Meeting the Challenge: Moving to Cloud for Government Agencies
The Federal Government Cloud Policy is a recognition for the need to tap into a resource base currently not leveraged, however this presents a number of challenges. Despite guideline and risk considerations provided by various agencies there is still an absence of clear evaluation and rating criteria's of suppliers of cloud services to Government. The current definition provided by government for cloud is based on NIST which defines cloud computing as;
‘Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.’
Transitioning to cloud with ‘rapidly provisioned and released with minimal management effort’ is easier said than done. Demands around Data Sovereignty, procurement transparency, budget assurance and security are just some of the challenges for Government Agencies to adopt cloud based services.
So, what are the main challenges that a government department faces when considering a move to cloud services? Here are the top issues being faced today:
Developing a cloud services model that meets both operational and data security requirements, while allowing scalability and not putting extra pressure on existing support staff.
- Carrying out risk identification and assessment. Expert data analysis and cloud services technology knowledge is required to accurately identify the risks involved in an outsourced cloud services plan.
- Ensuring future portability of data. Mapping data and the scope of ‘big data’ can make migrating data from one cloud service to another a complicated procedure – more so if this is not considered when implementing the cloud services.
- Standardising identity management across different cloud services and environments. It is frequently necessary to share information between government agencies, and this is made more difficult and complex if standard roles and data sets are not used.
What You Need to Know
The basic details that you need to know in order to meet government requirements are:
- The physical location of servers and the quality of the Data Centre where your data will be held.
- Any foreign ownership of the cloud services that may allow an international agency access to your data.
- Risks involved in the cloud services model selected (see a PDF of the Cloud Security Alliance's "The Notorious Nine: Cloud Computing's Top Threats in 2013" article for more information).
- A plan to mitigate, manage, and control the identified risks.
- Identity management standards and how they will be implemented.
- A plan for future migration of data.
What’s the Solution?
By now, it should be clear that simply jumping into a cloud services offering could have major implications for the security of a government agency’s data, and the privacy of its clients. The main recommendation that we can offer is to find a Cloud Provider with:
- Access to a wide array of expertise in cloud technology.
- Relationships with multiple cloud services providers and infrastructure manufacturers.
- The capacity to assess all of your agency’s needs and map them to cloud services requirements.
- The ability to assist your agency with every step of the process of developing a cloud model and finding the cloud services that meet its needs.
- Knowledge of government requirements, including approval processes, and how to best meet those requirements.
While it can be difficult to assess a cloud provider's competence in all of these areas, look for service providers with relevant industry certifications and quality processes.. This indicates the competency and capacity to maximise leverage of technology infrastructure to meet your needs.