Fluffy security: Cloud-computing tools and services available at apps.gov could mean better security for government agencies, some experts say.
“If a big customer demands certain security controls,” Grossman says, “you become the beneficiary of that work by the service provider and customer.” This means that the centralized approach of apps.gov will help all government agencies get better security from popular providers.
Google hopes its experience will attract government customers. “Our technology is really built to withstand the most sophisticated attacks,” says David Mihalchik, business development manager on Google’s federal team. “We are the honeypot for hackers in many respects. We are constantly being attacked, and we have a team of some of the top security experts in the world that make sure we are fending off those attacks on google.com and on our other properties.”
Google is in the process of getting its public cloud certified according to federal government standards for information security. It hopes to be approved to handle information deemed moderately sensitive. Once that rating has been attained, Google plans to build a dedicated government cloud that exceeds that standard to address individual government agency needs.
“These companies have huge incentives to provide good security,” says Ted Schadler, an analyst at Forrester Research specializing in cloud-based collaboration. He compares security problems in cloud computing to plane crashes – they’re high-profile events that generate a lot of attention and embarrassment for the companies involved.
But INPUT’s Peterson says that there’s still room for concern. “Security is a two-part thing – technology and people,” she says. In order for cloud-computing services to work effectively and securely, the agencies using them need to understand how to handle the technology responsibly.
Peterson still sees apps.gov as a careful step into cloud computing. The first go-round, she says, is focused on applications that won’t have access to large amounts of government data. If this initial phase goes well, she expects to see cloud-computing services penetrating more deeply into government agencies, handling more mission-critical tasks, and taking on heavier roles as essential infrastructure.
Forrester’s Schadler says that apps.gov fits into the Obama administration’s agenda of pushing the government forward in its IT sophistication. The visibility of apps.gov could encourage more businesses to set aside their hesitations and try cloud computing, he says. Schadler expects that constituents may pressure government agencies to adopt the new technologies when they see the cost savings.