Cloud computing: Two steps forward, two steps back

Editor's note: This article was updated on May 25 to correct information about the role of AVG Technologies in discovering the malicious code that had infected Web servers at the Treasury Department's Bureau of Engraving and Printing. 

The ongoing debate about the risks and benefits of cloud computing, long predicated on hypothetical applications conjured by technology consultants and market analysts, is being disrupted by real-life case studies.

The concept of cloud computing, in which organizations access applications owned and managed by a third party, has been trumpeted by some as a way to improve technology services without a huge investment in technology infrastructure and management staff. Meanwhile, others have raised questions about the privacy and security ramifications.

The latest news on cloud computing offers plenty of fodder for both proponents and critics.

Obama administration officials have been big advocates for cloud computing from early on and endorsed the concept in their first budget proposal. They gave cloud computing another vote of confidence earlier this month by announcing that Recovery.gov, one of the administration’s flagship transparency projects, was moving to the cloud.

“Clearly, there are some parts of government operations that don’t belong on a cloud platform,” writes Sam Diaz, a blogger at ZDnet. “But something like Recovery.gov is a good example of places where government can trim the fat and operate more efficiently.”

The General Services Administration has decided that e-mail is another good example. GSA officials recently announced they wanted to move the agency's massive e-mail system, which supports 18,500 accounts, to the cloud.

They say the system could grow to as many as 30,000 users as the agency’s workforce expands in the coming years, which could pose a problem for the current system’s aging infrastructure.

“With the growth, storage is increasing, which compounds the system's costs to manage and maintain it,” writes Matthew Weigelt on FCW.com. Also, GSA wants to improve its process for finding e-mail messages quickly when legal action requires it. With the existing infrastructure, e-mail messages are not archived in a consistent fashion, agency officials say.

But the security and privacy concerns of moving to the cloud aren’t easily dismissed.

Earlier this month, the Treasury Department had to shut down four cloud-based Web sites after malicious code infected servers at the Bureau of Engraving and Printing. AVG Technologies discovered the breach about nine hours after the code first appeared, according to a report by William Jackson at GCN.com.

Another cautionary tale comes from the University of California at Davis. Officials recently announced that they were abandoning plans to outsource e-mail for its 30,000 faculty and staff members to Google, reports Paul McDougall at InformationWeek.

According to a letter obtained by InformationWeek, many members of the faculty “expressed concerns that our campus’ commitment to protecting the privacy of their communications is not demonstrated by Google and that the appropriate safeguards are neither in place at this time nor planned for the near future.” Therefore, the university no longer plans to outsource e-mail services, the letter states.

The buzz about cloud computing continues unabated. But at least the focus has changed from market hype to real-life concerns. "This means we're getting down to the business of building, deploying and using cloud computing technology and not spinning like tops to make sure we're relevant in the market," writes blogger David Linthicum at InfoWorld.

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Tue, Jun 1, 2010 badgeswapper

Cloud computing is unfortunately ( or perhaps fortunately ) not fundamentally different from any other information technology. It is a tool with specific capabilities and qualities. IT professionals must understand those qualities - especially the risks associated with security. And, must managed those risks objectively and ignore the hype as with any other technology. ------------------------------ www.badgeswapper.com - the forum for Federal contractors

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above