Cloud computing

A mixed forecast for dark cloud services

Placeholder Image for Article Template

Dark clouds can be ominous signals of an approaching storm, but for federal IT managers, they could mean relief from network and systems disasters -- if agencies are careful.

"Dark cloud" is the nickname being applied to cloud-based disaster-recovery-as-a-service capabilities that have emerged for commercial networks and are just surfacing for federal agencies as they move toward virtual environments. The label's refers to the fact that users don't "light up" the cloud capacity until disaster strikes.

Big infrastructure-as-a-service companies such as Symantec and Amazon Web Services are already providing commercial clients with continuity services via public cloud infrastructure and automation software. As agencies increase their use of cloud-based services under the Federal Risk and Authorization Management Program (FedRAMP), virtualized disaster recovery capabilities could add another option to the federal IT playbook, according to some experts.

The financial case for cloud-based recovery services can be compelling. Traditional IT disaster recovery plans rely on physical backup systems, said Pat Park, regional vice president at Metalogix, which provides management tools for Microsoft content and collaboration platforms. A recovery site is a centralized physical location to which IT managers fall back, he added.

But with virtualized dark cloud capabilities, data is replicated to the provider's cloud, where it can be sent to single or multiple data centers. That approach makes recovery more cost-effective and flexible for users, Park said.

The cloud-based recovery model eliminates huge expenses such as duplicate personnel, sites, hardware and software for physical disaster recovery sites, said Tom Tittermary, Symantec's technical architect for information management. Customers pay for the cost of transmitting and storing data in the cloud and for accessing it when needed.

"It makes sense to use the cloud for some recovery services," said Van Hitch, former CIO at the Justice Department and now a senior adviser in Deloitte Consulting's federal practice. "By definition, cloud implies a more efficient economic model."

The next few months could see more agencies taking a look at dark cloud applications, Hitch, Tittermary and Park agreed. "You could see a lot more with FedRAMP," Hitch said. Cloud service providers are required to meet the government's baseline cloud security standards by June 5, which will provide some concrete paths for agencies to follow in their pursuit of cloud services.

Nevertheless, experts cautioned that there are bigger issues that could delay agencies' complete embrace of disaster recovery as a service.

Hitch and Tittermary said that even with FedRAMP approvals, agencies must think long and hard about using cloud-based disaster recovery services. Agencies that use data containing an abundance of personally identifiable information or other sensitive records had better think even longer, Tittermary added.

Cloud services' greatest strength -- shared infrastructure -- can also be the greatest weakness for federal users because it raises security concerns, Tittermary said.

Agencies with large amounts of sensitive data would be better off using a federal cloud service provider that is responsible for shared security, he said. Agencies with lesser amounts of sensitive data might consider using a mix of public and federal cloud providers.

Furthermore, an agency might not know the extent of the sensitive data it has and could unwittingly lose control of that data once it's on a public cloud, Tittermary said. For instance, it would be problematic or even impossible for a public cloud provider to selectively delete data from a storage facility shared with other entities.

"This will be an evolving thing," Tittermary said. "Agencies will approach [cloud] cautiously." He added that the next few years will be very revealing as agencies learn how to use the services effectively and securely.

The 2014 Federal 100

Get to know the 100 women and men honored this year for going above and beyond in federal IT.

Reader comments

Mon, Apr 7, 2014

Actually security is the primary reason you would want to move to proven commercial cloud service providers as soon as possible. "GAO found that many agencies have struggled to address the eight required components of an information security program, specifically in implementing security controls." "An April 2 GAO report found that the number of data breaches involving information such as taxpayer data, census data, Social Security information and patient health information have increased from 10,481 in 2009 to 25,566 in 2013, as reported to U.S. Computer Emergency Readiness Team." “The loss or unauthorized disclosure or alteration of the information residing on federal systems, which can include PII, can lead to serious consequences and substantial harm to individuals and the nation,” the report reads. “Thus it is critical that federal agencies protect their systems and the information on them and respond to data breaches and cyber incidents when they occur.” http://fcw.com/articles/2014/04/03/gao-data-breach-report.aspx

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above