Management Watch

Blog archive

How 'hypothetical' is the cloud security threat?

Is the cloud threat overplayed or did former federal CIO Vivek Kundra’s comment on a “hypothetical” threat hold any truth? The majority of FCW’s readers seemed to think Kundra had underestimated the challenges and voiced their opinions of the ex-fed’s remarks, cloud security and its use in general.

One reader wrote Kundra was “seriously off track” when he suggested in a New York Times op-ed that the United States shouldn’t hesitate to prioritize cloud spending because of “hypothetical security threats that serve the entrenched interests of the IT cartel.”

“I'm very disappointed that he made that characterization, given the in-depth classified background information he has been provided in his position,” Fed Security Guy commented. “Federal agencies continue to struggle tremendously to define/describe exactly what security strengths there may be in cloud computing, hence the preference for private clouds.”

Another reader echoed these sentiments, saying Kundra had oversimplified the problems of a cloud migration. That reader also suggested that the move to cloud would happen not because of Kundra’s 25-point plan, but because cloud computing “represents a huge revenue generator at the tune of 100s of billions of dollars a year, and companies follow the money.”

“I also found Kundra’s article and subsequent speech in poor taste especially for a person in such a high position,” that same reader commented. “I was raised that some things are better said in private circles. In summary, I had a lot of respect for Kundra till I saw his article in the NYT.”

Another reader critic said it would take a cyberattack to determine the accuracy of Kundra’s comments.

“I guess this question will be answered when the first major 'hack' of government data in the cloud hits the press,” Mike wrote. “Perhaps it will happen -- perhaps not. Either way, Mr. Kundra is safely positioned in the ‘soft’ confines of academia. Priceless.”

Charles 'Kip' Kiplinger posited that the threat scenario depends on whether users are in the commercial sector or the public sector as they use the cloud differently.

“I have big reservations in the security of information belonging to our country being outsourced,” he wrote. “I haven't heard of anyone losing their life over someone getting access to the designs of next year's car line, but knowing how to defeat the latest UAV definitely will have that effect. Conceptually, the idea is sound, but DOD needs to put its efforts into development of their own cloud. Other areas of the government complex may be well-suited for the private cloud though.”

Only one reader who commented took an opposing view, saying Kundra hadn’t downplayed the treat because the risk level is “inversely proportional to implemented level of security.”

“We have known for a long time how to secure our systems,” Howard wrote. “Problem is getting the business process owners/functional managers to define and implement a security level that’s above their accepted level of risk. It all comes back to cost of security vs. business case risk analysis, and that is not the CIO decision; it belongs to the CEO to make the call and to date, it has been in favor of the business manager.”

Posted by Camille Tuutti on Sep 12, 2011 at 12:19 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.