Technology Sectors

Market Sectors

Public or private cloud? -- Balancing security, cost savings and efficiencies for government agencies

Tue, 2011-08-23 06:35 PM
By: Paul French

Paul French

The question of the optimum cloud scenario for use by the U.S. Government -- on-premise, public cloud, private cloud or hybrid architectures -- is becoming increasingly important.

As part of cost saving initiatives, and in accordance with a 25 Point Implementation Plan to Reform Federal Information Technology Management that includes a “Cloud First” policy, all agencies are now mandated to move some applications to the cloud. So, how are government CIOs and IT managers choosing the types of cloud services they will use, and for which pieces of their infrastructure?

Security, of course, is often the central issue in these decisions. It could be that many agencies are playing it safe -- avoiding the cloud at all costs, or building their own cloud so that they can remain in control of their environment and information security. But there are many reasons why this strategy is not the best way forward.

Public or private cloud?

Although the term “private cloud” is relatively new, the concept is not. Organizations have been using private clouds for years, most commonly in the form of computing architectures that provide hosted services. Today, organizations build private clouds in order to utilize the Internet for certain services, without relinquishing control of their infrastructure, data and security.

Public cloud services, on the other hand, are dynamically provisioned on a self-service basis over the Internet using Web services and Web-based applications, with third-party security and storage. Some public cloud services offer multiple levels of control, so that customers can keep a tight rein on their data and who has access to it. In fact, because they service such a wide range of public and private sector organizations, public cloud service providers often have tighter data security and system management capabilities than many enterprises.

Private cloud implementations require expensive in-house infrastructures, management and security measures that the public cloud does not. Agencies that build their own on-premise clouds may be missing out on many benefits of the public cloud, such as cost savings, flexibility and a leaner and more predictable IT profile over time. And in reality, there are massive amounts of data and applications that agencies could safely move to a public cloud in order to leverage these benefits.

Of course, there are also areas of government unsuited to a public cloud environment, such as agencies that create, exchange and/or move data related to:

  • National security, such as the Department of Defense;
  • The private financial information of citizens, such as the Internal Revenue Service (IRS);
  • The personal health information (PHI) of military personnel and Medicare and Medicaid patients. 

The problem is that there is so much data generated and/or handled by government agencies that sifting through it line-by-line and determining  which data is right for the public cloud is well nigh an impossible task at this point in time.

Because there is so much fluctuation in how data is handled within and between agencies, it makes sense in many cases to err on the side of caution. On the other hand, a lot of the information that agencies store and exchange is already public record -- statistics, historical records, legislation, judicial records, property and financial information, environmental reports, etc. -- and need not be locked into private cloud or on-premise environments. These areas are perfectly suited for the public cloud.

Scalability in the cloud

Government is essentially a very large business, and as such it requires major scalability and flexibility just like any other large enterprise. There are constant ebbs and flows in how information is gathered, disseminated and accessed government-wide. Typically, these ebbs and flows have demanded more servers, more software and more man hours to ensure functionality. But this is no longer the case. The scalability of the cloud is ideal for fluctuating and unpredictable environments, and thus offers the potential to relieve government of the burden of all that excess capacity and added expense.

And the public cloud has advantages that go beyond storage and data exchange -- it is also ideal for secondary and backup infrastructures. For example, municipalities collect property tax information twice a year, causing a temporary information processing glut in the system each time. A secondary infrastructure in the cloud could be used during these peak times to handle the load, rather than having to resort to additional on-premise hardware and software, maintenance and staff.

In addition, with the healthcare industry driving toward a paperless, collaborative environment and giving citizens more control of their own health information, it is sensible that this transpires in the cloud, rather than creating a huge on-premise infrastructure.

Value-added services in the cloud

Government agencies should also consider how the cloud can provide value-added services for the data they already manage. For example, dynamic connections that occur between government and citizens -- such as those between taxpayers and the IRS -- require intensive management. Instead of using standard in-house applications and data storage for this purpose, a public or private cloud can deliver low-risk, high-value services such as validation, integration and data quality assurance, removing the burden from workers and potentially enhancing and extending on-premise applications.

Tags:
 
  • Share/Save
  • Email this page
  • Printer-friendly version
 

Recent Webinars

Powerful Cyber Intelligence: Deep Analytics and Big IT Data
Thu, 04/26/2012 - 2:00pm - 3:00pm

Extracting real-time intelligence from Big Data with deep analytics is valuable but dif

Upcoming Events

Event Details Dates of Event
SANS Security West 2012 May 10 - 18
SANS Toronto 2012 May 14 - 19
SANS Secure Indonesia 2012 May 14 - 19
Emergency Management Seminar May 15 - 15
Counter Terror Expo US May 16 - 17
Emergency Management Seminars May 17 - 17
SANS at iTWeb Security Summit 2012 May 17 - 18
New Fire & Emergency Communications Codes Educational Seminar May 18 - 18
Managing Your Physical Security Program: Collaborate and Manage Smarter May 21 - 24
SANS Brisbane 2012 May 21 - 26
CEIC 2012 (Computer and Enterprise Investigations Conference) May 21 - 24
NERC CIP Compliance Training May 24 - 24
NESCO Town Hall: Security Risk Management Practices for Electric Utilities May 30 - 31
Advanced Hands-On CAMEO Training Jun 4 - 6
Security Program Design: A Critical Infrastructure Protection Model Jun 4 - 5
Facility Security Design Jun 4 - 6
SANS Rocky Mountain 2012 Jun 4 - 9
F5 Government Technology Symposium Jun 6 - 6
SEL Modern Solutions Power Systems Conference Jun 6 - 8
Second Annual Citizen Engagement Seminar Jun 12 - 12
ASIS Assets Protection Course: Functional Management (APC III) Jun 18 - 21
SANS Malaysia 2012 Jun 18 - 23
Data Center Brainstorm 2012 Jun 19 - 19
SANS Forensics and Incident Response Summit 2012 Jun 21 - 27
Vanguard Security & Compliance 2012 Jun 25 - 28
SANS Canberra 2012 Jul 2 - 10
SANSFIRE 2012 Jul 7 - 15
Executive Protection Jul 9 - 10
Military Vehicles Exhibition & Conference Jul 10 - 13
NERC CIP Compliance Training Jul 12 - 12
Security Force Management Jul 16 - 17
Physical and Logical Security: Advanced Applications and Economics Jul 16 - 19
Investigative Interviewing Methods Jul 18 - 19
SANS Thailand 2012 Jul 23 - Aug 4
SANS San Francisco 2012 Jul 30 - Aug 6
College & University Police & Investigators Conference Jul 31 - Aug 3

Full 2012 Calendar