While most organizations recognize the multiple advantages a move to Cloud Computing offers, many are still reluctant to make the jump based on concerns over security in cloud-based networks.
Meanwhile, the U.S. government has been a leader in adopting cloud technology in an effort to reduce information technology costs and to fundamentally restructure how agencies govern critical data.
Since the departure of Vivek Kundra, former White House CIO and a leading proponent for the adoption of cloud systems in government, NSA chief and head of U.S. Cyber Command Gen. Keith B. Alexander has emerged as one of the major advocates for the transition.
“Our DoD cyber enterprise, with the department’s chief information officers, DISA and Cyber Command helping to lead the way, will build a common cloud infrastructure across the department and the services that will not only be more secure but more efficient -- and ultimately less costly in this time of diminishing resources -- than what we have today," Alexander informed the Senate Armed Services committee in March.
While many critics of the cloud cite increased security risks posed by the consolidation of data as well as the complexity of access control as being challenges the developers of cloud networks have yet to conquer, Alexander believes the move to the cloud will not only improve efficiency, but overall security as well.
“The idea is to reduce vulnerabilities inherent in the current architecture and to exploit the advantages of cloud computing and thin-client networks, moving the programs and the data that users need away from the thousands of desktops we now use -- each of which has to be individually secured for just one of our three major architectures -- up to a centralized configuration that will give us wider availability of applications and data combined with tighter control over accesses and vulnerabilities and more timely mitigation of the latter,” Alexander previously said in testimony before a House subcommittee.
A primary function the cloud would provide is the furtherance of information accessibility and sharing among designated parties, an issue that has been the focus of multiple government initiatives in the post-9/11 era.
“As Gen. Alexander said at last year’s [Geospatial Intelligence Foundation] conference, secure cloud computing offers both DoD and the [intelligence community] many advantages and efficiencies that could enhance information sharing and collaboration,” said NSA spokeswoman Marci Green Miller.
A prime example of such information sharing capabilities the cloud can provide is the recently launched Defense Industrial Base Cyber Security/Information Assurance program.
The program is "designed to improve DIB network defenses and allows DIB companies and the Government to reduce damage to critical programs when defense information is compromised. The DIB CS/IA Program includes a voluntary information sharing component under which DIB companies and the Government agree to share cyber security information out of a mutual concern for the protection of sensitive but unclassified information related to DoD programs on DIB company networks," according to the Department of Defense.
“It’s become very, very popular... It’s become one of those free services, where... if they have the proper security clearance, they can get into a secure cloud so that they can get insights to protect their own enterprise," said former DISA director Gen. Harry D. Raduege of the DIB CS/IA program.
Nonetheless, there are still detractors and critics, even within the defense community who express concern over security issues that have yet to be thoroughly addressed.
“If you’re moving information into the cloud, it just seems to me that all kinds of nasty activity could go on in there. I would take a Missouri approach and say, ‘prove it to me, show it to me,’ how it’s more secure,” said former director of intelligence, surveillance and reconnaissance for the Air Force Gen. John P. Casciano.