October/November 2015 Digital Edition
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Cloud security trending as preferred approach<br />
for states and other government agencies<br />
By Jayne Freidland Holland<br />
NIC Inc<br />
Cloud computing appears to<br />
be trending as a preferred approach<br />
to enterprise IT, even<br />
for government. State agencies<br />
increasingly are moving to the<br />
cloud – or at least considering it as a<br />
viable option.<br />
It has been reported that some<br />
states, including Kentucky, Ohio,<br />
Utah and Alabama, have embraced<br />
cloud computing as a way to reduce<br />
IT costs and deliver services and applications<br />
to the marketplace more<br />
quickly. Other states, however, remain<br />
skeptical about whether perceived<br />
security risks outweigh the<br />
cost and customer service advantages.<br />
The Cloud’s Benefits and Risks<br />
As cloud computing has gained<br />
credibility, government agencies<br />
have recognized benefits of moving<br />
to the cloud, as well as drawbacks.<br />
Moving data to the cloud can lower<br />
costs because you are paying only for<br />
the capacity and services used. This<br />
reduces the need for onsite personnel<br />
and support and eliminates the<br />
maintenance of hardware,<br />
software and<br />
IT infrastructure associated<br />
with relocating<br />
data. In addition,<br />
cloud resources can be<br />
added relatively inexpensively<br />
in real time,<br />
and data can be shared on demand<br />
anywhere, anytime via the Internet.<br />
On the other hand, the cloud may<br />
offer less control over infrastructure<br />
management and data. It also can<br />
increase the susceptibility to a single<br />
point of failure. And, it can create<br />
risks related to multi-tenancy. For<br />
example, if data is not properly segregated,<br />
an attack on one company’s<br />
data may affect others on the same<br />
server.<br />
When weighing the benefits and<br />
risks of moving to the cloud, one of<br />
the first steps is to carefully analyze<br />
the proposed cloud services agreement.<br />
Service-level agreements vary<br />
widely, differ by provider and often<br />
are non-negotiable. A thorough review<br />
of the agreement will be necessary<br />
to make sure your agency’s<br />
needs and concerns are covered.<br />
Here are some of the key things<br />
to consider when reviewing a cloud<br />
12<br />
services agreement:<br />
• Where will the data reside and<br />
who can access it? It is important<br />
to understand where your data will<br />
be located and who has access to<br />
it. Some providers store data outside<br />
the United States, which, as an<br />
agency, you may be prohibited from<br />
doing by statute. In addition, cloud<br />
providers may allow their subcontractors<br />
to access a customer’s data.<br />
Make sure to ask the prospective<br />
cloud provider who is permitted<br />
to access your data, what kinds of<br />
background checks the service provider<br />
has completed on any personnel<br />
who may access data, and how<br />
access to the data is monitored, as<br />
well as what types of logs are maintained.<br />
• Requisite standards. It is important<br />
to understand whether the<br />
cloud service provider can meet or<br />
satisfy relevant data protection legislation<br />
or industry standards that<br />
may be applicable for your agency,<br />
such as the Payment Card Industry’s<br />
Data Security Standards or the<br />
Health Insurance Portability & Accountability<br />
Act criteria. An agency<br />
should request evidence that the