"Simple" and "free" are two adjectives sure to bolster the profile of any potential technology solution being considered for large-scale government enterprises. But a new report from the National Association of State Chief Information Officers (NASCIO) focuses on managing the risks associated with the cloud -- risks more likely to affect enterprise deployments than personal use.
According to the report, Capitals in the Clouds Part V: Managing the Risk of Free Cloud Services, states are focused on setting parameters for cloud usage, including putting appropriate controls in place, satisfying requirements for security, establishing use policies, and pinpointing how cloud use impacts open records requests and other legal obligations.
Pennsylvania Chief Information Security Officer Erik Avakian told NASCIO that he discourages agencies from using free cloud storage services due to inherent data security risks.
"Despite definite strides in improving the security of these types of solutions, providers still face security shortcomings and have historically experienced major breaches," Avakian said, adding that data may reside in servers outside of the United States.
"A user's data sits on servers that are shared by many different customers, and this increases the risk of mismanagement, theft or loss of data over in-house managed storage," Avakian noted. In Pennsylvania, agencies are instead encouraged to pursue enterprise storage solutions.