While cloud computing has a foothold in the government market and its popularity continues to rise, a recent survey found officials remain wary of data security, privacy and integrity in the cloud.
The survey, funded by the Lockheed Martin Cyber Security Alliance and commissioned by research firm Market Connections Inc., also found that more than a third of respondents (from the federal government, defense/military and intelligence agencies) aren't familiar with cloud computing. But confidence is growing among those with experience in the cloud.
"Despite all the attention cloud computing receives as one of the leading IT trends, a third of government IT decision-makers surveyed were not familiar with cloud computing and a similar percentage do not trust it," the survey states. "While cloud adoption is expected to grow, respondents' inexperience with cloud computing, security concerns (and in some cases, lack of concern) and uncertainty about governance could make it difficult for organizations to effectively implement cloud computing or realize full value from it."
Highlights from the survey include:
- 70 percent of respondents are most concerned about data security, privacy and integrity in the cloud.
- 34 percent of respondents are not familiar with the cloud.
- 21 percent of professionals involved in cyber-security at their agencies are unaware of cloud computing.
- 14 percent of respondents said their agencies have adopted cloud computing.
- 23 percent of respondents don't know what their organizations are doing with cloud computing.
- 14 percent of respondents said their agencies have at least one cloud computing application and 85 percent of these are using multiple applications in the cloud.
"The awareness, trust and security issues that have limited federal government adoption of cloud computing appear to be more perceptual than prohibitive," the survey states. "Professionals who are most aware of and involved with cloud computing and cyber-security generally trust the cloud model and do not consider it a leading security vulnerability."
While respondents may be willing to put essential systems in the cloud, these are among the applications least likely to be outsourced, according to the survey. Applications most likely to be outsourced include customer relationship management, human resources management, procurement, communications, database and virtualized servers, the survey states. "Mission-critical data management applications are least likely to be outsourced, followed by ERP [enterprise resource planning], financial management and database applications," the survey states.
And not surprisingly, those who would consider outsourcing want control over their cloud and prefer the private cloud model over the public cloud model.
Challenges in developing a cloud computing strategy are compounded by the lack of clarity over who should ultimately govern cloud computing, the survey states. Thirty-nine percent of respondents feel cloud computing should be governed at the federal level (either by a cyber-security czar or through congressional legislation), 30 percent say it should be governed at the agency level and 29 percent favor some form of coalition.
Given this data, the outlook for cloud computing adoption in the federal government depends on how well cloud computing service providers and potential users raise the levels of awareness and trust in the model, the survey states. "The data reflects barriers to adoption, but adoption rates and user experiences show that barriers can be overcome," the survey states.
"Respondents who know cloud computing best trust it most ... those who are familiar with cloud computing tend to implement it, those who implement it expand their use by accessing multiple applications through the cloud, and professionals who are most involved in cyber-security have more trust in cloud computing than IT decision-makers at large."
That said, the Lockheed Martin Cyber Security Alliance recommends organizations take the following steps to assess the suitability of cloud computing for their agencies and to prepare for implementation:
- Define what the cloud means to your organization.
- Create awareness of cloud initiatives throughout the organization.
- Take a broad view when assessing the cloud's impact.
- Engage professionals from organizations with specific cloud security expertise.