Security washes out cloud savings

Projected savings from clouds likely to be reduced as security risks grow, analyst says

Projected savings for cloud computing may be too optimistic and federal agencies may be underestimating the costs of new security in clouds, cybersecurity analyst John Pescatore said today.

“When we look at the vast savings from cloud computing, some of that is real,” Pescatore, vice president and research fellow at Gartner Research, said in a cloud computing online webinar. “But some of the savings must be allocated to new security issues.”

Pescatore identified areas of discussion with regard to security and the cloud, including how to evaluate if a cloud is secure, how to avoid and remediate security vulnerabilities in the cloud, how to identify and protect against new risks from cloud hacking, and how to use the cloud to deliver security.

He noted that as technology has changed from mainframe computers to personal computers, and from personal computers to the Web, security approaches have changed, and that must happen with clouds.


Related stories:

Cloud security: feds on cusp of change

3 Simple truths about the cloud


While clouds are a relatively new technology and still immature, one aspect of cloud security has been well-developed, and that is cloud security for e-mail applications, such as Google’s Gmail, Pescatore said.

“Over time, we have built up trust in cloud-based e-mail filtering,” Pescatore said. A number of entities have found that cloud e-mail can perform better, filtering out more spam and viruses at a lower cost, than they could do themselves. The same process is likely to happen gradually with other cloud applications as they mature, he said.

Current security approaches, including certification and accreditation, encryption, and continuity of operations applications, are not easy to apply in clouds, Pescatore said, and new approaches may be needed.

Additional risks come from uncertainties about vendor viability and data portability, he said. If a government agency chooses a cloud vendor for its data, and the vendor goes out of business, the agency might be at risk of “being stuck” if its data cannot be easily reformatted to be transferred to another cloud, Pescatore said.

Transparency also may be reduced in a cloud, and there may be security risks not only for data in storage but for data that is being processed, he said.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.