Cloud computing received a strong push last week when the U.S. government’s Chief Information Officer Vivek Kundra announced apps.gov, a website that lets government agencies find and buy access to cloud-computing tools and services.
Experts have previously warned that cloud computing can introduce new security, privacy, and reliability risks, but some say that the technologies on offer could actually help improve the government’s information-security record.
Kundra noted in a blog post last week that cloud computing can help “lower the cost of government operations while driving innovation.” The federal government currently spends about $75 billion a year on information technology infrastructure and other resources. However, although many companies have quickly turned to cloud computing to save money, the move has been harder for government agencies to make.
“We will need to address various issues related to security, privacy, information management and procurement to expand our cloud computing services,” Kundra wrote.
On top of the maze of regulations that agencies have to navigate in order to adopt new software, many officials in government agencies are especially worried about security and reliability, says Deniece Peterson, principal analyst for INPUT, a consulting company based in Reston, VA, that specializes in government business. “Apps.gov gives them an easier way to acquire apps and educate themselves about cloud computing,” she says.
In a way, apps.gov is just the most visible part of a trend that has already come to government. Salesforce.com, for example, which dominates the list of applications available on the new site in several categories, already provides cloud-computing services to about half of all cabinet agencies in the federal government, according to Daniel Burton, senior vice president of global public policy for the company.
The key change with apps.gov, Burton says, is that the site streamlines the process of setting up a new cloud service. Instead of each agency having to work out a new agreement with Salesforce.com, the site provides standardized, approved agreements that agencies can adopt, so they can get access to the services more quickly.
Jeremiah Grossman, founder and chief technology officer of White Hat Security, in Santa Clara, CA, says that a security audit should be part of the approval process, and government agencies should pay attention to what types of data are being handled by each cloud service. Grossman notes that it’s a good idea to check any Web application against common attacks used on the Internet, such as cross-site scripting.
With that in mind, Grossman says, “From just general business and competition dynamics, I think cloud computing can advance Web security like nothing else before.” When one customer demands certain security features of a cloud service, those features are automatically delivered to other customers of the same service, he says.