Since 1986 - Covering the Fastest Computers in the World and the People Who Run Them

Language Flags
September 28, 2012

Cloud Providers Want Government Stamp of Approval

Robert Gelber

According to recent surveys conducted among enterprise professionals, security concerns have been a major roadblock in the path to cloud adoption. However, new developments show that users and certain government agencies have started warming to the idea of using cloud services to handle more sensitive data.

Take for example the General Service Administration’s (GSA) FedRAMP program, a collaborative effort aimed at increasing confidence in the security capabilities of cloud service providers. FedRAMP involves members from the National Institutes of Health, Department of Homeland Security, Department of Defense, National Security Agency, Office of Management and Budget along with the Federal CIO Council and private industry professionals.

One of the benefits of the program is the government’s ability to assess and certify the security practices of cloud service providers. This accomplishes a number of tasks.

1) Creates a uniform system for testing cloud service providers.

2) Increases transparency between providers and government agencies.

3) Generates more confidence in cloud providers that achieve certification.

This week Federal Times reported that since the FedRAMP program was launched, more than 50 cloud service providers applied to get their government stamp of approval. Unfortunately less than a handful will have the chance of receiving that recognition. GSA member Dave McClure expected to complete reviews for just three operators by January.

If any of those lucky providers do pass the security test, they will receive a provisional authority to operate (ATO). With an ATO in hand, these companies will be certified for use by the Department of Homeland Security, Department of Defense and General Services Administration. The ATO makes other agencies aware of a provider’s capabilities, which in turn, speeds up the process of adoption.

The system seems both rigorous and hopeful, but the devil is in the details. For example, a number of cloud providers have difficulty with certain federal security requirements. If an operator is to receive FedRAMP certification, they have to show that systems housing government data are accessed with two-factor authentication. Also, employees with access to government data have to undergo extensive background investigations. Seems like a lot of legwork to receive a shiny certification.

While the government works to bring cloud vendors up to speed with security, commercial outfits are coming up with some creative solutions to secure data in a public cloud environment. On Wednesday, the NASDAQ OMX group launched a service called FinQloud, powered by Amazon Web Services and aimed at the needs of financial services sector. The platform is hosted by Amazon and protected by a robust key encryption management system.

SC14 Virtual Booth Tours

AMD SC14 video AMD Virtual Booth Tour @ SC14
Click to Play Video
Cray SC14 video Cray Virtual Booth Tour @ SC14
Click to Play Video
Datasite SC14 video DataSite and RedLine @ SC14
Click to Play Video
HP SC14 video HP Virtual Booth Tour @ SC14
Click to Play Video
IBM DCS3860 and Elastic Storage @ SC14 video IBM DCS3860 and Elastic Storage @ SC14
Click to Play Video
IBM Flash Storage
@ SC14 video IBM Flash Storage @ SC14  
Click to Play Video
IBM Platform @ SC14 video IBM Platform @ SC14
Click to Play Video
IBM Power Big Data SC14 video IBM Power Big Data @ SC14
Click to Play Video
Intel SC14 video Intel Virtual Booth Tour @ SC14
Click to Play Video
Lenovo SC14 video Lenovo Virtual Booth Tour @ SC14
Click to Play Video
Mellanox SC14 video Mellanox Virtual Booth Tour @ SC14
Click to Play Video
Panasas SC14 video Panasas Virtual Booth Tour @ SC14
Click to Play Video
Quanta SC14 video Quanta Virtual Booth Tour @ SC14
Click to Play Video
Seagate SC14 video Seagate Virtual Booth Tour @ SC14
Click to Play Video
Supermicro SC14 video Supermicro Virtual Booth Tour @ SC14
Click to Play Video