

As for security, nonclassified data would be managed by approved product providers on Apps.gov, Kundra said. But classified data and processes will be handled separately, though a cloud computing platform developed by NASA called Nebula.

“Our focus is on security, and the aim is to embed security into applications,” he said. “These are legitimate concerns.”

He also stressed that the distribution of security products through a central website will help to reduce risk.

“Even today, some smaller agencies do not have much security,” he said. “To be effective, security must come from the center.”

Still, Kundra admitted that the initiative may take as long as a decade to fully implement, and some critics suggested the security issues may remain beyond that.

“We have a lot of work to do in determining the actual risk in moving our existing IT assets to the cloud,” Adam Vincent, CTO of public sector solutions at cloud security vendor Layer 7, told SCMagazineUS.com Tuesday. “The legal and ownership ramifications must be examined closely.”

Internet-based services, even ones that are not classified, will introduce additional cybersecurity risks, beyond what is seen today, Vincent said.

“The government has significant requirements in terms of identity management and audit,” he said. “These will not be solved quickly in cloud computing.”



Share this article:

Sign up to our newsletters

More in News

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report ...

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.

Black Hat talk on Tor weaknesses canceled

Black Hat organizers say legal counsel for the Software Engineering Institute and Carnegie Mellon University nixed the session.