Feds Are Still Skittish About Cloud Security

A recent CDW survey found that security is the biggest barrier for agencies moving more services to the cloud.

The debates over whether cloud solutions are secure seemed to be subsiding. But they have not been totally put to rest.

Security remains the primary barrier for organizations moving more services to the cloud, according to a new CDW survey of more than 1,200 IT professionals in government, industry, education and healthcare.

Overall, 47 percent of survey respondents cited security as the biggest roadblock to increased cloud adoption, followed by trust in cloud solutions; budget issues; and management support. Federal, state and local governments made up a quarter of the survey’s respondents. Of the federal IT professionals surveyed, 56 percent said that security is the biggest barrier to moving more services to a cloud-based environment.

“Security is always going to be a top concern for IT with any service,” Stephen Braat, vice president of cloud and managed solutions at CDW, said in a statement. “But securing IT assets in the cloud doesn’t have to be a dramatic departure from securing assets locally. At CDW, we understand that security is not a point solution that you buy, implement and forget. It is an ongoing process.”

One explanation for security being a top concern is that many agencies have already moved low-impact systems and public data to the commercial cloud, but there is less of an appetite for moving more sensitive systems to the commercial cloud at this time.

The federal government is still working to inventory all its cloud investments and to ensure that existing solutions comply with governmentwide security standards.

Last month, the Defense Department published a class deviation requiring contracting officers to start enforcing updated security requirements for hosting military data in the cloud, Federal News Radio reported.

"What we found out there was that a lot of the agreements we had in place did not protect either the federal side of the house or the industry partner," DOD’s principal deputy CIO David Devries told Federal News Radio. "So our acquisition folks signed out a temporary stop-gap until we can get new procedures put into the Federal Acquisition Regulation. They realize that this is so critical that we've got to get this thing put out now."

Nearly 37 percent of federal respondents said security is the single largest source of problems for their current cloud services. Security problems were followed by reliability issues, which were cited by about 13 percent of respondents.

But even the most risk averse agencies are embracing the cloud.

The CIA, for example, opted to stand up commercial capabilities in its private cloud. And there is at least some interest from other agencies looking to move high-impact systems to the cloud. Earlier this year, the Federal Risk Authorization Management Program (FedRAMP) released draft standards for securing the federal government’s high-impact systems in the cloud.

Cloud Hype Versus Reality

Sorting out what’s true and what’s false when it comes to the cloud can be challenging. The expectation for major cost savings isn’t a reality for every agency, and implementation and integration have to be thought through before rushing to the cloud.

The good news is that most feds see cost savings as being part of the cloud hype that is most true, according to the CDW survey. When asked about the biggest hype surrounding the cloud, about 23 percent of respondents said security, followed by ease of implementation.

To learn more about how cloud computing solutions can help your organization get ahead, visit cdw.com/cloud.

Dev Masselink/thinkstock
Mar 10 2015