Greetings to all my fellow techies. The other day, I was at a vendor event aimed at the federal government. There were several companies in attendance I visited, and it was starting to seem like I had “Hi, my name is Cloud” printed on my badge. Cloud was a part of almost every greeting I got. Everyone wanted to show me how to put data into the cloud: How to rent the cloud, how to monitor the cloud, how to search it. The list of amazing cloud-centric services went on and on.
Then one vendor almost made me fall over laughing. He simply said the cloud wasn’t a new thing, despite what all the other companies were claiming. “We had it over 10 years ago,” he said with a sly grin. “We just called it the Internet.”
Of course I know cloud storage and virtualized technology is different than inline or traditional network attached storage (NAS). It even stores data differently using blocks instead of files. But fundamentally, having data at an off-site location is about the same as it was before.
Companies like to sell the idea of moving to the cloud as a final piece of a puzzle, when in fact it’s just one piece of a slightly different puzzle. The problems of data integrity, transfer speed — and especially for government — security still remain in effect if your workplace is cloudy or not.
Government personnel at all levels, not just the feds, are one of the most reluctant groups to embrace cloud technology, with good reason. Not only are government organizations some of the most attacked in the world, but many are under specific regulations for protecting information, with harsh penalties for violations.
Not everyone is completely wary, however. Just this week, Los Angeles County decided to connect 100,000 of its employees to the cloud through the Microsoft Office 365 for Government program.
Given the emphasis on cloud and Microsoft’s big win in the Golden State, I thought it would be interesting to question how Microsoft was able to overcome the natural government reluctance to move forward with cloud programs. Susie Adams, chief technology officer for Microsoft Federal was more than happy to answer them.
First I asked Adams if government agencies should have concerns about putting their data in the cloud?
“Not if they choose the right cloud vendor,” Adams said. “Government agencies have many stringent and complex compliance requirements that they must address, including security and privacy regulations and standards like the Criminal Justice Information Services standard and the Health Insurance Portability and Accountability Act. When evaluating a cloud solution, it is critical that government organizations choose a cloud vendor who has demonstrated a long-standing track record serving as a trusted steward.”
According to Adams, this includes ensuring that the cloud vendor prioritizes and meets the compliance needs of government agencies in order to help protect and keep sensitive data secure and private. If the agency has chosen a vendor that has a proven track record and is transparent about its practices around cloud security and data privacy, they can move forward with confidence.
“At Microsoft, we are committed to offering trusted cloud solutions that provide the level of security and built-in compliance requirements so government agencies can focus on mission-critical work and worry less about how their data is being stored,” she added.
But wait. Does that mean that cloud storage is more or less secure than having government information saved on an in-house server or NAS the way it has traditionally been done?
“There are advantages and disadvantages to both,” Adams said. “For starters, when you host your own data, there is a bigger responsibility that your technology team keeps its hosting infrastructure and applications up-to-date and secure. When you work with a cloud vendor, you let them focus on that, so you can focus on what your core service is.”
That is all well and good, but some agencies won’t feel comfortable putting their data into the cloud despite the advantages. What can be done about that?
“Some agencies do need to keep very sensitive data in-house and don’t want it outside their firewall,” she said. “By offering a choice of a hybrid, public or private cloud service, Microsoft allows government agencies to have the flexibility to choose how and where their data is stored in the cloud, all without compromising the need to address compliance requirements and ensure data privacy and security. This means that government agencies can create a private cloud to host its most sensitive data on-premises and also use public or government community cloud services for less critical information.”
I thought that was a pretty clever way to let government agencies have their cake and eat it too. I’m sure out in Los Angeles, there is some law enforcement data that needs to be kept locked down. But keeping that much smaller data set in-house in a private cloud while putting the rest of it in a more public format like a government community cloud should allay those concerns.
I also realize that state governments and federal agencies are different in many ways. But if a cloud solution can work for 100,000 government employees in one of the world’s largest cities, at the very least it can probably serve as a model or template for a successful large-scale federal deployment.