Five Best Practices for Cloud Security
Tips on how to better secure your cloud computing environment.
IT Business Edge's Lora Bentley in March characterized the federal government's move to cloud computing as slow but sure. She noted federal CIO Vivek Kindra's requirement for all agencies to move at least one system to a hosted environment in 2011. Yet as Susan Hall wrote earlier this week, staffing and strategy still present cloud hurdles for many agencies.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
It appears to be a similar story in the UK. While there is no government mandate to move to the cloud, the Society of IT Managers (Socitm) recommended in a report that UK government agencies should consider the cloud. The reasons are similar to those offered by Kundra, including cost control and enhanced system interoperability.
As in the U.S., UK agencies seem overloaded on infrastructure. The Register cites a stunning figure from the Socitm report: 200,000 government servers running at about 10 percent of capacity. (That seems like a lot, but in an April post about government roadblocks to IT efficiency, I noted the Defense Department has 67,000 servers, 772 data centers and 15,000 separate networks.)
Agencies will need a clear service strategy, says Martin Ferguson, Socitm's head of policy. He recommends a "pan-local" provisioning of IT services, which he says better addresses the needs and goals of the public sector.
Ian Osborne, project director at IT professional association Intellect, predicts it will be several years before cloud gains any real traction with agencies. He recommends agencies lay the groundwork by introducing new services using cloud-based methodologies or consolidating infrastructures to provide a cloud-based service within departments.
The Register story offers the Royal Mail as a success story. Adrian Steel, head of infrastructure management, says the agency opted for virtual desktops rather than PCs in a recent upgrade, a move that reduced upfront licensing costs and is yielding additional savings by simplifying ongoing support. The story quotes him:
If you are trying to move 30,000 PCs to a new system, you're looking at maybe 400,000 documents. Five to 10 percent of those won't be compatible with the new software. With virtual PCs you don't have to roll out a new PC to 2,800 offices for testing. You test apps and documents in minutes and any flaws can be fixed overnight.
The story touches on compliance issues, which can be a significant snag for government agencies. The Socitm report mentions a safe harbor agreement is supposed to harmonize EU and U.S. data protections laws. It has never been tested in court, however, and the USA PATRIOT Act gives the U.S. government access to all data physically located in the U.S., which leads the report to conclude that keeping data in the EU might be the safest option for UK agencies, at least for now.