The government cloud is not as ominous as it appears. Despite its threatening appearance, the cloud offers security advantages over the datacenter. The government cloud has a number of challenges that smart IT teams can overcome.
Store Your Data in the Cloud
Let’s start with a given – the mobile device is the weak link in the government cloud food chain. This is self-evident to anyone who has ever worked in IT. What’s the point of using the cloud if mobile devices store the data? IT and vendors need to ensure that even temporary data and cache are stored in the cloud and not on the device.
Secure Your Cloud Connections
Untrusted networks (usually in the form of wifi) can be an issue. It is a fact of life that your users will access your cloud from the shopping mall wifi. How can you solve this problem? Make sure your cloud apps use strong encryption with technologies such as SSL pinning, which verifies signature hierarchy.
2 Factor Authentication
Two factor authentication is a must-have capability for every government cloud. This is just as self-evident as the mobile device’s status as the weak link. A password just isn’t enough. Two factor authentication forces your users to prove they are using their device.
Apps Are Not Inherently Secure in the Cloud
The cloud is a public space. Amazon and other cloud providers utilize a “vpc” (virtual private cloud) as a means of securing cloud space. Just as virtual private servers allow datacenters to create walls around data, the virtual private cloud separates clouds within a cloud service. Amazon has the most well known virtual private cloud.
Securing Multiple Cloud Locations
Here is an issue that is unique to government agencies and large enterprise. For most small and medium sized businesses, one cloud datacenter will suffice. Not so for the US government. When a government agency requires multiple cloud locations, a major challenge arises. How do you move data between cloud locations? The metaphor that comes to mind is from the 1997 Nicolas Cage movie ConAir. Data is most vulnerable while being transported from one place to another.
Your cloud service may not be of much help here (unless you use the same cloud service in both locations). IT should plan these moves carefully and know when to bring in outside help.
The Inevitable Cloud
Until recently, large government and enterprise organizations could avoid the cloud. That era is coming to an end. Small and medium sized businesses are successfully migrating to the cloud. 2014 will be the year that government begins its trek to the secure cloud. Instead of discussing the “ifs,” it is time to discuss the “hows.”