When it comes to securing organizational data, those charged with its well-being can become somewhat possessive. Or if you prefer to be more direct, the term control freak comes readily to mind.
Therefore when the government announced its intentions to reduce the number of data centers under its control by a minimum of 40% and send much of its data to the, gulp, cloud, it was met with great trepidation across the network of agencies.
According to Jeffrey Zients, chief performance officer and deputy director for management at the Office of Management and Budget, the data center consolidation effort comes after an eight-month internal probe found that the government currently maintains more than 2,000 data centers. The consolidation project, he said, will save billions of dollars, boost security, improve performance and reduce energy consumption.
While most are onboard with the savings and reductions in energy consumption, the security aspect is certain to come under a greater degree of scrutiny, especially as it relates to the migration of data to the cloud. In a 2011 survey conducted by the Future of Cloud Computing, security concerns continued to be mentioned as the single biggest inhibitor to cloud adoption across all organizations.
So what is it about the cloud that has federal database managers so on edge? It really comes back to the issues of visibility and control. Visibility is lost when key applications are moved to external providers of services such as email, collaboration tools, CRM and storage. This gives the IT managers the feeling of flying blind as it relates to the transmission of their critical data across the networks and into a cloud environment. In this situation, organizations can’t ensure that only authorized services and service providers are being used and that only authorized information is being transferred to or through these providers. The fear is that users could be putting sensitive information is a place it shouldn’t be or downloading malicious content that might be the basis for an attack on the enterprise network itself.
Organizations worldwide are increasing their reliance on Cloud Service providers for critical functions and because these services are now being hosted outside the network perimeter, these organizations are losing visibility (and therefore control) that they have had in the past. Transitioning to the cloud introduces new protocols that are difficult to inspect. Additionally, network security devices cannot inspect the contents of encrypted traffic between end-users and application providers. New risks arise with the increased use of cloud services open the door to sensitive information being transferred to outside organizations.
For these reasons primarily, government agencies have proceeded with caution in embracing the cloud architecture, and even then have been extremely selective. A survey—conducted by Quest Software Public Sector a short time after the government’s consolidation announcement—found that only 6.9 percent of federal IT officials were on board with a public cloud model as a long-term viable option. However, more than 68 percent viewed a private or hybrid cloud model as a potentially favorable alternative.
So how can these organizations move forward to meet the federal mandates while still ensuring that data assets are secure and their networks are not put at any undue risk? Design the architecture with an eye towards creating additional portals of visibility. While moving to the cloud does imply some loss of direct control, it does not have to leave you completely blind to what is transpiring on your network. Ask most IT directors and managers what they fear most and they’ll probably tell you the unknown. They can deal with problems they know about.
A move to the cloud may be a bit uncomfortable at first, especially for those used to strictly controlling the access and movement of their data. Creating windows into these transactions however should alleviate some of the security concerns while allowing the agencies to take advantage of the considerable benefits the cloud has to offer.