Cloudy With a Chance of Rain

cloudyI read what has to be the dumbest thing today. Apparently last year the White House released a policy called Cloud First. Requiring government agencies to move their services to the cloud. Concerns arise security is taking a back seat.

Clouds?

“Cloud” is another term for the Internet. Cloud computing means having every piece of data you need for every aspect of your life at your fingertips and ready for use. Cloud computing gives IT departments a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet. The Obama administration set a target to spend roughly $20 billion, more than a quarter of the total estimated federal information technology budget, to move systems across the government into the cloud.

I’ll Take Some of That

Realize that somewhere someone actually has servers that store information. It’s just that the government wants to farm this out to third party sources. I can’t think of anything riskier than letting Google, Microsoft, Dell or HP store sensitive government information. But that’s exactly some of the companies that are lining up to get a chunk of the money pie. In fact Google has already sued the Government Services Administration because they claim the bidding process favors Microsoft. Salesforce.com, a California company, boasts it now sells cloud-computing services to half of all Cabinet-level agencies. Amazon, that’s right the same people that you buy MP3s and Android apps, has a D.C. services division for it’s Web Services. And last year the GSA migrated its email to Google. That’s right, Gmail is storing all the government buying processes.

Now Hold On There

Some agencies, like Defense, State and National Institutes of Health, are showing hesitation. They worry about ever growing cyber attacks. It seems ridiculous to move sensitive military data to servers not under their direct control. What’s the accountability when sensitive systems get hacked? Loss of contract? Gee that’s harsh, we’ll let you rebid next fiscal year. And did the Social Security Administration ask you for your permission to store your personal data off site? I think this needs to be rethought a bit. I can see the cloud companies sell or lease equipment and infrastructure, but accountability needs to remain with the agencies at hand.

What the Heck is a Cloud?

High Stakes

Worries