Can Federal Data Privacy Live On in the Cloud?
White House IT officials have been exuberantly talking about moving government IT to the cloud, and the process is already in motion, but federal privacy officers are speaking up.
WASHINGTON -- It seems clear enough that the appropriate question concerning government IT is no longer if the agencies will move their computing operations to the cloud, but when, and what bumps they will encounter -- or steer around -- on their way there.
For government, as in industry, privacy and data security are paramount.
The transition to the cloud is already well underway in federal IT circles and with it, folks like John Kropf, the deputy chief privacy officer at the Department of Homeland Security, are spending long hours developing policies and safeguards to keep sensitive data secure as the traditional silos of federal IT infrastructure are torn down.
"With government moving to the cloud, what are the privacy implications going to be for that move?" Kropf said Wednesday at a panel discussion at Digital Capital Week, a 10-day series of event focused on technology, policy and innovation. "The government privacy community supports this move to the cloud if you can do it in a privacy-sensitive manner."
Kropf explained that government privacy officials are applying the basic principles embedded in the decades-old Privacy Act to the transition to the cloud.
Those precepts entail firm security standards, as well as policies to keep data collection to the bare minimum, and to ensure that the information that is collected is only used for the intended purpose, preventing what Kropf called "mission creep."
The cloud computing directive comes from the White House. Since his earliest days in a newly created office, Federal CIO Vivek Kundra has been talking about modernizing government IT, from the applications in use to the infrastructure, to bring it more in step with the private sector.
Last September, the administration unveiled a formal cloud computing initiative, complete with an online store, Apps.gov, giving vendors, such as Amazon (NASDAQ: AMZN) and Salesforce.com (NYSE: CRM), a forum to showcase their cloud solutions in front of federal IT buyers.
In subsequent public engagements, Kundra has continued to exhibit the same enthusiasm for replacing inefficient and underused data centers with virtualized, cloud-based systems, though he acknowledges that the migration will be a multi-year process.
The transition is slowed by the unique nature of federal data, and Kundra has said that security concerns, and the attendant privacy issues, are the biggest inhibitor.
Classified national security information, for instance, is not on the table when government officials talk about the cloud. And many agencies have a mixture of sensitive information that may find a home on a secured private cloud, as well as troves of data that can -- and should, according to the White House -- be made publicly available on the Web.
Kropf assured the audience in his talk Wednesday that the government is taking a measured approach to the administration's ambitious cloud agenda while adopting the same best practices enterprises employ when considering any new IT undertaking.
"What's important here is that privacy is not an afterthought to the process," he said. "So far we have been pleased that the privacy officers within the federal government have been brought into the process upfront."
Another issue on the government's radar is the concern of vendor lock-in. That is, when agencies make the decision to adopt a particular firm's cloud solution, they are seeking the assurance that they will have the flexibility to migrate their data and applications to another vendor's cloud in the future.
With a large and growing number of vendors offering competing cloud deployments, there would seem to be no shortage of options. But the larger firms with high-caliber infrastructure clearly have an advantage when courting major clients, both in the enterprise and the government.
Michael Nelson, a visiting professor of Internet studies at Georgetown University, warned against early moves toward consolidation in the cloud market during Wednesday's discussion.
"It would be disaster if only one or two companies came to control the cloud," Nelson said. "We don't want Amazon or Google becoming the equivalent of Microsoft's Windows. We want a diverse and competitive cloud."