Cloud Computing Security Policy
Cloud Computing encompass a platform of ICT services in which sourcing of data follows a delivery model to enhance a shared pool with the configured computer systems. All aspects involving ICT, therefore, sourced, served, stored and scrutinized before release. The majority of the users of the system normally are the governments and the government agencies. State security forms a very crucial role in instilling peace. The US Federal government enhanced this aspect of computer security system. The system applies the theory of Cloud system in which one computer database developed and the rest of the feeder computer systems.
The Federal government in the Department of Information and Technology on 9 December 2010 formulated an important strategy. These aimed at reforming the Information technology management system. Through these, the government expenditure on technology would greatly reduce. In so doing an implementation IT, based plan formulated. In the strategy, Cloud Computing emerged as the best option for the implementation. The security of the strategy must take with utmost care since the transfer of data occasionally can be subject to errors. The option in the adoption of this technology must evaluate the necessary risks associated with the technology. Therefore, considerations must take center-stage on the mode of delivery of the systems.
Understanding Cloud Computing
To access the effectiveness of the technology, reliable infrastructure of service abbreviated, as IaaS ought to consider. The infrastructure will encompass all the materials required to transmit the services. These include the following, the wires, the fiber optic cables and availability of the booster stations. Another aspect of consideration involves the Platform as a Service abbreviated as PaaS. The description of these concepts lies on a platform to relay information. Normally it entails environment for application of the programming interfaces abbreviated as APIs. It provides the basis of the operating systems such as Windows or the Linux systems. Also, Software as a service also forms part of the consideration. The Software abbreviated as SaaS. This project aims to highlight the essential role played by the Cloud Computer Security System in the Federal department. SaaS provides software to customers but in a pre-installed form in a bid to manage software applications and other data management platforms. Moreover, the implementation platform forms the basis for discussion. Consequently, additional concepts shall emphasize on the most effective ways of improving the effectiveness of the systems through innovation.
Cloud computing provides numerous benefits the public and other agencies that adopt them. The benefits include cost effectiveness, higher performance, its elastic, flexibility, and scalability. Since the production process depends on time as a major determinant, the system is also reliable as it is faster and provides avenues for new innovative opportunities. Infrastructure-as-a-service (IaaS) as one of the Cloud System allows users have control over their applications. The system provides customized segmentations of the application software in the cloud system. The customer then becomes in a position to select the perfect service providers such as Terremark, GoGrid or Rackspace.
NIST Guide to Information Technology Security Services
Current Cloud Security Landscape as a common term in the system means the provision of the general outlook of all the aspects of a security system. It delves on an evaluation of the system based on its privacy and the drawbacks of implementing the cloud system. Organizations and government agencies must take the appropriate considerations in the adoption of the system. Prior concerns in embracing the technology would encompass how the information and data would outsourced, the application strategies couple with the general outlook of the cloud computing infrastructural environment.
The determinant of the reliability of any system relies on the monitoring and evaluation. Cloud Security Guidance provides a guide in formulating the monitoring and evaluation tools. Through the evaluation process, some loopholes that may deter the appropriate application and implementation of the system identified. The focus vested on the analysis of the Cloud Security Provider. The evaluation process assesses the threats likely encountered in the adoption of the system. In-depth scrutiny of the process developed and a final report published as per the evaluation. The process also determines the effectiveness of the system by conducting studies on the all the possible technological risks the system is predisposed to. These factors impair the quality of the data obtained and transmitted. The evaluation process also safeguards the entire computing environment and provides a platform on diagnostic measures whenever the system presents defective reports. The majority of organizations require appropriate guidance on the evaluating a system. However, it becomes a mandate of organizations involved with this system to carry out their assessment. The analysis focuses on the needs assessment, selection, engagement and the general overview of the cloud system that best suits the needs assessments.
Managing the components of the cloud system comes with vast challenges. In the full manipulation of the system through the evaluation, process tampers with the confidentiality of the data stored. The effect of this would mean that the major reason for its adoption might not achieve. Therefore managing the security in the IT department for government proves to be difficult. The possibility of retaining confidential information particularly of security concerns, therefore, proves difficult.
Cloud computing presents with some challenges. The stakeholders may lack the technical expertise in regard the various services offered by the system and their structural technology. In appropriate security accreditation with the latest development in the cloud, computing may permit the use of obsolete systems that present with diverse technical problems. Therefore, the adoption of what may seem current would mean that the government would lag behind in the adoption of the latest security standards.
Language may create misunderstanding in the adoption in that conflict may arise depending on the language preference. An appropriate procurement language ought to adopt for clarity in the application of the security strategies. Consequently, the system should comply with the natural laws and the accepted regulation standards.
As a way to address, the cloud computing adoption, the security and the terms of privacy require special concern the federal agencies. The relocation of the server station base also demands appropriate measures as pertain to the security. Documents that provide the steps in managing these security emergencies follow a printed format.
The NIST as one of the Cloud Computing Security Working group bears its existence to help in providing the platform for both the private stakeholders and the government in a bid to review the security situations as addressed senior federal officials. The group formulated various security challenges that impede the growth of Cloud Computing. The group bases its argument on these loopholes and provides an alternative solution to the menace.
The group provided samples of requirement security challenges. Security requirement name in which the brief description of the name may pose a challenge. Description points to be the other aspect as it must bear a little brief analysis. The perfect examples of the defined security must be listed to permit the report writing. Solutions to the problems through mitigation conclude the problem list.
The group advocates for the categorization of the given problem to ensure the provision of the relevant security details. It means that the problem sorted hence this provide a much easier way to manage the impending data problem. Control systems then formulated as per the categories of the security problem. The benefit of this implies that there shall be a range of shared responsibilities among the different players in the Cloud pool. Therefore, the organizations then would delegate responsibilities within their contacts and Service-Level Agreements (SLAs) together other service providers within the cloud.
For the safety of data, the group advocates that organizations should permit people with relevant knowledge to manga their confidential security details. These should be people with highest integrity and independent. The result would mean that a very independent mind would help in tackling the given problem. For the federal agencies, a vetting board would analyze their preferred candidates who would mandate by issuing the security protocols.
25 points on Implementation Plan to Reform Information Technology
The advent of technology readily promoted the development of various both in the private and public sector. The private sector tends to enjoy better technological advance as opposed to the public sector. Over the past decade, the federal government has spent a tune close to 600 Billion US dollars on the Information Technology. However, they still lag behind in the field of IT. Moreover, many public finances are vested on these technologies yet the government services are not as per the expected standards since they criticized of inefficiency. The government projects, in addition, also distributed within a span of short time hindering the effective manageability over the long run. Nevertheless, the government normally depends largely on the numerous and customized propriety system that depend on light technologies.
With all the problems in management systems of the government agencies, a remedy must take. All these aim at providing amicable IT solutions in a bid to enhance efficiency in service delivery. The grouped had engaged the Federal agents, Congress and the Agency CIOs and the Senior Procurement Government Executives. All these have approved a new strategy to enhance IT solutions that are efficiency in operation and delivers more value.
A 25-point action plan tends to be the best IT solutions that the Federal Government adopts. An IT platform relies on an 18-month plan and provides a more realistic way of the tax system in America. In as much as its lack a hundred percent efficiency, it's rather better than the system being that they address a wide range of administration challenges in the Federal system. The system demands active and prior planning to achieve its effectiveness. A grace period of eighteen months stands to be appropriate to enhance its workability. The execution strategies and the personnel in the process must base on an appropriated plan otherwise; the system may fail to administer the intended purpose. All the sectors of the government must involve in the planning and implementation stage for clarity on the system.
In the implementation stage, several aspects of the IT must review. The system aims to terminate or revive one-third of the IT projects within a period of eighteen months. It aims to utilize the potentials of all the existing IT portfolios within the Government agencies. A shift to the Cloud First policy also tends to be another strategy. A time of the shift has been dated to be eighteen months and at this time all the agencies must have shifted. Another way includes a reduction of the units of Federal data and information centers by as low as 800 in the current year of 2015. In a way to limit government expenditure on nonproductive IT projects, the system advocates for funding. It projects that meet the following standards; the program must be a well-established structure of management and adequate staff united as the team, the system to fund ought to utilize an approach with realistic functionality measurable within a period of six months. Finally, the funded projects must intent to utilized specialized IT professionals and tools. These findings will achieve their intended purpose in integrating the IT system solutions. The system also adopts the work in progress policy through the consolidation of IT funding under the Umbrella of Agency CIOs and develop a more realistic and flexible plan that conform to the module development. It ensures sustainability of the proposed IT program. Moreover, the system also works on launching a suitable platform for pre-RFP agency-industry partnership.
The 25-point implementation plan divides into two sections. In the first section Achieving Operational Efficiency and Managing Large-Scale, IT Programs Effectively. This purpose to provide clear steps required in adopting the Cloud Computer Solutions and expounds on the other services incorporated in the system. In the second section, it tends to explore structural areas resulting in the successful application of numerous IT programs in the Federal System.
The implementation plan focuses on the application of Light Technology and Shared Solutions. In essence, these form part of the Cloud Services, and this has the impact of saving costs, permits government agencies to optimize spending as services improves. GSA that penetrated the Cloud Service by diverting their Email services has demonstrated a typical example. The result of this led to a reduction by 50% over a period of five years on the cost of their operations. Consequently, the company saved a total of fifteen million US dollar. It provides a platform for increased service use at the expense of saving costs.
Effective management of large-scale IT-based programs also forms part of the 25-point implementation strategy. The effect of this followed the successful launch of the IT Dashboard and the TechStat Accountability Sessions that aim to review the IT program together with OMB coupled with agency leadership. The intent of this has led to the better performance as through the system; the government is in a position in terminating redundant IT-based programs that only obtain Federal Financing but do not achieve their mandate.
Alignment of the Process of Acquisitions together with Cycles in the Technology also plays a crucial role in the implementation plan. In line with these, the stakeholder highlights the government requirements as about Computer Clouding. The relevant government agencies formulate a plan and a budget for all that is required. Through the procurement process, that entire one requires obtained at a faster rate to make the process a reality.Under this, the system advocates for a working formula in which the Congress involved in the development of the IT budgetary allocations that are in line with the modular activity. Availability of finances will enhance the sustainable development of the Cloud System. Availability of finance aligns the technological funding and hence improves effectiveness. For this to meet the target, then the corporation of OMB and Congress is paramount.
Challenging Security Requirements for the US Government on Cloud Computing Adoption
Despite the benefits of the Cloud Computing system, some factors have limited the Federal government to fully adopting the system. Management system vulnerability has posed one of the serious threats in cloud computing. The public cloud provider allows the users of the internet resources to a wide spectrum. It poses a serious threat to the use of the internet by many people predisposes increased risk on the website as some of the users visit vulnerable sites. These may result in computer viruses that are not friendly to computer files. Therefore, important government documents may damage through the adoption of this system.
The malicious behavior of the technicians inside the cloud system also poses a challenge to the adoption of the system. Those tasked with the mandate of handling the data may develop a negative attitude and begin altering the content of the documents. The confidentiality of the data may also compromise. The privacy of the data loses their patent authenticity.
Network problems also limit the adoption of this system. The problem could arise due power failure or the general lack of internet. On the other hand, it could cause by host factors from the software failures and inappropriate communication channels between the server and the government agencies.
The isolation failure also poses a challenge to the adoption of the system. This affects the resources that normally shared.
The adoption of the Cloud Computer tends to face limited financing. The establishment of a pool of network demands appropriate infrastructure. The result of this would mean that adequate financing form part of a major requirement. Inadequate financing deters several Federal agents from incorporating the system. The sustainability of the program also demands adequate financing.
The delivery of quality services depends on the latest innovative development. Particular in the administrative sector the use of the modern technology greatly spur development because of high efficiency. The discussion in the previous paragraphs readily explores this important development strategy. In the comparison of the private and public sector, the later trail in penetrating the technological market. Some factors attribute to this. Financial capability and expertise in the line of IT limit the technological growth of the Public Sector. Consequently, system security tends to be the hardest hit in this whole ordeal.
As government agencies, crucial documents of privacy concerns ought to remain as a property of the government. However, as already described, various technological loopholes have hampered the confidentiality of the matter. In a bid to embrace the latest technology particularly in the Federal administration, Cloud Computer systems greatly assist the Public institutions with a more efficient platform to embrace the technology.
As a remedy to the challenges of the system security in the Public Sector, 25- action plans formulated by the NIST Cloud Computing program as above detailed help in developing the platform. The system evaluates the aspects of the Cloud Computing and in return provides recommendations on the applicability. The system provides the amicable solution to the government, as their costs tend to be cheap and reliable. Amidst the positivity lie the cons. The system consequently may predispose data to lose. Alternatively, the costs incurred appear slightly higher since a Club infrastructure out to be established.