Security concerns leave agencies wary about using a public cloud
Forget all the buzz about the public cloud — that's yesterday's news.
Public cloud use by government agencies plummeted in 2011 as the source of infrastructure or platform services, according to a January 2012 survey of almost 300 government officials by the 1105 Government Information Group.
Just 10 percent of respondents who have already adopted cloud computing are using a public cloud for infrastructure as a service (IaaS), down from 23 percent last year. Platform as a service (PaaS) declined to 8 percent of respondents from the 17 percent in 2011.
Use of the public cloud for software as a service (SaaS) in 2012 increased slightly, up 2 percent to 25 percent of respondents.
For the vast majority of agency respondents who have dropped public cloud computing as a source of IT resources, the major concern is security. Survey participants rated public clouds as less secure than any other cloud computing model.
Major security breaches by large public cloud users, including an attack on Google’s password system in 2010 and a major security breach involving about 60 million email addresses from marketing service firm Epsilon in 2011, certainly didn’t help perceptions, said Renell Dixon, managing director of PricewaterhouseCoopers' federal practice.
“The negative press about the public cloud may have created a scare, and it’s up to both government and public cloud providers to educate potential users about the security of the public cloud,” she said. “Government is doing a good job, but cloud providers have to do a better job showing how they as an industry are addressing security and how they will self-govern.”
The dip in the use of public clouds is a natural progression of cloud computing in the government, said Deniece Peterson, senior manager of federal industry analysis at Deltek, a Herndon, Va.-based consultancy and market research group.
“There have been a lot of lessons learned over time,” she said. “As agencies gained more experience, got more comfortable and had more information, they became better able to determine the best approach.”
One way to get more comfortable with the public cloud is by dipping a toe in the water, Peterson says. That means potentially adopting some sort of hybrid model, where sensitive information is cordoned off in a private area of the cloud and less sensitive data can take advantage of the cost benefits of the public cloud. The sharp shift to the private cloud among survey respondents indicates some support for this approach — private cloud versions of IaaS, PaaS and SaaS increased dramatically in 2012.
One way of arranging the hybrid approach is by using a public cloud provider but having it host your infrastructure or platform in a closed-off area, according to consultants. For example, if an agency is consolidating 20 data centers to one cloud-based data center, the public cloud provider might host a cloud just for that agency.
Another option is asking a public cloud vendor to build a government cloud just for them. “That way, the vendor takes on the cost of building it, but then they get the benefit of managing it and getting longer-term revenue," Peterson notes. At the same time, the agency will have fewer security concerns.”
While the community and hybrid cloud approaches are declining in favor among survey respondents, consultants say they are worth a second look.