FOSE

The state of cloud security

cloud security

Representatives from three tech titans -- Amazon Web Services, Microsoft and IBM -- faced off Wednesday morning on cloud in government.

While there may have been contention over priorities and practices, panelists at the FOSE event came together on security -- when it comes to securing agencies’ data, they agreed, the responsibility is not exclusive to vendors.

The cloud is a shared security model, according to Doug VanDyke, general manager for civilian government at Amazon. The vendors provide the services, and agencies are responsible for creating a secure application and ensuring they’re following standard security practices for their data.

For many agencies, it’s more of a concern to be moving email to cloud, rather than using cloud as platform-as-a-service, although getting security clearance as a vendor for agencies whose emails are high-level might not be attainable.

“National security will require serious investment,” said Michelle Rudnicki, vice president of cloud computing and growth initiatives at IBM.

More from FOSE

News and notes: May 14

Public-private group envisions 'acquisition of the future'

OFPP, FAI launch new acquisition training and certification


Plus: GCN, FCW's sister publication covering technology, tools and tactics for public sector IT, is covering FOSE in even greater detail. Get all the GCN coverage here.

The Defense Information Systems Agency’s email is at a level 5, and Susie Adams, chief technology officer for Microsoft’s Federal’s Civilian business, said it is debatable if any vendor will be able to be cleared for that level.

The bigger concern is trusted Internet connection and secure netflow, Adams said. It’s the state of the network infrastructure that will make it affordable and attractive for agencies to move to the cloud.

In fact, Adams said, there is little difference in level of security in the cloud and in physical data centers.

To give an idea of what security in data centers might entail, Adams points to how Microsoft secures its centers—it requires biometric access to get in and “lockbox” security that involves having a key to open a lock box, which initiates a one-hour timer, in addition to constant real time monitoring.

“Data insurance isn’t just about the data itself, its about the practice and concerns around it and how you have access to that data,” Adams said.

About the Author

Colby Hochmuth is a former staff writer for FCW.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Thu, May 15, 2014

"Shared security model" -- if you don't know how to interpret this, look at the ACA web site: private industry takes all the money, and public takes the blame.

Thu, May 15, 2014 Dale Visser

Where was this meeting held? Who was the host?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group