The Department of Homeland Security (DHS) has launched a cloudcomputing strategy that could serve as a model for other federal agencies -- especially thosewhose managers are still losing sleep over possible security risks associated with the cloud.
I feel very comfortable that our private cloud services are just as secure as our otherapplications that live within our data centers.
Richard Spires, CIO, Department of Homeland Security
DHS is in the process of establishing private cloud services to manage sensitive data as part ofits effort to consolidate more than 40 data centers into two enterprise data centers at separatelocations. One data center, located at NASAs Stennis Space Center in Mississippi, is managed byComputer Sciences Corp. The other, in Clarksville, Va., is owned and operated by HewlettPackard.
We are hosting our private cloud services out of those two centers, said DHS Chief InformationOfficer Richard Spires. They back up each other so we have redundancy where we need it formission-critical applications. If one were to go down, we could shift mission-critical operationsfrom one to the other.
The DHScloud computing initiative is moving nine different services to its private cloud, includinglegacy email systems, collaboration environments that improve information sharing, andauthentication services across the department.
The departments private cloud model, using two commercially managed data centers -- one ofwhich is located at a government-owned facility -- offers the strong sense of security and controlprovided by a private cloud, but also stands to yield the cost savings expected from a publiccloud.
I feel very comfortable that our private cloud services are just as secure as our otherapplications that live within our data centers and are not part of our private cloud services,Spires said. At the same time, all those services [are] priced as if we went through a publiclybased cloud. So we buy the email on per email box basis, just as if we went to an Amazon orMicrosoft or something on the outside.
In a white paper about cloud computing onthe federal CIO Councils website, Spires said early projections put DHS cost savings at 8% to10% once the transition to private cloud services is complete. Not only does the move to ourprivate cloud model eliminate redundancy and reduce costs, it also bolsters information security,he said.
Spires advised managers at other federal agencies who are migrating applications or services toa private cloud -- or who are considering it -- to work with their chief information securityofficers to integrate security standards into their private cloud services.
What weve done [is to] set up a set of standard controls that have been endorsed by our CISO,Bob West, for our private cloud under Federal Information Security Management Act requirements, hesaid. FISMAclassifies federal systems into low-, medium- and high-risk categories, each levelhaving its own requirements.
A second part of the departments cloud computing strategy involves moving its public-facingwebsites to public clouds over the next few years. Through a General Services Administrationprocurement vehicle, DHS recently awarded its first task order to migrate the departmentsnon-sensitive, public-facing websites to a public cloud provider, Spires said.
We hope to take more advantage of public cloud-based services as we get more comfortable withthe security model and feel comfortable that we can start to migrate some of our sensitive data toa public cloud, he said. Right now, we essentially want to cut our teeth on using our outwardfacing websites since theres no sensitive data on those sites.
0 comments:
Post a Comment