Intelligent Infrastructure

Mass data and next-gen workloads Intelligent Infrastructure

DOD showcases a shift in cloud security paradigms

The U.S. Department of Defense has made significant strides toward the cloud, but these efforts have been tempered with caution.

Technology paradigms have had to shift considerably to leverage cloud computing. Applications must now be designed with scalability in mind as IT architectures have become increasingly outsourced. To take advantage of the technology’s cost effectiveness and flexibility, the U.S. Department of Defense recently incorporated cloud storage into its IT optimization strategy.

The department was originally hesitant to turn to the cloud due to security concerns, American Forces Press Services writer Claudette Roulo reported. However, Defense Department CIO Robert Carey, noted that these concerns have been alleviated by a shift in security strategies. Rather than focus on safeguards within the IT infrastructure, the DOD now incorporates solutions such as encryption, focusing on the data itself.

The responsibility of security has shifted to some extent from cloud storage companies to their customers. Although providers can still benefit from providing highly secure technological environments, it is likely that buyers will want to play a greater role in the security of their digital assets.

Clarity in contract

Many concerns can be addressed by fostering transparency in cloud service negotiations. As a Ponemon Institute study sponsored by Dome9 revealed, a number of organizations rate cloud server management as poor. Analysts attributed much of this fear to a lack of detail regarding how customers would be notified of an incident. For example, 42 percent of survey respondents said they would not know if their cloud provider were compromised.

The DOD’s move toward data-centric security shows a willingness of organizations to take control over their digital assets. However, security fears remain that must be addressed on the cloud provider’s end. These concerns can be alleviated by clarifying data protection policies and clearly outlining what safeguards the vendor will provide.