Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 10th, 2012 in Cloud Security, Private Cloud, Public Cloud by Simply Security | Be the first to comment | Tags: Cloud Security, Private Cloud, Public Cloud

The U.S. Department of Defense (DOD) is planning a full-scale move to cloud storage solutions in order to assist with its overall data security program.

The U.S. Department of Defense (DOD)  is planning a full-scale move to cloud storage solutions in order to assist with its overall data security program. The DOD announced the initiative would be backed by the Defense Information Systems Agency (DISA) that has so far been responsible for protecting federal data movement toward cloud deployment for other offices with some success.

As part of the Cloud First initiative, the federal government has projected it will be able to save roughly $60 billion per year on IT spending once a full implementation of virtual storage has been realized. In an official report on the program, then-U.S. Chief Information Officer Vivek Kundra identified many of the same points reiterated by the DOD during its recent announcement, citing the need for greater data security as a driving concern on both sides of the adoption argument.

Ongoing issues

One of the big hurdles for the DOD and other agencies identified in the Federal Cloud Computing Strategy initiative is the concern over whether cloud security will be adequate for government records. Recent online theft cases and other cloud-related problems have resulted in massive damages to private corporations, including Amazon, Yahoo, LinkedIn and Global Payments, not just financially but also to their reputations.

Many CIOs are still worried about implementing cloud resources, saying cloud security measures simply aren't enough to avoid a data breach. While these tools would make collaboration and management processes easier, there is an ongoing concern that there is no way to adequately stop a leak from occurring when the entire data infrastructure is in an online setting. Once there, it will constantly be open for attack, leading some CIOs to resist the change.

The Office of Management and Budget, however, has been squarely in favor of the push to cloud since the beginning, according to Federal News Radio, stating that it wouldn't make sense for the government to pass up on the opportunity "when a secure, reliable and cost-effective cloud option exists."

"Cloud computing and cloud services offer unprecedented opportunities for cost savings, enhanced information sharing and mission effectiveness," said DOD CIO Teri Takai in an interview with Federal Computer Week. "The key to successfully leveraging cloud computing will be managing the new risks associated with an increasing dependence on rapidly emerging commercial technologies."

Proactive steps

One of the leading risks to cloud security even at the federal level is employee oversight. That doesn't mean workers are simply using weak passwords or inadvertently emailing sensitive information. In fact, the big issue is that private users, especially in BYOD environments, are accessing public sector storage solutions and utilizing these services for important data when the security guidelines of these systems aren't sufficient to guard data.

A SkyDox review found two-thirds of employees are using these storage solutions if their businesses don't supply them with some sort of cloud service of their own. This is a huge cloud security issue, especially for federal agencies, where simply telling employees not to use these tools may not be an effective strategy. On the other hand, this is an encouraging sign to IT specialists, as it means workers are already more than willing to adopt the technology. Since they already understand largely how it works, it will also be easier to train staff and integrate the new system into their jobs.