Analysts and experts examining the field of government technology and innovation identify the emergence of cloud computing to be a major trend in government transformation. However, from the discussions I participated in during FutureGov Forum Singapore 2013, it was clear that the concerns most government departments have about cloud computing have not changed, and remain common across departments and even countries!
Two interactive discussion tables on cloud computing at FutureGov Forum Singapore 2013 gave senior IT decision-makers the chance to share their experiences and concerns, and gain new ideas to respond to the challenges they’re facing in their organisations.
Information security and sovereignty remained by far the most cited concerns, especially given the increasing incidents of cyber ‘hacking’. Organisations dealing with sensitive citizen data, such as ministries of health and government hospitals, added ensuring patient confidentiality to concerns about data security. Concerns about keeping physical data centres within the country, and ensuring the security of data during transmissions were also raised.
Several decision-makers raised questions about the flexibility of cloud contracts. Rapid changes in technology lead to cost fluctuations, but departments that enter into long-term contracts with cloud vendors could become stuck in an expensive deal without the flexibility to pay market prices.
Another point raised was the increased vulnerability of government departments through dependency on vendors’ networks and servers. Even a short downtime of vendor services could have serious consequences for operations.
There are steps that governments can take to encourage and support cloud adoption.
Rosio Alvarez, CIO, Lawrence Berkeley Laboratory, Department of Energy, United States, explained that the United States government set up a list of basic requirements that cloud vendors must meet in terms of security and robustness.
“The federal government ensures that the service provider meets a base-line of requirements”, Alvarez said. “This allows agencies to take advantage of cloud services more readily in lesser time. The provider too doesn’t have go through the evaluation a number of times — they have to do it only once.”
This programme, named the ‘Federal Risk and Authorization Management Program’ (FedRAMP) provides a government-wide, standardised approach to security assessment and authorisation of cloud products and services. FedRAMP aims to accelerate the adoption of secure cloud solutions, and increase the confidence of government departments in these solutions.
Alvarez explained that after rigorous testing and evaluation, the Lawrence Berkeley Laboratory determined that cloud vendors had significant expertise in the area of cybersecurity. “Our cybersecurity experts went through all our questions and issues with Google, such as where the data resides, who has access to it, and extracting data if we were to change providers,” she said.
While her organisation uses cloud services, some extra-sensitive data is kept out of the cloud. For example, the Lawrence Berkeley Laboratory possesses data on the nuclear stockpile of the United States, which is kept behind numerous layers of security on the Lab’s own servers.
In a visit to Ngee Ann Secondary School yesterday (22 July), FutureGov found students deeply ...
The Infocomm Development Authority and Ministry of Education of Singapore have initiated plans to introduce ...
Ngee Ann Secondary School’s students are on a bid to “change the world” with ...