July 23, 2012
Despite cloud security and reliability concerns continuing to keep national security systems from moving to the maturing technology, the first 18 months of the U.S. government's cloud policy has largely been a success, according to a report from the Government Accountability Office (GAO). Five of the seven agencies reviewed by the office are on pace with the goals set for them, with the remaining two expected to catch up by the end of 2012.
Under directives from the Office of Management and Budget, agencies were required to migrate three services to the cloud by June 2012, with the first moved by December 2011. In a GAO review, all seven agencies met the initial December deadline while five - Departments of Health and Human Services, Homeland Security, State, Treasury and the General Services Administration - had moved all three services in time. The Department of Agriculture and Small Business Administration fell short of the June timetable, but anticipate completion of the project by the end of 2012.
National cloud security
Even with the general success of the early cloud plans, some government officials are not yet confident enough in the cloud to encourage more thorough adoption. According to a report from the President's National Security Telecommunications Advisory Committee (NSTAC), cloud technologies have yet to hit a maturity level that would engender confidence, especially in the security community.
Concerns about uptime and cloud computing data security would be required before the sensitive workloads could be migrated, according to the report. As part of encouraging that, the NSTAC believes that the government needs to be assured that their cloud access would not be subject to interruption.
"If and when cloud computing can demonstrate a regime of policy, legal authority, security and oversight that is comparably rigorous, complete and trustworthy relative to those currently in place for [national security and emergency preparedness] activities via legacy mans, the response [to the question of those systems' migration] is 'yes,'" the report states.
Between instituting security standards with the Federal Risk and Authorization Management Program (FedRAMP) and encouraging more widespread adoption in lesser services, government programs are trying to push trust in the cloud to that level. However, the budgetary motivations behind the move cannot be overlooked either.
According to NextGov, technology officials in the federal government estimate that just by moving 20 percent of the IT infrastructure over to the cloud - a move that would likely not include the national security systems - the savings could total $5 billion per year.
-McAfee Cloud Security