This fall, during testimony on Capitol Hill, a cybersecurity expert from the FBI speculated that virtually every part of the U.S. government has been hacked. Even more startling is that some agencies may not even know they were a target.
With the rise of online threats, it’s imperative for the federal government to help ensure top-of-the-line security, especially as more agencies deploy applications and store sensitive data in the cloud. The latest
forecast from IDC Government shows that cloud spending accounts for only 5 percent of all federal IT spending, but that number is expected to grow through 2018 and likely beyond.
As agencies move forward with their cloud initiatives, I believe a crucial element for success will be working with trusted partners whose cloud solutions support an agency’s existing applications, can expand to meet their needs, and, more importantly, will help ensure that information is kept private and secure.
With so many cloud vendors today, there’s no guarantee that every one of them offers a tested, trusted and secure solution, or that they provide the experience of an enterprise cloud combined with the ability for governments to work in a hybrid — part private cloud and part on-premises — environment.
Clearly, not all clouds are created equal.
This raises the question: What are the indicators of a technology partner that offers the most comprehensive and trusted solution?
Don’t stop short with security
Some companies bolster security through stronger policies and data encryption. These steps are essential but often fall short of critical measures, such as encrypting data in transit and at rest, or rewriting code to help remove vulnerabilities.
The security development lifecycle (SDL) provides a blueprint for writing more secure and privacy-enhanced code. Today, it’s an industry standard used by government organizations around the world to create software that helps protect and secure data. And, for its cloud services, Microsoft Corp. created the operational security assurance framework, which drives the continual evolution of Microsoft’s security practices in response to changes in online threats.
As government agencies look to procurement, they should examine whether their cloud vendor addresses the required standards and regulations. Beyond that, they should also expect their cloud vendor to be transparent about the measures in place to maintain the security and privacy of data on a continual basis.
Cloud computing: Not an all-or-nothing proposition
Since moving to the cloud is such a major operational shift, many organizations start their transition with a hybrid solution before moving all of their data to a private cloud. For others, a hybrid model offers the long-term flexibility to store more sensitive data within the agency’s firewall while leveraging the strength of a public cloud for less-sensitive information.
Aside from public, private or hybrid solutions, there are also choices about which service model to use, including infrastructure as a service (IaaS), software as a service (SaaS) or platform as a service (PaaS). Each offers a range of application-hosting options, allowing governments to scale, or even eliminate, much of the work related to IT and network management so they can focus more on mission-critical projects.
No matter the hosting solution or service model, working with a vendor that offers a range of choices will give government the flexibility to expand and evolve as its needs change, rather than being stuck with a solution that offers fewer options to build and diversify technologies in the future.
Take an open stance
As government chief information officers strive to reduce their IT footprint and manage costs, they should look for infrastructure, platforms, applications and services that embrace the heterogeneous IT world we live in by supporting disparate operating systems and development tools, both proprietary and open source.
Agencies should evaluate vendors on their ability to embrace open technology that helps modernize legacy applications while also enabling the lean and quick deployment of new, innovative solutions when it makes good business sense. Doing so puts the government in a stronger position to reduce the complexity of its IT systems and gives it more flexibility in selecting the platform it will build on moving forward.
We’re just scratching the surface in terms of the innovative ways in which cloud computing can help address the government’s toughest challenges. As this evolution unfolds, there are many long-term implications to consider when selecting a cloud platform. Keeping these principles in mind will help ensure that governments have a trusted, open and flexible solution that’s up to the task of meeting the demands of the future.
Susie Adams is chief technology officer for Microsoft Federal’s civilian business. She oversees and implements the technical strategy for Microsoft’s IGO, Finance and Land Management and Civilian Agency Federal Government business.