Common Threats To Cloud Computing

Grazed from CloudTweaks. Author: Florence de Borja.

The core agencies of the US government have a central plan, Cloud First, which aims to shift the majority of their operations to the cloud. Before the plan can be implemented, it must go through a process of evaluation by the agencies concerned. In December 2010, a Cloud First policy was released by the Office Of Management and Budget so that federal agencies could implement the shift to cloud computing services if such agencies could find a cost-effective, reliable, and secure cloud computing service. The target was to move three of the core agencies’ technology services by June of the following year.

The Government Accountability Office recently released an overall progress report on the implementation plan. It reported that the Office found common challenges which the organization feels represent a hindrance to the Cloud First initiative. According to the report, one of the common threats is that cloud computing providers must first meet federal security requirements. Each of the government’s core agencies has their own security requirements, which cloud computing suppliers must satisfy first before such suppliers can be provided with a service contract. The problem is that most of these agencies have very strict requirements which suppliers find hard to meet…

Another problem is the incompleteness or insufficiency of current federal guidance for the use of cloud computing services. Guidelines such as assessment of security levels and purchasing must be created in order to hasten cloud computing implementation. A third problem is the acquisition of expertise and knowledge. Most of these agencies may not have the necessary staff, resources, or tools needed to deploy cloud computing services. Such agencies sometimes find it difficult to instruct their staff with the cloud computing tools and processes. Thus, some agencies are reluctant to implement the Cloud First Initiative.

Also, core government agencies have difficulties with the certifications and accreditations of cloud computing suppliers. This is partly because the first operational capabilities of the Federal Risk and Authorization Management Program have not been reached. Another common challenge is that these government agencies must search for cloud computing vendors who can assure interoperability and data portability so that these offices can change suppliers in the future. These core agencies must be able to determine if these vendors have a lock-in with a certain product technology or platform.

There are also cultural barriers within a government agency which must be overcome. Cloud computing may pave the way for leaks of sensitive information to the public. Thus, government agencies are reluctant to move their operations to the cloud. Finally, due to the scalable and on-demand nature of cloud computing solutions, budgeting and contracting may face constraints. It will be difficult to budget for cloud computing services because of the fluctuating costs due to the on-demand and scalable nature of the service. According to the General Accountability Office report, cloud implementations must be planned wisely, and old systems must be retired in order for each government agency to enjoy the benefits of cloud computing, such as the improvement of operational efficiencies and reduction of costs.