Management Watch

Blog archive

How hypothetical is Kundra's 'hypothetical' cloud threat?

In a recent op-ed in the New York Times, former Federal CIO Vivek Kundra urged the U.S. government to follow the lead of Japan and India and embrace cloud computing in times of belt-tightening and other economic challenges.

"As foreign governments prioritize investment in the cloud, the United States cannot hesitate because of hypothetical security threats that serve the entrenched interests of the IT cartel," he wrote.

Kundra's comment about an alleged IT cartel struck a nerve with federal contractors and industry insiders. But while that phrase was generating reaction, others were debating whether the security threat for cloud computing is hypothetical or real.

Sam Ceccola, senior director of technology at Blackstone Technology Group, declined to comment on Kundra's article specifically, but said that in general, security approaches have not matured as rapidly as cloud technology has -- which means security can be diffcult to ensure.

“With cloud and mobile devices, we don’t have one entry point anymore," Ceccola said. "It’s always easier to secure one door, but if the entire perimeter is a hundred doors, that’s a lot more difficult to secure using traditional methods."

We'd like to hear from our readers: How hypothetical are the threats Kundra alludes to in his article? Are agencies aware of the challenges that come with a cloud transition? Did Kundra downplay the threat? Leave a comment and let us know what you think.

Posted by Camille Tuutti on Sep 08, 2011 at 12:19 PM


Reader comments

Mon, Sep 12, 2011

We are cripled every day by the "IT Cartel" who pound home statistics like "DoD gets attacked 3 million times a day" as the rationale to limit every system we use. Can the cloud be that much worse? We store our critical information in very public system and then try to build a perfect wall around them. But no wall is perfect as we have found out time and time again. We get attacked 3 million times a day afterall. I'd feel more secure knowing my data is stored in random locations with each block encrypted. Heck every American has data in this cloud whether they know it or not. The 'big hacks' that we hear about are those systems that store everyting in one place with that super safe wall built around it. I guess those walls aren't that safe afterall. Better pay those IT guys a few more billion dollars to make them even safer. Maybe get the attacks down to 1.5 million per day? Heck if we just remove the power cord my PC will be completely safe.

Mon, Sep 12, 2011 Mike McLean, VA

I guess this question will be answered when the first major 'hack' of government data in the Cloud hits the press. Perhaps it will happen - perhaps not. Either way Mr. Kundra is safely positioned in the "soft" confines of academia. Priceless.

Mon, Sep 12, 2011 FedSecurityGuy

I believe that Mr Kundra is seriously off track when he refers to "hypothetical" security threats in cloud computing. I'm very disappointed that he made that characterization, given the in depth classified background information he has been provided in his position. Federal agencies continue to struggle tremendously to define/describe exactly what security strengths there may be in cloud computing, hence the preference for private clouds.

Mon, Sep 12, 2011 Donny

I said it before and I'll say it again -Kundra is a poser whose actual accomplishment level falls within the 'low hanging fruit' range. Don't believe that? Just look at the track record of the jobs he has worked at - it shows much about not waiting around to see realization in long term investments.

Fri, Sep 9, 2011 RayW

While I did not read Kundra's missive since I am not IT in DC, I look around at the various government systems that are not "cloud", do not have near the potential paths into them, and yet the Chinese are downloading megabyte after megabyte off of systems that are so secure that most of us are limited to doing web surfing, email, and M$ office stuff. Heck, we are so "secure" that I can not even use OpenOffice at work anymore, I have to take the work home whenever I need to update a customer document because M$ Office reformats it. And I am told by the folks who manage this stuff that the Chinese can bypass/forge the CAC protections, yet we have a hard time just trying to do work.

The only people who will gain in this will be the big software houses that have a vested interest in getting folks off of the "buy software once, use it until support dies" system and onto the "rent software each time you want to use it" system. Well, the Chinese will gain also, makes it easier for them to play.

I guess you can boil the above rant down to, "I wonder who is paying the big bucks for that advertisement?" Yes, the "cloud" does have massive benefits for the mobile users who are never in one place long and those who need to access a lot of other folks' work on an ongoing basis, but it is not a good idea for those of us who can use websites and need local programs running, and do not want our information spread out for the "bad" guys to use..

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above