Government cloud initiative introduced, security focus promised

Share this article:
Government cloud initiative introduced, security focus promised
Government cloud initiative introduced, security focus promised

Vivek Kundra, the federal CIO appointed by President Obama in March, announced on Tuesday a cloud computing initiative designed to cut spending on government data centers, but maintain a high level of security.

Speaking at NASA's Ames Research Center in Mountain View, Calif., Kundra said the government should leverage what exists on public websites.

“Nearly $19 billion [per year] is spent on government infrastructure,” he said. “We need a new model to lower costs and innovate. The government should solve problems, not run data centers.”

Kundra also announced, starting immediately, the availability of a website for federal agencies to acquire commercial products, including Google and Salesforce.com services. The website, called Apps.gov, resembles an online store, complete with product descriptions and shopping carts.

As for security, nonclassified data would be managed by approved product providers on Apps.gov, Kundra said. But classified data and processes will be handled separately, though a cloud computing platform developed by NASA called Nebula.

“Our focus is on security, and the aim is to embed security into applications,” he said. “These are legitimate concerns.”

He also stressed that the distribution of security products through a central website will help to reduce risk.

“Even today, some smaller agencies do not have much security,” he said. “To be effective, security must come from the center.”

Still, Kundra admitted that the initiative may take as long as a decade to fully implement, and some critics suggested the security issues may remain beyond that.

“We have a lot of work to do in determining the actual risk in moving our existing IT assets to the cloud,” Adam Vincent, CTO of public sector solutions at cloud security vendor Layer 7, told SCMagazineUS.com Tuesday. “The legal and ownership ramifications must be examined closely.”

Internet-based services, even ones that are not classified, will introduce additional cybersecurity risks, beyond what is seen today, Vincent said.

“The government has significant requirements in terms of identity management and audit,” he said. “These will not be solved quickly in cloud computing.”



Share this article:

Sign up to our newsletters

More in News

ICO fines U.K. travel firm £150,000 for 2012 breach

Data on more than one million credit and debit cards was pilfered in the 2012 breach of a system Think W3 Limited.

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.