By Nataraj Nagaratnam
With IDC predicting that by 2017, the U.S. Federal Government will quadruple from $2 billion next year to nearly $9 billion in what it spends on cloud computing (mostly on private cloud), the topic of cloud security is going to quickly become the center of attention in Washington D.C.
Though the government has established some early security certifications like the Federal Information Security Management Act of 2002 (FISMA) and the Federal Risk and Authorization management Program (FedRAMP) to give agencies guidance on security, there will be a heightened need to go even further as agencies move mission critical workloads to the cloud.
No one needs to be convinced that cloud is going to deliver lower cost to the government but it needs to do so in a manner that does not expose data to risk or attack. While the speed of cloud computing is often what makes it attractive it can also be its biggest weakness when it comes to security. As much as people don’t want to hear it, process can not be thrown to the wind at the expense of “the need for speed.” I’d argue that the need to make sure governance stays in the equation is even more acute for the government.
Cloud computing also has the usual requirements of traditional IT security, though it presents an added level of risk because of the externalized aspects of a cloud model. This can make it more difficult to maintain data integrity and privacy, support data and service availability, and demonstrate compliance. Security is one of the major inhibitors to cloud adoption. Ensuring visibility to and controls around people, data, application and infrastructure is fundamental to removing those barriers.
Innovation also needs to be part of the equation for security. Take for example the work IBM Research is doing on the cutting edge of security breakthroughs, such as homomorphic encryption. Until recently, encrypted data could not be analyzed without decrypting it first — potentially compromising the privacy and integrity of the data. This has been an obstacle for greater adoption of cloud computing. IBM is leading several groundbreaking initiatives to make cloud computing more secure by ensuring data always remains encrypted while it’s being transported, searched and processed in the cloud.
At a recent IBM Federal Cloud conference, one CIO in attendance said that when it comes to security, there’s a “need for full visibility” mentality, and that has enabled him to be confident in adopting cloud. This is consistent with what we hear from other CISO/CIOs as well. So, getting intelligent about your security posture is important so that you know what you are up against, and what your security risks are. Enterprises can do this by establishing a security intelligence program that enables them to continuously monitor their security and risk posture.
Governments want to have the trusted providers behind them in building and maintaining their cloud. IBM has served the U.S. government for decades and is committed to continuously infusing new capabilities, proven security and reliability, and leading-edge technology for its enterprise cloud clients in the public and private sector.