Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Government IT's Move to Cloud Slowed by Security Concerns, Misconceptions

High among the barriers to the adoption of cloud computing in the government sector, right alongside concerns over security and cross-border issues, is a general confusion about what, exactly, the cloud means, according to a group of panelists speaking here at the annual State of the Net technology policy conference.

"Cloud is well-defined," says Robert Holleyman, president and CEO of the software trade group BSA. "But cloud is not well understood among policymakers."

Cloud computing has been a hot topic among federal CIOs and their staffers in recent years, and the Obama administration has promulgated a so-called cloud-first policy, directing agencies to prioritize cloud-based solutions as they roll out new IT initiatives.

But for the cloud to be broadly understood as more than a buzzword outside of IT circles, advocates of the technology should focus on the benefits that cloud computing can provide, particularly for cash-strapped government agencies working under shrinking budgets.

"It's important that we start with mission areas that are affected by cloud, as opposed to technology, because at the end of the day it's how cloud can ... be more efficient to help in different types of mission areas both for the government and for society," says Dan Chenok, executive director of IBM's Center for the Business of Government.

Healthcare Particularly Leery of the Cloud

Other panelists described the lingering reservations about shifting to the cloud that many industry leaders continue to harbor. In healthcare, for instance, there is a "high degree of misinformation about what cloud is and what it isn't," according to Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, a Washington digital rights group.

Slideshow: Top Challenges Facing Healthcare CIOs

McGraw explains that healthcare providers, generally, are behind the curve when it comes to adoption of cloud computing, in part because of a widespread confusion about what information under law is permitted to reside in off-site data centers.

"Healthcare also has an issue of uncertainty and this issue of control," McGraw says. "I think it's a very scary proposition for a lot of healthcare providers to think about having their data management functions not within their four walls. They're responsible for that data, they know that, and the idea that they would cede that, some portion of that, to somebody else and yet still be liable for those decisions is very scary."

Slideshow: 13 Healthcare IT Trends and Predictions for 2013

The information that health providers maintain is, of course, particularly sensitive, but concerns with cloud computing over privacy and security are common across industries and in government. At the federal level, CIOs have developed a uniform set of standards for certifying cloud providers.

The Federal Risk and Authorization Management Program, or FedRAMP, is intended as a repeatable certification process, so once a vendor has been awarded the credential, CIOs across the government would have the confidence to deploy its technology within their departments and agencies.

Security Concerns Overrated

The security concerns surrounding the cloud are also to some degree a problem of perception, according to Chenok, who counsels federal CIOs that the real issue of security turns on the implementation of a cloud deployment.

"The cloud itself isn't inherently more or less secure, at least in my view ... than other forms of computing. You can implement a mainframe really well or really badly and create lots of holes. And you can implement a cloud scenario really well with lots of continuous monitoring points and real-time response and patching that's done in real time, et cetera, or you can do it poorly," Chenok says. "The cloud has properties that can lend great security to any transaction--health, education, consumer transaction, government transaction."

Additionally, there is an ongoing effort in Congress to rewrite a 1986 privacy law to provide additional legal protections to documents and communications such as Web-based email that are stored in the cloud.

Earlier this month, Sen. Patrick Leahy (D-Vt.) said that he intends to reintroduce legislation to revise the Electronic Communications Privacy Act (ECPA) to require law-enforcement authorities to obtain a warrant from a judge before they can compel a cloud-service provider to release remotely stored emails that are more than six months old, among other reforms.

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.

Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +.

Read more about government in CIO's Government Drilldown.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: BSA, Facebook, Google, IBM, Technology
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: IBM, federal IT, cloud security, business, Management Topics | Government, internet, Federal CIO, cloud computing, government, Management Topics, BSA, Cloud, security
Latest Blog Posts
Whitepapers
  • Modernize Your Business with Oracle ERP Cloud
    If your business has plans that include aggressive growth and aspires to be a best-in-class organization, your IT systems and applications need to be up to the task. Homegrown solutions or outdated software can hamper the execution of your strategic vision. If your IT infrastructure and maintenance costs are affecting your ability to stay competitive, then a cloud-based enterprise resource planning (ERP) suite is well worth exploring. This eBook explores the core components of a cloud-based ERP solution that delivers enterprise-class software without sacrificing functionality or changes to business processes and with no additional cost for infrastructure and complicated integrations.
    Learn more »
  • The Three Essential Steps to Successful Cloud Migration
    Businesses and enterprises have quickly realised the power and efficiency of cloud computing, but migrating to the cloud can be a challenging process. This guide leads you through the three key steps you should take to assess your workload, select the most appropriate cloud model and ensure your cloud provider’s migration methodology stacks up.
    Learn more »
  • Avoiding Common Pitfalls of Evaluating and Implementing DCIM Solutions
    While many who invest in Data Centre Infrastructure Management (DCIM) software benefit greatly, some do not. Research has revealed a number of pitfalls that end users should avoid when evaluating and implementing DCIM solutions. Choosing an inappropriate solution, relying on inadequate processes, and a lack of commitment / ownership / knowledge can each undermine a chosen toolset’s ability to deliver the value it was designed to provide. This paper describes these common pitfalls and provides practical guidance on how to avoid them.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments