Simply Security - News, Views, and Opinions from Trend Micro

Posted on July 3rd, 2012 in Cloud Security by Simply Security | Be the first to comment | Tags: Cloud Security

Government agencies are getting over their early cloud security troubles and pushing the conversation into new areas.

Even as cloud computing first garnered mainstream attention, more than a few experts were still suggesting that the technology would never find its way into government IT operations. But while early security concerns gave federal agencies pause, it appears as though these initial hurdles have been cleared as more departments begin to see a real return on investment from their cloud migrations.

$5.5 billion in cloud progress

The primary attraction to cloud computing – for both public- and private-sector organizations – has been financial in nature. Whether through consolidating data centers or streamlining logistics, the technology has come to represent a quantum leap in cost-efficiency for some. As current economic conditions inspire many to rethink the sustainability of their current plans, the cloud is becoming a more attractive option all the time.

“At a time when we’re facing record budget deficits, it’s clear that the federal government needs to do a better job of protecting our scarce taxpayer dollars and curbing wasteful spending on assets it doesn’t need,” Delaware Senator Tom Carper explained in a recent analysis of federal cloud progress conducted by researchers at MeriTalk. “There’s probably no better example of this financial mismanagement than the $80 billion we spend each year on IT.”

According to calculations provided by MeriTalk, cloud computing initiatives are collectively saving federal IT departments $5.5 billion annually. But while this figure is certainly nothing to gloss over, analysts also noted that a more concerted effort could generate $12 billion in savings each year.

Part of the problem may come down to organizational culture, as several industry professionals surveyed by MeriTalk reported at least some friction from business and legal executives when pushing for cloud projects. But the largest barrier standing in the way of continued progress still seems to be data protection, as 85 percent of those surveyed cited security concerns.

Considering the speed of cloud security innovation witnessed over the past year, it may not be long before these fears are mitigated. But in the meantime, a thorough review of available insights may still help IT managers forge incremental progress to keep momentum rolling within their organizations.

Cloud security begins with the data

Given the fundamental paradigm shift that cloud computing introduces, it can seem overwhelming at first for those charged with keeping sensitive information safe through migrations. But like most technological evolutions, many previously acquired data security principles will carry over to the new platform.

As U.S. Postal Service (USPS) chief information security officer Chuck McGann explained in a recent interview with Government Computer News (GCN), it’s best to begin with a focus on the data before letting one’s mind wander deeper in the cloud.

“One thing about data: make sure you understand what is important to you,” McGann told GCN, elaborating on the USPS’ recent moves in private and public cloud storage environments. “Think about what you can risk going into the cloud.”

For example, McGann’s team performs a “data discovery” process that determines who owns information and how it is being used before migrating it into the cloud. Not only does this help determine the sensitivity of the data – and thus what level of protection it demands – it can also reveal breakdowns in the chain of command to stop governance problems before they are amplified in the cloud.

This sense of accountability can then be used throughout more advanced planning stages, GCN explained, to address such concerns as where encryption keys are located and who is qualified to access them.

Cloud Security News from SimplySecurity.com by Trend Micro