Due to the Obama administration’s Cloud Computing initiative, US government agencies are facing pressure from the Budget Office to migrate more services and applications into the cloud – preferably commercial services – as much as possible. Last year, in its US federal IT management reform plan, government IT director Vivek Kundra ordered the CIOs of federal agencies to identify at least three services to be imperatively migrated to the cloud.
At least one of the three must have migrated within 12 months; the other two have 18 months to rock. “When evaluating options for new deployments, the budget office asks agencies to default to the cloud option whenever a safe, reliable and cost-effective option exists,” says the plan. . So far, 25 agencies have identified 78 systems to migrate.
Shawn P. McCarthy, Research Director at IDC, estimates that 80% of the government’s cloud migration will be to private clouds – internal or outsourced. “When we talk about a private cloud, often it is a managed infrastructure or hosted in a center open to the public. But operating on dedicated systems operated by a government-approved service provider and with specific service level agreements, “he says.
When non-sensitive information is affected – such as those presented on the administration’s web portals – agencies are more open to the public cloud. Amazon’s AWS GovCloud, for example, was launched at the NASA IT Summit in August. “We are very excited to be able to work with the private sector,” said Tsengdar Lee, Nasa’s technical director in charge of IT. “At the same time, we are approaching this with caution.” Indeed, about 60 percent of NASA’s cloud migration projects will be housed in its private cloud, Nebula, Lee explains. “We have cloud security issues that public cloud offers do not allow us to solve.” Adapted from English by the editorial staff.
Cloud technologies: the time of transformation
If you needed additional confirmation of the importance of the cloud, you did not have to look far beyond the 2011 RSA Conference. This included a series of workshops and conferences dedicated to the issue of cloud computing cloud security. In addition, the Cloud Security Alliance (CSA) held a half-day summit just before the conference opened. And this one attracted four times more visitors than in 2010. There is no longer any doubt: Cloud Computing is now very far from a passing fad.
Jim Reavis, co-founder and executive director of CSA, has not failed to point out that he hears about many successful cloud drivers and projects integrating the cloud for the next 12 months. Mergers and acquisitions would even accelerate the move, he said. CIOs from large companies tell him to look to the cloud to meet the new needs generated by acquisitions or divisional / divestment of a division. Cloud security professionals, however, remain very concerned about the compliance and cloud security challenges raised by cloud computing.
According to a TechTarget Security Media Group survey, 61% of CIOs – out of 1091 surveyed – give priority to compliance and auditability as their number one concern for cloud computing. 68% are concerned about the issue of data security and encryption; 45% are concerned about access management and control. Transparency obviously continues to be a real problem with cloud service providers.
One survey participant – CIO Insurance – explains that vendors are blocking customer requests for their security controls. And that encryption in the cloud is a complex problem. Groups such as CSA are working to solve these problems, but Reavis recognizes that CSA research is as thorough as it should be. The CSA progresses, he says, but the rapid adoption of the Cloud, driven by the global economic context, makes it difficult for him. Suppliers, of course, play their part. They are seizing the opportunity of the Cloud to add the term Cloud security to their solutions. A considerable bidding that affects the resolution of real problems.
However, some technologies are emerging despite the background noise. CloudPassage, for example, provides firewall and server vulnerability management services; services designed specifically for cloud environments. Its CEO, Carson Sweet, explains that technology can control the problem of managing server security in a cloud environment, where virtual machines are quickly created by cloning.