I don’t typically read the Army Times, but a few days ago I ended up there while searching for info on the U.S. federal government’s adoption of cloud computing.
The page I landed on was all but astonishing. Army General Keith Alexander, commander of U.S. Cyber Command and director of the National Security Agency, was explaining why cloud computing is secure enough for the Department of Defense (DOD). Alexander was answering questions before a House Armed Services subcommittee about the $159 million 2012 budget request for the Cyber Command, a DOD agency charged with protecting the digital infrastructure that keeps military weapons and surveillance systems up and running.
Speaking before the House, Alexander said cloud computing provides the best way to secure DOD networks. Interestingly, he did not stress cloud computing’s ability to cut costs; rather, he emphasized its security benefits:
“This [cloud] architecture would seem at first glance to be vulnerable to insider threats—indeed, no system that human beings use can be made immune to abuse—but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data.”
This, surely, represents a tipping point.
If leaders of the U.S. military believe cloud computing is secure, then it might be time for civilian CIOs who have questioned the security capabilities of the cloud to reconsider.
After all, Alexander is not a technology vendor, nor is he a technology consultant, or even a politician. He is the director of the National Security Agency, responsible for ensuring that the backbone of the military defense system is reliable and secure. He has undoubtedly been better briefed on security concerns with cloud computing than have you and I.
His statements may be surprising, but they echo an ongoing transition in public-sector thinking about cloud computing. In the past year, the federal government has become increasingly supportive of the cloud, and has adopted cloud models for key agencies.
In early December, the General Services Administration selected Gmail for its 15,000 employees. Just a week later, the U.S. Department of Agriculture selected Microsoft’s cloud solution for communications and collaboration for its 120,000 users. In an even larger move, the Department of Veterans Affairs plans to adopt cloud-based e-mail for 600,000 employees.
This acceptance of cloud computing is a natural outgrowth of the Obama administration’s “cloud-first” policy that requires federal agencies to identify services that can be migrated to the cloud.
Federal Chief Information Officer Vivek Kundra, speaking at a National Institute of Standards and Technology (NIST) event last May, said security, data portability and interoperability are key to the future success of cloud computing. But these goals won’t be achieved without adoption of standards. He called for standards that will address issues around security and interoperability and “make sure that data portability allowing the customer to choose when to move from vendor A to vendor B is preserved.”
Momentum is building for cloud computing standards, and that’s a great thing because a lack of standards and interoperability can be a barrier for CIOs and IT departments. It’s safe to assume that the Pentagon fully investigated cloud architectures—standards and security—before entrusting the nation’s defense to a new technology.
And if cloud security is good enough for the DOD, it should be more than adequate for you and me.
Related posts:
I wish more people would write blogs like this that are really fun to read. With all the fluff floating around on the net, it is rare to read a blog like this instead.
Great blog, Just wanted to comment that i can not connect to the rss stream, you might want install the right wordpress plugin for that to workthat.