HomeIdeas & Insights Cloud Computing Security: Government Acquisition Considerations for the Cloud Computing Environment
Share
 

Cloud Computing Security: Government Acquisition Considerations for the Cloud Computing Environment

Study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.

By integrating technologies, capabilities, concepts, provisioning, and charge-back approaches, cloud computing can provide value to an organization far beyond what each component could provide by itself. The cloud can also interject abstraction layers between users and systems, reducing the users’ need to operate the mechanisms that access services and resources—and potentially reducing visibility into what happens to data processed or stored in the cloud.

For these reasons and more, federal government organizations that wish to migrate their services to a public cloud computing environment (CCE) must have a clear understanding of cloud technology’s capabilities and limitations. In addition, they must consider emerging and existing government security policies and how to implement and enforce those policies in a public CCE.

The Booz Allen Hamilton study, “Cloud Computing Security: Government Acquisition Considerations for the Cloud Computing Environment” provides insight into information assurance and mission assurance challenges posed by public CCEs, and how accounting for those risks through acquisition security measures affect public CCE options. The study also assesses security and risk management factors that should be considered when government agencies use public cloud services.

As with all information technology acquisitions, there are a number of security risks associated with public cloud service operating models. This study provides some insight into those risks and gives organizations the tools they need to make fully informed acquisition decisions related to cloud services.

In particular, the study recommends that any government organization considering acquisition of public cloud services must consider information and mission assurance issues and not make a decision based solely on costs. “Cloud Computing Security” also recommends using a comprehensive transition methodology, such as Booz Allen’s Cloud Computing transition Framework (C3F), to support a successful migration.

Public CCEs are a potentially viable alternative to the current and increasingly expensive model of government ownership and operation of federal agencies’ IT infrastructure and systems. But before an agency migrates data to a public CCE, it must recognize the security-related issues surrounding such a move; clearly understand cloud technology and government policies; and use a transition methodology.

Associates Karen Goertzel, Holly Lynne Schmidt, Theodore Winograd, and Kristy Mosteller comprise the Booz Allen team who contributed to this study.

study posted December 4, 2009

 
Find us on Facebook. Watch us on YouTube. Visit Our LinkedIn Profile.
  • Copyright Booz Allen Hamilton Inc. All Rights Reserved
  • Legal Notice & Privacy Policy
  • Contact Us
  • Site Map