Feb 14 2013

Feds Move Security to the Cloud

As they become more mobile, agencies find cost savings and efficiencies through software as a service solutions.

The U.S. General Services Administration led the way in fostering a mobile federal workforce. In 2007, the agency started down the path of migrating away from desktop PCs.

Today, GSA’s 17,000 users primarily perform their work on notebooks, smartphones and tablets. CIO Casey Coleman says with such a distributed workforce, the only way to manage and secure the agency’s staff is via a cloud solution.

GSA uses the MaaS360 mobile-device management service from Fiberlink. “The MDM software lets us manage all our devices in the cloud, and from a security perspective, it provides centrally managed encryption, secure passwords, patch updates and general device management,” Coleman says.


The percentage of organizations surveyed that are at least discussing cloud services

SOURCE: “Avoiding the Hidden Costs of the Cloud: Global Results” (Symantec, 2013)

The agency deployed the Fiberlink solution in 2011 after moving to Google Apps for Government. “The drive to the cloud is a journey,” Coleman says. “We started with email and moved forward from there. We’ll continue to look for ways to add cloud apps to enhance mobility and collaboration to improve our mission.”

Phil Hochmuth, an analyst for IDC, says organizations such as the GSA realize savings from running a cloud security service across hundreds or thousands of machines.

“There’s no physical patching or maintaining, and all the security gets managed centrally,” Hochmuth says. “In many ways, there’s more of an assurance that the staff are actually using the security features. Especially as organizations move to the bring-your-own-device model, these types of cloud-based security products make an unmanageable situation manageable.”

A Defensive Posture

The Defense Information Systems Agency’s Enterprise Services continues to roll out collaborative and information-sharing tools that reduce traditional infrastructure and maintenance costs and free critical budget and resource allocations across the Defense Department for mission-critical tasks.

John Hale, chief of enterprise applications for DISA’s program executive office for enterprise services, says DISA will deploy subsets of the Microsoft Office 365 suite to the DOD clouds on both the Sensitive but Unclassified Internet Protocol Data Service and the Secret Internet Protocol Data Service. Applications include DOD enterprise email, chat and web conferencing services, notes Hale.

However, Mark Orndorff, the agency’s chief information assurance executive, says DISA views cyber defense as part of the larger cyber operational domain and intends to keep cyber defense operations as a government capability.

“We have a plan to tie in information flows from commercial cloud providers as part of DISA’s cloud broker program, but do not at this time intend to pursue ‘security as a service.’”