Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
The potential of the community cloud
Wednesday - 8/11/2010, 1:53pm EDT
Today we bring you the second part of our three part discussion with Mark White, principal with Deloitte Consulting LLP who works with both the firm’s Federal and Technology practices and CIO of Deloitte Consulting.
We continue our discussion about security in the cloud.
Public v. Private: Not always all that different
“If the conversation is about the use of public cloud, then the issues of security and privacy are potentially different from just internal or on premise IT. The point that we would make is that they are really mostly different in scale, not in kind. That is to say, they’re the same sorts of security issues or privacy issues that I would face with an internal system, I’m just facing them in a slightly different — in fact, potentially profoundly different — scale that is the public cloud. If that’s the case, then the same disciplines and techniques and tools that I’m using to solve those problems in my internal system are the same sorts that I’ll use to solve them in public cloud implementations. We are underway now to prove those at cloud scale.
The claim would be that the difference between public cloud and a private cloud, or just a plain old in-house IT, is one more of scale than of kind with regards to security and privacy. There is one caveat to that that I would raise as a particular exception, which is the cardinality of the connection. By that I mean, how many different people can add information and access information? For those public cloud services . . . that are essentially retail in nature — so I’m reaching out to the constituency . . . [and] have a lot of consumer users — there’s an interesting difference. It is unusual for me to have an internal system with a lot of consumer users that is not already a demilitarized zone or a more secured part of my infrastructure.
So, that is one difference in kind that does require some thinking — what are our clients doing? The first thing is that we’re seeing very cautious adoption of public cloud by the federal user. Obviously, apps.gov is a great start on that. You’ll note that the majority of those [apps] are at the edge of the mission, so they’re a little bit safer because they’re not at the core of a mission, though I would argue that email or messaging technologies might be a little more core than we otherwise might think. . . . The adoption of public cloud by the federal user is relatively cautious and, for the most part, at the edge of the back office, not the core ERP, not the core mission information technology. There are exceptions that can be found in multiple cases but, for the most part, that’s true.
I believe that our federal clients are much more interested in private cloud possibilities. That is to say, to use the disciplines of virtualization, automation, IT services management to drive efficiency and effectiveness in their internal capabilities — so internal cloud, private cloud. That’s actually well and good, because that literally is taking the disciplines and the good stewardship that have been going on [with] data center consolidation, server virtualization, storage optimization, operations automation — that’s just taking that to the next level and presenting it to the mission user as a service catalogue that can be subscribed effectively.
That’s great. It gets you good efficiency. It gets you good effectiveness, because it changes you to an IT services management shop. It avoids the security and privacy risks issues, because it keeps everything inside the trust zone. . . . What it doesn’t get is the economies of scale that public cloud offers. There are very few enterprises in the world that run enough machine images to get to the cost per machine image that an Amazon web service can get to, just as an example. But that may not be the important thing. The efficiency and the effectiveness may be valuable, and, in fact, they are. We’re seeing that close look at private cloud as a way that they are moving forward.
The potential of community clouds
So, now I’m speculating. Now I’ve moved from the realm of things that we can actually point to examples of and [see] momentum around, to things that I believe there is momentum toward. And this is the idea of the community cloud.