Management Watch

Blog archive

How 'hypothetical' is the cloud security threat?

Is the cloud threat overplayed or did former federal CIO Vivek Kundra’s comment on a “hypothetical” threat hold any truth? The majority of FCW’s readers seemed to think Kundra had underestimated the challenges and voiced their opinions of the ex-fed’s remarks, cloud security and its use in general.

One reader wrote Kundra was “seriously off track” when he suggested in a New York Times op-ed that the United States shouldn’t hesitate to prioritize cloud spending because of “hypothetical security threats that serve the entrenched interests of the IT cartel.”

“I'm very disappointed that he made that characterization, given the in-depth classified background information he has been provided in his position,” Fed Security Guy commented. “Federal agencies continue to struggle tremendously to define/describe exactly what security strengths there may be in cloud computing, hence the preference for private clouds.”

Another reader echoed these sentiments, saying Kundra had oversimplified the problems of a cloud migration. That reader also suggested that the move to cloud would happen not because of Kundra’s 25-point plan, but because cloud computing “represents a huge revenue generator at the tune of 100s of billions of dollars a year, and companies follow the money.”

“I also found Kundra’s article and subsequent speech in poor taste especially for a person in such a high position,” that same reader commented. “I was raised that some things are better said in private circles. In summary, I had a lot of respect for Kundra till I saw his article in the NYT.”

Another reader critic said it would take a cyberattack to determine the accuracy of Kundra’s comments.

“I guess this question will be answered when the first major 'hack' of government data in the cloud hits the press,” Mike wrote. “Perhaps it will happen -- perhaps not. Either way, Mr. Kundra is safely positioned in the ‘soft’ confines of academia. Priceless.”

Charles 'Kip' Kiplinger posited that the threat scenario depends on whether users are in the commercial sector or the public sector as they use the cloud differently.

“I have big reservations in the security of information belonging to our country being outsourced,” he wrote. “I haven't heard of anyone losing their life over someone getting access to the designs of next year's car line, but knowing how to defeat the latest UAV definitely will have that effect. Conceptually, the idea is sound, but DOD needs to put its efforts into development of their own cloud. Other areas of the government complex may be well-suited for the private cloud though.”

Only one reader who commented took an opposing view, saying Kundra hadn’t downplayed the treat because the risk level is “inversely proportional to implemented level of security.”

“We have known for a long time how to secure our systems,” Howard wrote. “Problem is getting the business process owners/functional managers to define and implement a security level that’s above their accepted level of risk. It all comes back to cost of security vs. business case risk analysis, and that is not the CIO decision; it belongs to the CEO to make the call and to date, it has been in favor of the business manager.”

Posted by Camille Tuutti on Sep 12, 2011 at 12:19 PM

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Tue, Sep 13, 2011

Clouds are good. Co-located logic will leak. Just like classified systems have physical seperation requirements, so must clouds be seperated into their respective senstivities. DISA should just contract Google or Amazon to build a NIPR Cloud, a SIPR Cloud, and JWICS Cloud that are deep within the respective networks. There will be plenty of work to be shared within each of those domains as systems grow and datacenters disappear.... and you won't risk (as much) losing senstive data. There simply won't be that big of a cost difference between using the public cloud and one where you must CAC-in first. DISA would reap the COTS rewards since the CTRs would just clone their current systems. How is just not being done already?!!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group