SlideShare una empresa de Scribd logo

Cloud Computing White Paper

Chris O'Neal
Chris O'Neal

o read about government security concerns in the cloud, see the results of the Lockheed Martin Cyber Security Alliance Cloud/Cyber survey

1 de 7
Descargar para leer sin conexión
Awareness, Trust and Security to Shape Government Cloud Adoption Awareness Trust Security A white paper by: April 2010
1 Executive Summary The awareness, trust and security issues that have limited federal Knowledge is not necessarily widespread among agencies involved government adoption of cloud computing appear to be more perceptual in cloud computing. Approximately a fifth (21 percent) of respondents than prohibitive, according to the Lockheed Martin Cyber Security who are involved in cyber security at their agencies are not familiar Alliance survey on cloud computing and cyber security conducted by with cloud computing, while nearly half (47 percent) of respondents who Market Connections, Inc. Professionals who are most aware of and are familiar with cloud computing are not involved in cyber security. involved with cloud computing and cyber security generally trust the These findings illustrate awareness gaps among professionals who will cloud model, and do not consider it a leading security vulnerability1. The be investigating, implementing, using, securing and managing cloud findings suggest cloud utilization is poised for rapid gains as awareness computing. Conversely, this data may also suggest that implementing of cloud computing and the related cyber security implications grow. and managing cloud computing platforms within federal agencies will require cross-functional discussion among both IT policy and IT imple- Overall, a full 34 percent of federal government, defense/military and mentation professionals. intelligence agency respondents are unfamiliar with cloud computing, and only 14 percent said their agencies had adopted it. Three out of five Yet, adoption of cloud-based solutions is growing. Increased aware- respondents do not expressly trust cloud computing. Twenty-three per- ness and understanding of cloud computing can pave the way for more cent of respondents do not know what their organizations are doing with adoption, as respondents who are familiar with cloud computing tend cloud computing, and there is no consensus on how cloud governance to pursue its inherent benefits. The adoption rate among respondents should be handled. familiar with cloud computing (44 percent) is more than triple the over- all adoption rate (14 percent). Eighty-five percent of respondents who adopted cloud computing use it for multiple applications, and agencies are increasingly putting mission-critical data management systems into Figure A: Government State of Cloud Engagement the cloud, which indicates that utilization and trust increase significantly once the cloud-based solutions are adopted. Respondents who are Not using/Not discussing involved with cyber security ranked cloud computing last on their list of Unsure whether agency Fig a 14% security challenges. Fig b (new) uses cloud 23% The full paper documents and explores these findings, and: ◗ Presents a snapshot view of cloud computing adoption in U.S. federal Discussing using government, defense/military and intelligence agencies; cloud application 12% ◗ Documents trust levels related to cloud computing, outsourcing and different delivery models; ◗ Identifies specific cloud computing and cyber security concerns; ◗ Highlights governance issues; ◗ Presents recommendations to help government agencies prepare to adopt, secure and manage cloud computing. Not familiar with cloud 34% Currently using multiple cloud applications 12% Currently using a single cloud application 2% Currently designing/implementing cloud use 3% 1. Throughout this report, the narrative makes reference to trust and involvement. Participants were asked to rate their involvement, awareness or trust levels about specific aspects of cloud computing and cyber security on a five-point scale, with one representing the lowest level of involvement, awareness or trust and five representing the highest. A response of three is considered neutral. If respondents are said to be “involved” (e.g., Respondents who are involved in cyber security at their organization are more likely to be aware of cloud computing.), the reference is to respondents who rated their involvement as either four or five on the five-point scale, which therefore excludes neutral responses. In discussions of trust, respondents who indicated a trust level of one or two are said to distrust and those who responded four or five are said to trust. f
2 About the Survey Participants were presented the following definition The Lockheed Martin Cyber Security Alliance commissioned Market of cloud computing to use as a guide when answering Connections, Inc. to conduct an online survey of U.S. federal government, questions: defense, military and intelligence agency IT decision makers in February and March 2010. The Alliance consists of the following technology com- Cloud ComputinG is a model for enabling convenient, on- panies: APC by Schneider Electric, CA, Cisco, Dell, EMC Corporation and demand network access to a shared pool of configurable its RSA Security Division, HP, Intel, Juniper Networks, McAfee, Microsoft, computing resources (e.g. networks, servers, storage, ap- NetApp, Symantec and VMware. The survey measured awareness and plications, and services) that can be rapidly provisioned and attitudes about cloud computing and cyber security topics. The survey released with minimal management effort or service provider produced 198 responses, including respondents from all branches of the interaction. Cloud computing can take the form of: military, and representing a wide variety of government agencies. Infor- mation technology, operations and management professionals at multiple ◗ SoFtwARE AS A SERviCE (SaaS) in which the applications levels were all represented as shown in Figure B below. are accessible from various client devices through a thin client interface such as a web browser; Fig b (new) Figure B: Respondents by Role Fig c ◗ plAtFoRm AS A SERviCE (paaS) in which end users devel- op or deploy applications on top of cloud infrastructure; or IT/MIS/IRM, Program/Project management 36% ◗ inFRAStRuCtuRE AS A SERviCE (iaaS) in which the pro- 70 vider manages the hardware, but allows the end user to manage the operating systems, storage, and/or application 60 deployment. Other 26% 50 The terminology presented was extracted from National Institute of Standards and Technology (NIST) definitions. 40 30 with it, the potential for awareness, and therefore adoption, to grow is very high. Only 5 percent of respondents who are aware of cloud com- 20 puting do not think it is applicable for their agencies. 10 Third, the expected growth is consistent with other cloud comput- Executive ing projections. Cloud computing is currently one of the fastest growing 0 management/ Administration, Operations, trends in all of IT, in both the public and private sectors, and federal CIO Command 13% Purchasing, Contracting 25% Vivek Kundra has been a visible public advocate for cloud computing. The government market for cloud computing will more than triple between 2009 and 2014, but the strong growth rate will actually lag behind the State of Cloud Computing Adoption private sector according to 2009 research from INPUT2.� Cloud computing has a foothold in the government market, and the Despite these adoption findings and projections, resistance to cloud adop- survey data suggest adoption is likely to increase. Today just 14 percent tion will remain. There are 14 percent of respondents who are aware of cloud 50 of respondents surveyed said their agencies have at least one cloud computing, but are not using or discussing it at their agencies. Another 23 computing application, and 85 percent of these are using multiple ap- percent are unaware of what their agency is doing with cloud computing. plications in the cloud. Current adoption is virtually the same at federal 40 civilian (13 percent) and defense/military (14 percent) agencies. Figure A (page 1) details the overall level of government cloud adoption. Adoption by Application 30 Insight from early adopters shows government users are willing to use cloud Several factors suggest the adoption base could grow rapidly. First, computing for core functions of their IT infrastructure, which also suggests a the percentage of respondents who are currently discussing migrating to strong ongoing role for utility computing. Nearly a quarter of respondents use Fig D 20 cloud computing or are actively involved in doing so (16 percent) exceeds cloud computing for mission-critical data management, and an even higher the percentage who have already adopted. As noted, agencies that adopt percentage are considering doing so, as shown in Figure C (page 3). ERP is the cloud computing tend to utilize it for multiple applications, so greater application 10 agencies are least likely to access from the cloud, but 40 per- that penetration within the current user base could be expected. cent of respondents are using or considering the cloud for ERP. CRM is a widely used cloud application outside of government, but ranks second-to-last among Second, the adoption rate among those who are familiar with cloud applications 0 government respondents are using or considering. that computing is more than triple the overall adoption rate. Increased aware- ness of cloud computing is thus expected to result in increased adoption. Since 34 percent of respondents are not familiar with cloud computing, 2. Emerging Technology Markets in the U.S. Federal Government, 2009-2014. INPUT report released December 7, 2009. and an additional 23 percent do not know what their agencies are doing
3 Fig c Figure C: what Applications is Cloud Computing Respondents who would consider outsourcing want control over their cloud. Private cloud is clearly the favored delivery mode and there is Being used or Considered For strong resistance to the public cloud model, as shown in Figure E below. 70 Private cloud was the top choice of delivery mode for 10 of the 11 appli- cations surveyed; respondents were most likely to consider a community 60% 59% 60 57% Fig c cloud for CRM outsourcing. The levels of support for community and hybrid clouds were similar to each other, especially for applications that 52% 51% do not involve essential enterprise or employee information. Support for 50 47% 46% 45% the public cloud model is consistently low. No more than 12 percent of 43% respondents would consider using a public cloud for any application. 41% 40% Mission-critical data management 70 40 Human resources management Virtualized server environments Communications applications Document creation & editing Figure E: Cloud modes Considered for Document management 60 30 Financial management Database applications Application outsourcing 50 20 Procurement 40 10 Financial management systems CRM ERP 5% 12% 65% 9% 9% 30 0 Human resources management systems 20 6% 15% 57% 17% 5% 10 Respondents may be willing to put essential systems in the cloud, Database applications but these are among the applications they are least likely to outsource. 2% 14% 50% 20% 14% Figure D shows the likelihood respondents will outsource different cloud 0 applications. They are most likely to outsource CRM, human resources Mission-critical data management management, procurement, communications, database and virtualized 2% 18% 50% 18% 12% servers. Mission-critical data management applications are least likely to be outsourced, followed by ERP, financial management and database Communications applications (email, VOIP, Web) 50 applications. Note that database applications also ranked highly as an application most likely to be outsourced. 9% 21% 45% 20% 5% Document management 40 Figure d: likelihood to outsource Cloud Applications 4% 17% 44% 27% 8% 50 49% 48% Virtualized server environments 30 44% 44% 44% 44% 6% 21% 43% 18% 12% 40 41% 40% 40% Fig D Document creation & editing 20 36% 5% 27% 37% 20% 11% Communications applications (Email VOIP, Web) 32% Enterprise Resource Planning (ERP) 30 7% 27% 33% 20% 13% 10 Fig D Mission-critical data management Human resources management Virtualized server environments Procurement Document creation & editing 20 11% 21% 32% 23% 13% Document management 0 Financial management Database applications Customer relationship management (CRM) 10 12% 36% 19% 26% 7% Procurement 0 20 40 60 80 100 CRM ERP Public Community Private Hybrid Do not 0 Cloud Cloud Cloud Cloud know
4 Fig a Cloud Awareness Levels indicate there is implementation and policy crossover within agencies when it comes to cloud computing, which underscores the importance of For all the attention and growth cloud computing has achieved, keeping multiple stakeholders aware and involved with cloud computing there is still widespread lack of awareness and misunderstanding. The initiatives. These policy considerations may already be surfacing, as 21 percentage of respondents who are not familiar with cloud computing percent of respondents said they are concerned about cloud governance (34 percent) is two-and-a-half times as high as the percentage whose within their agency, a figure that rises to 30 percent among respondents agencies are using it (14 percent). Respondents at civilian agencies are who are most involved in cyber security. more aware of cloud computing than their defense/military counterparts (37 percent to 30 percent), but neither population has a high level of The challenge in developing a cloud computing strategy is com- awareness. Surprisingly, a fifth (21 percent) of professionals involved in pounded by the lack of clarity around who should ultimately govern cloud cyber security at their agencies are unaware of cloud computing. computing, as illustrated in Figure F below. In aggregate, 39 percent of respondents feel cloud computing should be governed at the federal level Among respondents who are aware of cloud computing, 23 percent (either by a cyber security czar or through congressional legislation), 30 are unsure of what their agency is doing with it. That means more than percent say it should be governed at the agency level, and 29 percent half (57 percent) of respondents are either unaware of cloud computing favor some form of coalition. See figure G next page. in general or their own agency’s specific cloud activity. The low level of understanding makes the 14 percent adoption rate more telling, as cloud computing continues to experience the uncertainty associated with Figure F: who Should Govern Cloud Computing? emerging technologies. The survey found that there are significant trust and governance Joint Public/Private coalition questions regarding cloud computing, and the low level of awareness is Congress through legisla- 21% certainly a contributing factor. Low awareness appears to extend beyond tion such as FISMA 21% cloud computing itself, and also to how it should be governed and se- cured. As noted, nearly a quarter of respondents who are aware of cloud computing do not know what their agencies are doing with it, and 21 percent of respondents who are involved in cyber security are unaware of cloud computing. There were also respondents who are aware of cloud Fig f Individual Cyber Security computing who are not involved with cyber security. These differences agency/ Czar 18% organization heads 30% Survey participants were given the following definitions for specific cloud models: Public coalition 5% Private coalition 3% ◗ pRivAtE Cloud the cloud infrastructure is operated solely for an organization. It may be managed by the organization Other 2% or a third party and may exist on premise or off premise. ◗ Community Cloud the cloud infrastructure is shared by trust levels and Considerations several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, Trust in cloud computing is an unresolved issue among government IT policy, and compliance considerations). It may be managed decision makers. While more respondents (40 percent) trust than distrust (28 percent) cloud computing, it would be wrong to conclude the model by the organizations or a third party and may exist on prem- has attained a solid level of trust. Nearly a third of respondents are ise or off premise. neutral or undecided regarding their trust of cloud computing. Therefore ◗ puBliC Cloud the cloud infrastructure is made available while 40 percent of respondents say they trust cloud computing, 60 to the general public or a large industry group and is owned percent do not. Six percent responded they “do not trust cloud computing by an organization selling cloud services. at all,” which is twice as many who responded they “trust completely.” ◗ HyBRid Cloud the cloud infrastructure is a composition of two or more clouds (private, community, or public) that re- main unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting). The terminology presented was extracted from National Institute of Standards and Technology (NIST) definitions.
5 Figure G: level of trustFigCloud Computing in g Figure H: Cloud Risk Relative to other Security 60 Concerns 35% 35 50 Fig g 32% 60 Security mandate compliance 53% 52% 30 40 Disaster recovery/COOP 50 Web access and authorization 25 30 Identity management 20% 40 Incident response capability 20 31% Hardware security General threats (SPAM, Spyware) 30 29% 20 15 Insider threats 24% 23% Cloud computing Communications security 20% Data loss prevention 10 8% 20 10 16% Network security 14% Remote access 5% 12% 5 9% Other 10 0 7% 6% 0 1 2 3 4 5 2% Do not trust Neutral Trust 0 at all Completely Some of the distrust in cloud computing invariably comes from re- Respondents who are involved in cyber security have more trust in spondents’ inexperience with it. Distrust may also result from uncertainty cloud computing. Cloud computing is trusted by 53 percent of respon- about how to secure applications and data in the cloud, including how dents who rated their involvement level a four or five on a five-point security considerations change based on the specific cloud model (e.g. scale, compared to 40 percent of overall respondents. Twenty percent of IaaS, PaaS, SaaS; public, private, community or hybrid cloud). Figure I on those involved in cyber security distrust cloud computing, compared to page 6 shows respondents’ leading security concerns for cloud comput- 28 percent of overall respondents. ing. Data security is by far the top concern of note, and is the only one cited by a majority of respondents. The other leading issues are intrusion Cyber security professionals ranked cloud computing last among their detection, securing data flows between data centers, clients, and applica- cyber security challenges of note, as Figure H shows. This may indicate 70 tions, and security mandate compliance. While these are all legitimate an overly narrow view of cyber security, because many of the more issues, they are not unique to the cloud or inherently impossible to secure highly rated challenges also apply to cloud computing. It could also indi- 70 in the cloud. Conversely, multi-tenancy, where different, non-related cate lack of depth of understanding about cloud computing architectures 60 organizations may share infrastructure such as space on a server, is a and under appreciation of what is required to secure cloud computing 60 cloud-specific security consideration, but it ranks near the bottom of systems and their users. 50 respondents’ concerns. The specific security concerns of overall respon- 50 dents are extremely consistent with those of respondents who distrust the cloud, and with those who are involved in cyber security. 40 40 30 30 20 20 10 10 0 0
20 6 10 0 Figure i: Cloud Computing Security Concerns The outlook for cloud computing adoption in government depends on how well cloud computing service providers and potential users raise the levels of awareness and trust in the model. The data reflects barriers to adoption, but adoption rates and user experiences show the barriers can be overcome. Respondents iwho know cloud computing best trust it most. Fig Intrusion detection & prevention For example, those who are familiar with cloud computing tend to imple- ment it, those who implement expand their use by accessing multiple Security mandate compliance 70% applications through the cloud, and professionals who are most involved 70 in cyber security have more trust in cloud computing than IT decision Securing data flows makers at large. Disaster recovery/COOP 60 Against this backdrop, we recommend organizations take the following Network access control actions to assess the suitability of cloud computing for their agencies 50 Cloud governance and to prepare for implementation: Data Security, privacy & integrity 41% 38% ◗ dEFinE wHAt tHE Cloud mEAnS to youR oRGAnizAtion. Unstructured data 40 Application visibility 34% Private? Public? SaaS? IaaS? PaaS? Having a common definition of what Back-up power 28% a cloud means will make it much easier to manage cloud initiatives, 30 Multi tenancy including planning, implementation and security. 23% 21% 20 ◗ CREAtE AwAREnESS oF Cloud initiAtivES tHRouGHout tHE 12% oRGAnizAtion. Besides the 21 percent of respondents who are involved Other 9% 8% 8% in cyber security but not familiar with cloud computing, 47 percent of 10 respondents who are familiar with cloud computing are not involved with 2% cyber security. The data suggest that professionals who will be imple- 0 menting cloud computing are not responsible for managing security, and vice versa. To ensure policies, systems and governance are aligned, stakeholders throughout the organization need to be aware of all cloud computing activity, even if it is only in the discussion stage. Other studies have found that while security is considered the top challenge associated with cloud computing3, federal government profes- ◗ tAkE A BRoAd viEw wHEn ASSESSinG Cloud’S impACt. Cloud sionals think cloud computing itself raises an organization’s risk less than computing can have security implications that security professionals may most other IT megatrends, including mobility, Web 2.0, and virtualization4, not have considered, and overall security policies need to extend to users which have all been widely adopted. who access applications through the cloud and via traditional methods. Systems, staff, training and policies should be assessed and adjusted as Previously presented cloud computing adoption data suggest cloud com- necessary to effectively support cloud computing. puting security and trust issues can be overcome. Recall that respondents who are involved with cyber security ranked cloud computing last on their ◗ EnGAGE pRoFESSionAlS FRom oRGAnizAtionS witH SpECiFiC list of notable security challenges, and that 85 percent of adopters use cloud Cloud SECuRity ExpERtiSE. Considering the low level of awareness computing for multiple applications. These results suggest that as profes- for cloud computing among government IT decision makers, and its lack sionals gain understanding and experience with cloud computing, they gain of adoption and maturity within the public sector, organizations who are confidence in their ability to implement effective, secure systems. considering cloud initiatives should seek guidance from professionals from organizations with specific experience in secure cloud computing. Only 5 percent of respondents involved in cyber security ranked cloud Conclusions and Recommendations computing as one of their top security concerns. The lack of concern Cloud computing has low levels of awareness, trust and adoption may come from respondents’ confidence in their ability to secure the among IT decision makers in the U.S. defense/military and federal organization from cloud computing threats. As with any IT initiative, early government. Despite all the attention cloud computing receives as one of engagement of security professionals will yield a more cost-effective risk the leading IT trends, a third of government IT decision makers surveyed management approach than retroactive ones. Experienced professionals were not familiar with cloud computing, and a similar percentage do can identify security and other implementation issues and recommend not trust it. Awareness and trust are lacking even among professionals appropriate solutions. who are familiar with it and may be responsible for securing enterprise systems and information. While cloud adoption is expected to grow, respondents’ inexperience with cloud computing, security concerns (and in some cases, lack of concern) and uncertainty about governance could make it difficult for organizations to effectively implement cloud comput- ing or realize full value from it. 3. IDC Enterprise Panel. August, 2008 4. Ponemon Institute “Cyber Security Mega Trends: U.S. Federal Government.” November, 2009.

Recomendados

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security studyDome9 Security
 
Vol13 no2
Vol13 no2Vol13 no2
Vol13 no2fphart
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Erik Ginalick
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future InternetFraunhofer Institute for Secure Information Technology
 

Recomendados

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security studyDome9 Security
 
Vol13 no2
Vol13 no2Vol13 no2
Vol13 no2fphart
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Erik Ginalick
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future InternetFraunhofer Institute for Secure Information Technology
 
Social Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network SecuritySocial Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network SecurityOladotun Ojebode
 
Virtualization Survey Results
Virtualization Survey ResultsVirtualization Survey Results
Virtualization Survey Resultsgtsimarketing
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 
2013 global security report
2013 global security report2013 global security report
2013 global security reportYury Chemerkin
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFTor Cannady
 
Why network based security
Why network based securityWhy network based security
Why network based securityAlan Rudd
 
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsFirst Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsPhil Huggins FBCS CITP
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & NetworksPrakash Nagpal
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Atlantic Security Conference
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud DrainEswar Publications
 
Removing the Cloud of Insecurity
Removing the Cloud of InsecurityRemoving the Cloud of Insecurity
Removing the Cloud of InsecurityRackspace
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Security cloud computing
Security cloud computingSecurity cloud computing
Security cloud computingBrett Sinclair
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentVinoth Sivasubramanan
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
76 s201913
76 s20191376 s201913
76 s201913IJRAT
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
The cloud
The cloudThe cloud
The cloudFranck KESZI
 

Más contenido relacionado

La actualidad más candente

Social Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network SecuritySocial Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network SecurityOladotun Ojebode
 
Virtualization Survey Results
Virtualization Survey ResultsVirtualization Survey Results
Virtualization Survey Resultsgtsimarketing
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 
2013 global security report
2013 global security report2013 global security report
2013 global security reportYury Chemerkin
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFTor Cannady
 
Why network based security
Why network based securityWhy network based security
Why network based securityAlan Rudd
 
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsFirst Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsPhil Huggins FBCS CITP
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & NetworksPrakash Nagpal
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Atlantic Security Conference
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud DrainEswar Publications
 
Removing the Cloud of Insecurity
Removing the Cloud of InsecurityRemoving the Cloud of Insecurity
Removing the Cloud of InsecurityRackspace
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Security cloud computing
Security cloud computingSecurity cloud computing
Security cloud computingBrett Sinclair
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentVinoth Sivasubramanan
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
76 s201913
76 s20191376 s201913
76 s201913IJRAT
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 

La actualidad más candente (20)

Social Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network SecuritySocial Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network Security
 
Virtualization Survey Results
Virtualization Survey ResultsVirtualization Survey Results
Virtualization Survey Results
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
 
2013 global security report
2013 global security report2013 global security report
2013 global security report
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
 
Why network based security
Why network based securityWhy network based security
Why network based security
 
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsFirst Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative Solutions
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & Networks
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud Drain
 
Removing the Cloud of Insecurity
Removing the Cloud of InsecurityRemoving the Cloud of Insecurity
Removing the Cloud of Insecurity
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Security cloud computing
Security cloud computingSecurity cloud computing
Security cloud computing
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 Environment
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
76 s201913
76 s20191376 s201913
76 s201913
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
 

Similar a Cloud Computing White Paper

Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Cloud service providers in pune
Cloud service providers in puneCloud service providers in pune
Cloud service providers in puneAnshita Dixit
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryIntel IT Center
 
2019 Enterprise Cloud Index Report
2019 Enterprise Cloud Index Report2019 Enterprise Cloud Index Report
2019 Enterprise Cloud Index ReportAndrew James
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectNetskope
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked inJonathan Spindel
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
IDC Study on Enterprise Hybrid Cloud Strategies
IDC Study on Enterprise Hybrid Cloud StrategiesIDC Study on Enterprise Hybrid Cloud Strategies
IDC Study on Enterprise Hybrid Cloud StrategiesEMC
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summaryКомсс Файквэе
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloudFREVVO
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Please read the below discussion post and provide response in 75 to .docx
Please read the below discussion post and provide response in 75 to .docxPlease read the below discussion post and provide response in 75 to .docx
Please read the below discussion post and provide response in 75 to .docxchristalgrieg
 

Similar a Cloud Computing White Paper (20)

Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
 
The cloud
The cloudThe cloud
The cloud
 
Cloud service providers in pune
Cloud service providers in puneCloud service providers in pune
Cloud service providers in pune
 
Ccsw
CcswCcsw
Ccsw
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
2019 Enterprise Cloud Index Report
2019 Enterprise Cloud Index Report2019 Enterprise Cloud Index Report
2019 Enterprise Cloud Index Report
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked in
 
2014: The Law Cloud Poised for Dramatic Growth
2014: The Law Cloud Poised for Dramatic Growth 2014: The Law Cloud Poised for Dramatic Growth
2014: The Law Cloud Poised for Dramatic Growth
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
IDC Study on Enterprise Hybrid Cloud Strategies
IDC Study on Enterprise Hybrid Cloud StrategiesIDC Study on Enterprise Hybrid Cloud Strategies
IDC Study on Enterprise Hybrid Cloud Strategies
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
Please read the below discussion post and provide response in 75 to .docx
Please read the below discussion post and provide response in 75 to .docxPlease read the below discussion post and provide response in 75 to .docx
Please read the below discussion post and provide response in 75 to .docx
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security Governance
 

Más de Chris O'Neal

Nano hub u-nanoscaletransistors
Nano hub u-nanoscaletransistorsNano hub u-nanoscaletransistors
Nano hub u-nanoscaletransistorsChris O'Neal
 
Intel Xeon Phi Hotchips Architecture Presentation
Intel Xeon Phi Hotchips Architecture PresentationIntel Xeon Phi Hotchips Architecture Presentation
Intel Xeon Phi Hotchips Architecture PresentationChris O'Neal
 
236341 Idc How Nations Are Using Hpc August 2012
236341 Idc How Nations Are Using Hpc August 2012236341 Idc How Nations Are Using Hpc August 2012
236341 Idc How Nations Are Using Hpc August 2012Chris O'Neal
 
Incite Ir Final 7 19 11
Incite Ir Final 7 19 11Incite Ir Final 7 19 11
Incite Ir Final 7 19 11Chris O'Neal
 
Dell Hpc Leadership
Dell Hpc LeadershipDell Hpc Leadership
Dell Hpc LeadershipChris O'Neal
 
Idc Eu Study Slides 10.9.2010
Idc Eu Study Slides 10.9.2010Idc Eu Study Slides 10.9.2010
Idc Eu Study Slides 10.9.2010Chris O'Neal
 
Tolly210137 Force10 Networks E1200i Energy
Tolly210137 Force10 Networks E1200i EnergyTolly210137 Force10 Networks E1200i Energy
Tolly210137 Force10 Networks E1200i EnergyChris O'Neal
 
IDC: EU HPC Strategy
IDC: EU HPC StrategyIDC: EU HPC Strategy
IDC: EU HPC StrategyChris O'Neal
 
Tpc Energy Publications July 2 10 B
Tpc Energy Publications July 2 10 BTpc Energy Publications July 2 10 B
Tpc Energy Publications July 2 10 BChris O'Neal
 
Rogue Wave Corporate Vision(P) 5.19.10
Rogue Wave Corporate Vision(P) 5.19.10Rogue Wave Corporate Vision(P) 5.19.10
Rogue Wave Corporate Vision(P) 5.19.10Chris O'Neal
 
Hpc R2 Beta2 Press Deck 2010 04 07
Hpc R2 Beta2 Press Deck 2010 04 07Hpc R2 Beta2 Press Deck 2010 04 07
Hpc R2 Beta2 Press Deck 2010 04 07Chris O'Neal
 
Q Dell M23 Leap V2x
Q Dell M23 Leap V2xQ Dell M23 Leap V2x
Q Dell M23 Leap V2xChris O'Neal
 
Fca Product Overview Feb222010 As
Fca Product Overview Feb222010 AsFca Product Overview Feb222010 As
Fca Product Overview Feb222010 AsChris O'Neal
 

Más de Chris O'Neal (20)

Nano hub u-nanoscaletransistors
Nano hub u-nanoscaletransistorsNano hub u-nanoscaletransistors
Nano hub u-nanoscaletransistors
 
Intel Xeon Phi Hotchips Architecture Presentation
Intel Xeon Phi Hotchips Architecture PresentationIntel Xeon Phi Hotchips Architecture Presentation
Intel Xeon Phi Hotchips Architecture Presentation
 
236341 Idc How Nations Are Using Hpc August 2012
236341 Idc How Nations Are Using Hpc August 2012236341 Idc How Nations Are Using Hpc August 2012
236341 Idc How Nations Are Using Hpc August 2012
 
My Ocean Breve
My Ocean BreveMy Ocean Breve
My Ocean Breve
 
Incite Ir Final 7 19 11
Incite Ir Final 7 19 11Incite Ir Final 7 19 11
Incite Ir Final 7 19 11
 
Ersa11 Holland
Ersa11 HollandErsa11 Holland
Ersa11 Holland
 
Dell Hpc Leadership
Dell Hpc LeadershipDell Hpc Leadership
Dell Hpc Leadership
 
Idc Eu Study Slides 10.9.2010
Idc Eu Study Slides 10.9.2010Idc Eu Study Slides 10.9.2010
Idc Eu Study Slides 10.9.2010
 
Tolly210137 Force10 Networks E1200i Energy
Tolly210137 Force10 Networks E1200i EnergyTolly210137 Force10 Networks E1200i Energy
Tolly210137 Force10 Networks E1200i Energy
 
IDC: EU HPC Strategy
IDC: EU HPC StrategyIDC: EU HPC Strategy
IDC: EU HPC Strategy
 
Tpc Energy Publications July 2 10 B
Tpc Energy Publications July 2 10 BTpc Energy Publications July 2 10 B
Tpc Energy Publications July 2 10 B
 
Coffee break
Coffee breakCoffee break
Coffee break
 
Tachion
TachionTachion
Tachion
 
Longbiofuel
LongbiofuelLongbiofuel
Longbiofuel
 
Casl Fact Sht
Casl Fact ShtCasl Fact Sht
Casl Fact Sht
 
Fujitsu_ISC10
Fujitsu_ISC10Fujitsu_ISC10
Fujitsu_ISC10
 
Rogue Wave Corporate Vision(P) 5.19.10
Rogue Wave Corporate Vision(P) 5.19.10Rogue Wave Corporate Vision(P) 5.19.10
Rogue Wave Corporate Vision(P) 5.19.10
 
Hpc R2 Beta2 Press Deck 2010 04 07
Hpc R2 Beta2 Press Deck 2010 04 07Hpc R2 Beta2 Press Deck 2010 04 07
Hpc R2 Beta2 Press Deck 2010 04 07
 
Q Dell M23 Leap V2x
Q Dell M23 Leap V2xQ Dell M23 Leap V2x
Q Dell M23 Leap V2x
 
Fca Product Overview Feb222010 As
Fca Product Overview Feb222010 AsFca Product Overview Feb222010 As
Fca Product Overview Feb222010 As
 

Cloud Computing White Paper

  • 1. Awareness, Trust and Security to Shape Government Cloud Adoption Awareness Trust Security A white paper by: April 2010
  • 2. 1 Executive Summary The awareness, trust and security issues that have limited federal Knowledge is not necessarily widespread among agencies involved government adoption of cloud computing appear to be more perceptual in cloud computing. Approximately a fifth (21 percent) of respondents than prohibitive, according to the Lockheed Martin Cyber Security who are involved in cyber security at their agencies are not familiar Alliance survey on cloud computing and cyber security conducted by with cloud computing, while nearly half (47 percent) of respondents who Market Connections, Inc. Professionals who are most aware of and are familiar with cloud computing are not involved in cyber security. involved with cloud computing and cyber security generally trust the These findings illustrate awareness gaps among professionals who will cloud model, and do not consider it a leading security vulnerability1. The be investigating, implementing, using, securing and managing cloud findings suggest cloud utilization is poised for rapid gains as awareness computing. Conversely, this data may also suggest that implementing of cloud computing and the related cyber security implications grow. and managing cloud computing platforms within federal agencies will require cross-functional discussion among both IT policy and IT imple- Overall, a full 34 percent of federal government, defense/military and mentation professionals. intelligence agency respondents are unfamiliar with cloud computing, and only 14 percent said their agencies had adopted it. Three out of five Yet, adoption of cloud-based solutions is growing. Increased aware- respondents do not expressly trust cloud computing. Twenty-three per- ness and understanding of cloud computing can pave the way for more cent of respondents do not know what their organizations are doing with adoption, as respondents who are familiar with cloud computing tend cloud computing, and there is no consensus on how cloud governance to pursue its inherent benefits. The adoption rate among respondents should be handled. familiar with cloud computing (44 percent) is more than triple the over- all adoption rate (14 percent). Eighty-five percent of respondents who adopted cloud computing use it for multiple applications, and agencies are increasingly putting mission-critical data management systems into Figure A: Government State of Cloud Engagement the cloud, which indicates that utilization and trust increase significantly once the cloud-based solutions are adopted. Respondents who are Not using/Not discussing involved with cyber security ranked cloud computing last on their list of Unsure whether agency Fig a 14% security challenges. Fig b (new) uses cloud 23% The full paper documents and explores these findings, and: ◗ Presents a snapshot view of cloud computing adoption in U.S. federal Discussing using government, defense/military and intelligence agencies; cloud application 12% ◗ Documents trust levels related to cloud computing, outsourcing and different delivery models; ◗ Identifies specific cloud computing and cyber security concerns; ◗ Highlights governance issues; ◗ Presents recommendations to help government agencies prepare to adopt, secure and manage cloud computing. Not familiar with cloud 34% Currently using multiple cloud applications 12% Currently using a single cloud application 2% Currently designing/implementing cloud use 3% 1. Throughout this report, the narrative makes reference to trust and involvement. Participants were asked to rate their involvement, awareness or trust levels about specific aspects of cloud computing and cyber security on a five-point scale, with one representing the lowest level of involvement, awareness or trust and five representing the highest. A response of three is considered neutral. If respondents are said to be “involved” (e.g., Respondents who are involved in cyber security at their organization are more likely to be aware of cloud computing.), the reference is to respondents who rated their involvement as either four or five on the five-point scale, which therefore excludes neutral responses. In discussions of trust, respondents who indicated a trust level of one or two are said to distrust and those who responded four or five are said to trust. f
  • 3. 2 About the Survey Participants were presented the following definition The Lockheed Martin Cyber Security Alliance commissioned Market of cloud computing to use as a guide when answering Connections, Inc. to conduct an online survey of U.S. federal government, questions: defense, military and intelligence agency IT decision makers in February and March 2010. The Alliance consists of the following technology com- Cloud ComputinG is a model for enabling convenient, on- panies: APC by Schneider Electric, CA, Cisco, Dell, EMC Corporation and demand network access to a shared pool of configurable its RSA Security Division, HP, Intel, Juniper Networks, McAfee, Microsoft, computing resources (e.g. networks, servers, storage, ap- NetApp, Symantec and VMware. The survey measured awareness and plications, and services) that can be rapidly provisioned and attitudes about cloud computing and cyber security topics. The survey released with minimal management effort or service provider produced 198 responses, including respondents from all branches of the interaction. Cloud computing can take the form of: military, and representing a wide variety of government agencies. Infor- mation technology, operations and management professionals at multiple ◗ SoFtwARE AS A SERviCE (SaaS) in which the applications levels were all represented as shown in Figure B below. are accessible from various client devices through a thin client interface such as a web browser; Fig b (new) Figure B: Respondents by Role Fig c ◗ plAtFoRm AS A SERviCE (paaS) in which end users devel- op or deploy applications on top of cloud infrastructure; or IT/MIS/IRM, Program/Project management 36% ◗ inFRAStRuCtuRE AS A SERviCE (iaaS) in which the pro- 70 vider manages the hardware, but allows the end user to manage the operating systems, storage, and/or application 60 deployment. Other 26% 50 The terminology presented was extracted from National Institute of Standards and Technology (NIST) definitions. 40 30 with it, the potential for awareness, and therefore adoption, to grow is very high. Only 5 percent of respondents who are aware of cloud com- 20 puting do not think it is applicable for their agencies. 10 Third, the expected growth is consistent with other cloud comput- Executive ing projections. Cloud computing is currently one of the fastest growing 0 management/ Administration, Operations, trends in all of IT, in both the public and private sectors, and federal CIO Command 13% Purchasing, Contracting 25% Vivek Kundra has been a visible public advocate for cloud computing. The government market for cloud computing will more than triple between 2009 and 2014, but the strong growth rate will actually lag behind the State of Cloud Computing Adoption private sector according to 2009 research from INPUT2.� Cloud computing has a foothold in the government market, and the Despite these adoption findings and projections, resistance to cloud adop- survey data suggest adoption is likely to increase. Today just 14 percent tion will remain. There are 14 percent of respondents who are aware of cloud 50 of respondents surveyed said their agencies have at least one cloud computing, but are not using or discussing it at their agencies. Another 23 computing application, and 85 percent of these are using multiple ap- percent are unaware of what their agency is doing with cloud computing. plications in the cloud. Current adoption is virtually the same at federal 40 civilian (13 percent) and defense/military (14 percent) agencies. Figure A (page 1) details the overall level of government cloud adoption. Adoption by Application 30 Insight from early adopters shows government users are willing to use cloud Several factors suggest the adoption base could grow rapidly. First, computing for core functions of their IT infrastructure, which also suggests a the percentage of respondents who are currently discussing migrating to strong ongoing role for utility computing. Nearly a quarter of respondents use Fig D 20 cloud computing or are actively involved in doing so (16 percent) exceeds cloud computing for mission-critical data management, and an even higher the percentage who have already adopted. As noted, agencies that adopt percentage are considering doing so, as shown in Figure C (page 3). ERP is the cloud computing tend to utilize it for multiple applications, so greater application 10 agencies are least likely to access from the cloud, but 40 per- that penetration within the current user base could be expected. cent of respondents are using or considering the cloud for ERP. CRM is a widely used cloud application outside of government, but ranks second-to-last among Second, the adoption rate among those who are familiar with cloud applications 0 government respondents are using or considering. that computing is more than triple the overall adoption rate. Increased aware- ness of cloud computing is thus expected to result in increased adoption. Since 34 percent of respondents are not familiar with cloud computing, 2. Emerging Technology Markets in the U.S. Federal Government, 2009-2014. INPUT report released December 7, 2009. and an additional 23 percent do not know what their agencies are doing
  • 4. 3 Fig c Figure C: what Applications is Cloud Computing Respondents who would consider outsourcing want control over their cloud. Private cloud is clearly the favored delivery mode and there is Being used or Considered For strong resistance to the public cloud model, as shown in Figure E below. 70 Private cloud was the top choice of delivery mode for 10 of the 11 appli- cations surveyed; respondents were most likely to consider a community 60% 59% 60 57% Fig c cloud for CRM outsourcing. The levels of support for community and hybrid clouds were similar to each other, especially for applications that 52% 51% do not involve essential enterprise or employee information. Support for 50 47% 46% 45% the public cloud model is consistently low. No more than 12 percent of 43% respondents would consider using a public cloud for any application. 41% 40% Mission-critical data management 70 40 Human resources management Virtualized server environments Communications applications Document creation & editing Figure E: Cloud modes Considered for Document management 60 30 Financial management Database applications Application outsourcing 50 20 Procurement 40 10 Financial management systems CRM ERP 5% 12% 65% 9% 9% 30 0 Human resources management systems 20 6% 15% 57% 17% 5% 10 Respondents may be willing to put essential systems in the cloud, Database applications but these are among the applications they are least likely to outsource. 2% 14% 50% 20% 14% Figure D shows the likelihood respondents will outsource different cloud 0 applications. They are most likely to outsource CRM, human resources Mission-critical data management management, procurement, communications, database and virtualized 2% 18% 50% 18% 12% servers. Mission-critical data management applications are least likely to be outsourced, followed by ERP, financial management and database Communications applications (email, VOIP, Web) 50 applications. Note that database applications also ranked highly as an application most likely to be outsourced. 9% 21% 45% 20% 5% Document management 40 Figure d: likelihood to outsource Cloud Applications 4% 17% 44% 27% 8% 50 49% 48% Virtualized server environments 30 44% 44% 44% 44% 6% 21% 43% 18% 12% 40 41% 40% 40% Fig D Document creation & editing 20 36% 5% 27% 37% 20% 11% Communications applications (Email VOIP, Web) 32% Enterprise Resource Planning (ERP) 30 7% 27% 33% 20% 13% 10 Fig D Mission-critical data management Human resources management Virtualized server environments Procurement Document creation & editing 20 11% 21% 32% 23% 13% Document management 0 Financial management Database applications Customer relationship management (CRM) 10 12% 36% 19% 26% 7% Procurement 0 20 40 60 80 100 CRM ERP Public Community Private Hybrid Do not 0 Cloud Cloud Cloud Cloud know
  • 5. 4 Fig a Cloud Awareness Levels indicate there is implementation and policy crossover within agencies when it comes to cloud computing, which underscores the importance of For all the attention and growth cloud computing has achieved, keeping multiple stakeholders aware and involved with cloud computing there is still widespread lack of awareness and misunderstanding. The initiatives. These policy considerations may already be surfacing, as 21 percentage of respondents who are not familiar with cloud computing percent of respondents said they are concerned about cloud governance (34 percent) is two-and-a-half times as high as the percentage whose within their agency, a figure that rises to 30 percent among respondents agencies are using it (14 percent). Respondents at civilian agencies are who are most involved in cyber security. more aware of cloud computing than their defense/military counterparts (37 percent to 30 percent), but neither population has a high level of The challenge in developing a cloud computing strategy is com- awareness. Surprisingly, a fifth (21 percent) of professionals involved in pounded by the lack of clarity around who should ultimately govern cloud cyber security at their agencies are unaware of cloud computing. computing, as illustrated in Figure F below. In aggregate, 39 percent of respondents feel cloud computing should be governed at the federal level Among respondents who are aware of cloud computing, 23 percent (either by a cyber security czar or through congressional legislation), 30 are unsure of what their agency is doing with it. That means more than percent say it should be governed at the agency level, and 29 percent half (57 percent) of respondents are either unaware of cloud computing favor some form of coalition. See figure G next page. in general or their own agency’s specific cloud activity. The low level of understanding makes the 14 percent adoption rate more telling, as cloud computing continues to experience the uncertainty associated with Figure F: who Should Govern Cloud Computing? emerging technologies. The survey found that there are significant trust and governance Joint Public/Private coalition questions regarding cloud computing, and the low level of awareness is Congress through legisla- 21% certainly a contributing factor. Low awareness appears to extend beyond tion such as FISMA 21% cloud computing itself, and also to how it should be governed and se- cured. As noted, nearly a quarter of respondents who are aware of cloud computing do not know what their agencies are doing with it, and 21 percent of respondents who are involved in cyber security are unaware of cloud computing. There were also respondents who are aware of cloud Fig f Individual Cyber Security computing who are not involved with cyber security. These differences agency/ Czar 18% organization heads 30% Survey participants were given the following definitions for specific cloud models: Public coalition 5% Private coalition 3% ◗ pRivAtE Cloud the cloud infrastructure is operated solely for an organization. It may be managed by the organization Other 2% or a third party and may exist on premise or off premise. ◗ Community Cloud the cloud infrastructure is shared by trust levels and Considerations several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, Trust in cloud computing is an unresolved issue among government IT policy, and compliance considerations). It may be managed decision makers. While more respondents (40 percent) trust than distrust (28 percent) cloud computing, it would be wrong to conclude the model by the organizations or a third party and may exist on prem- has attained a solid level of trust. Nearly a third of respondents are ise or off premise. neutral or undecided regarding their trust of cloud computing. Therefore ◗ puBliC Cloud the cloud infrastructure is made available while 40 percent of respondents say they trust cloud computing, 60 to the general public or a large industry group and is owned percent do not. Six percent responded they “do not trust cloud computing by an organization selling cloud services. at all,” which is twice as many who responded they “trust completely.” ◗ HyBRid Cloud the cloud infrastructure is a composition of two or more clouds (private, community, or public) that re- main unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting). The terminology presented was extracted from National Institute of Standards and Technology (NIST) definitions.
  • 6. 5 Figure G: level of trustFigCloud Computing in g Figure H: Cloud Risk Relative to other Security 60 Concerns 35% 35 50 Fig g 32% 60 Security mandate compliance 53% 52% 30 40 Disaster recovery/COOP 50 Web access and authorization 25 30 Identity management 20% 40 Incident response capability 20 31% Hardware security General threats (SPAM, Spyware) 30 29% 20 15 Insider threats 24% 23% Cloud computing Communications security 20% Data loss prevention 10 8% 20 10 16% Network security 14% Remote access 5% 12% 5 9% Other 10 0 7% 6% 0 1 2 3 4 5 2% Do not trust Neutral Trust 0 at all Completely Some of the distrust in cloud computing invariably comes from re- Respondents who are involved in cyber security have more trust in spondents’ inexperience with it. Distrust may also result from uncertainty cloud computing. Cloud computing is trusted by 53 percent of respon- about how to secure applications and data in the cloud, including how dents who rated their involvement level a four or five on a five-point security considerations change based on the specific cloud model (e.g. scale, compared to 40 percent of overall respondents. Twenty percent of IaaS, PaaS, SaaS; public, private, community or hybrid cloud). Figure I on those involved in cyber security distrust cloud computing, compared to page 6 shows respondents’ leading security concerns for cloud comput- 28 percent of overall respondents. ing. Data security is by far the top concern of note, and is the only one cited by a majority of respondents. The other leading issues are intrusion Cyber security professionals ranked cloud computing last among their detection, securing data flows between data centers, clients, and applica- cyber security challenges of note, as Figure H shows. This may indicate 70 tions, and security mandate compliance. While these are all legitimate an overly narrow view of cyber security, because many of the more issues, they are not unique to the cloud or inherently impossible to secure highly rated challenges also apply to cloud computing. It could also indi- 70 in the cloud. Conversely, multi-tenancy, where different, non-related cate lack of depth of understanding about cloud computing architectures 60 organizations may share infrastructure such as space on a server, is a and under appreciation of what is required to secure cloud computing 60 cloud-specific security consideration, but it ranks near the bottom of systems and their users. 50 respondents’ concerns. The specific security concerns of overall respon- 50 dents are extremely consistent with those of respondents who distrust the cloud, and with those who are involved in cyber security. 40 40 30 30 20 20 10 10 0 0
  • 7. 20 6 10 0 Figure i: Cloud Computing Security Concerns The outlook for cloud computing adoption in government depends on how well cloud computing service providers and potential users raise the levels of awareness and trust in the model. The data reflects barriers to adoption, but adoption rates and user experiences show the barriers can be overcome. Respondents iwho know cloud computing best trust it most. Fig Intrusion detection & prevention For example, those who are familiar with cloud computing tend to imple- ment it, those who implement expand their use by accessing multiple Security mandate compliance 70% applications through the cloud, and professionals who are most involved 70 in cyber security have more trust in cloud computing than IT decision Securing data flows makers at large. Disaster recovery/COOP 60 Against this backdrop, we recommend organizations take the following Network access control actions to assess the suitability of cloud computing for their agencies 50 Cloud governance and to prepare for implementation: Data Security, privacy & integrity 41% 38% ◗ dEFinE wHAt tHE Cloud mEAnS to youR oRGAnizAtion. Unstructured data 40 Application visibility 34% Private? Public? SaaS? IaaS? PaaS? Having a common definition of what Back-up power 28% a cloud means will make it much easier to manage cloud initiatives, 30 Multi tenancy including planning, implementation and security. 23% 21% 20 ◗ CREAtE AwAREnESS oF Cloud initiAtivES tHRouGHout tHE 12% oRGAnizAtion. Besides the 21 percent of respondents who are involved Other 9% 8% 8% in cyber security but not familiar with cloud computing, 47 percent of 10 respondents who are familiar with cloud computing are not involved with 2% cyber security. The data suggest that professionals who will be imple- 0 menting cloud computing are not responsible for managing security, and vice versa. To ensure policies, systems and governance are aligned, stakeholders throughout the organization need to be aware of all cloud computing activity, even if it is only in the discussion stage. Other studies have found that while security is considered the top challenge associated with cloud computing3, federal government profes- ◗ tAkE A BRoAd viEw wHEn ASSESSinG Cloud’S impACt. Cloud sionals think cloud computing itself raises an organization’s risk less than computing can have security implications that security professionals may most other IT megatrends, including mobility, Web 2.0, and virtualization4, not have considered, and overall security policies need to extend to users which have all been widely adopted. who access applications through the cloud and via traditional methods. Systems, staff, training and policies should be assessed and adjusted as Previously presented cloud computing adoption data suggest cloud com- necessary to effectively support cloud computing. puting security and trust issues can be overcome. Recall that respondents who are involved with cyber security ranked cloud computing last on their ◗ EnGAGE pRoFESSionAlS FRom oRGAnizAtionS witH SpECiFiC list of notable security challenges, and that 85 percent of adopters use cloud Cloud SECuRity ExpERtiSE. Considering the low level of awareness computing for multiple applications. These results suggest that as profes- for cloud computing among government IT decision makers, and its lack sionals gain understanding and experience with cloud computing, they gain of adoption and maturity within the public sector, organizations who are confidence in their ability to implement effective, secure systems. considering cloud initiatives should seek guidance from professionals from organizations with specific experience in secure cloud computing. Only 5 percent of respondents involved in cyber security ranked cloud Conclusions and Recommendations computing as one of their top security concerns. The lack of concern Cloud computing has low levels of awareness, trust and adoption may come from respondents’ confidence in their ability to secure the among IT decision makers in the U.S. defense/military and federal organization from cloud computing threats. As with any IT initiative, early government. Despite all the attention cloud computing receives as one of engagement of security professionals will yield a more cost-effective risk the leading IT trends, a third of government IT decision makers surveyed management approach than retroactive ones. Experienced professionals were not familiar with cloud computing, and a similar percentage do can identify security and other implementation issues and recommend not trust it. Awareness and trust are lacking even among professionals appropriate solutions. who are familiar with it and may be responsible for securing enterprise systems and information. While cloud adoption is expected to grow, respondents’ inexperience with cloud computing, security concerns (and in some cases, lack of concern) and uncertainty about governance could make it difficult for organizations to effectively implement cloud comput- ing or realize full value from it. 3. IDC Enterprise Panel. August, 2008 4. Ponemon Institute “Cyber Security Mega Trends: U.S. Federal Government.” November, 2009.