IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Don't Neglect Identity in Your Government Cloud

 Got any calls lately from vendors who want to share their new cloud computing strategy? I certainly have - and from some unlikely sources. ...

 Got any calls lately from vendors who want to share their new cloud computing strategy? I certainly have - and from some unlikely sources. Whether public, private, government or some other word is out front, the word "cloud" has become our new pixy dust - ready to solve all our technology and budget problems.

 Over the past several months, virtually every technology company in the world has developed a cloud computing strategy. A new cloud headline seems to surface every few days. Here are a few:

  IBM Cloud Computing Helps Chinese City of Dongying Develop into a 'Smarter City'

     "IBM is helping the Dongying government build a cloud that will provide software development and test resources for software startup companies via the web through a self-service user interface."

     Google Plans Private Government Cloud

"As the government moves to adopt cloud computing and considers limited use of free consumer services, Google is trying to address lingering concerns about security and control in the cloud."

    A look at Amazon's Government Cloud Strategy

    "Amazon.com has targeted its cloud computing business at web startups, large companies, and scientists. But the Seattle online retailer has also been eyeing another potential customer for its cloud: government. The company is quietly building an operation in the Washington, D.C. area, and is aiming to become a key technology provider to federal and state governments and the U.S. military."

 Don't get me wrong. I am as excited about cloud computing as everyone else. Michigan is busy developing our own government cloud strategy as well. There are a myriad of benefits, yada, yada, yada.

 But while I am a big cloud believer, I'm starting to get a bit nervous. When everyone gets bullish on some new technology, I start to worry about what we're missing. Nothing can be that good or that easy. (If it was, why have we been so dumb up until now?)

 So where are the gotchas? Everyone talks about security and privacy, and I did an intro piece on some cloud concerns a few months ago. But on my recent trip to South Africa I was confronted with some other aspects of this topic that grabbed my attention.

  As background, I attended two excellent presentations on e-Government from a South Korean and Austrian perspectives. Both of these countries started their e-Government efforts with mandated identity management projects that offered good provisioning and an excellent understanding of who is accessing what. (To see the powerpoints, visit this GovTech 2009 website and download: "Seamless eGovernment - a key to inclusive public services" by Prof. Reinhard Posch, CIO, Austrian Federal Government (Austria) &

"Innovation of Government Services through e-Government - Korean Cases" by
Cheung Moon Cho, Consultant: Korea Government, Department of Communication ).


  So why is this identity issue vitally important for new government clouds? In short, most of us in government have legacy system issues and those age-old problems of access controls, logging, knowing who is accessing what, the provisioning of data, and a host of related authentication controls.  Another challenge will include linking our exisiting directory information with our cloud providers information while insuring "need to know" principles.  The reality is that the same audit problems that plague many government organizations today will not go away in tomorrow's cloud computing architectures. We can't outsource the responsibility. 

 As with other technical advances, there are certainly quick wins and low hanging fruit opportunities with cloud computing that don't involve federated identity management or other access control issues. One excellent example includes low-cost cloud storage for non-sensitive data, which appears to be a no-brainer for most governments.

No doubt, we can (and will) go much deeper into this cloud identity topic in the future. But reinventing state and local governments around cloud computing must address the thorny identity management issues we all face today. Don't neglect a well thought out identity and provisioning strategy for your planned government cloud.   

 What are your thoughts on this topic?       

  

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.