A new Market Connections study on the status of cloud migrations in the federal government, commissioned by General Dynamics Information Technology (GDIT), shows that government IT decision-makers are conflicted on the issue of security in the cloud. While about two-thirds of respondents (64%) cited secure infrastructure as one of the benefits of cloud services, roughly the same amount (65%) cited security defects in the technology as a primary risk.
Just last week, Market Connections and the Professional Services Council (PSC) released an in-depth study of government and industry knowledge and use of As-a-Service (XaaS) models, including cloud-oriented offerings such as Software as a Service (SaaS) and Infrastructure as a Service (IaaS), to name a few. Despite positive steps toward adoption of XaaS models in some parts of government, like the CIA’s cloud computing deal with Amazon Web Services, the security risks associated with XaaS models were the top barrier for 60% of government respondents.
The GDIT study revealed that when moving to the cloud, agencies are primarily concerned with unauthorized access to, or leaks of, proprietary data (69%) and security defects in the technology itself (65%). Just over one-quarter of respondents (27%) cited lack of data segregation among the cloud-hosting vendor’s clients as a concern—a potential issue for those using public, community or hybrid cloud environments, which make up about a third of government cloud users (65% are using private cloud environments, according to the GDIT study).
Yet GDIT challenges in their white paper, “The Keys to Successful Cloud Migrations,” that security and cost savings are masking the bigger potential issues of performance in the cloud.
“We believe that a good user experience is ultimately what any cloud migration strategy is about, and that performance is the key metric,” said Damian Whitham, GDIT’s senior director of cloud computing solutions.
While security is a consideration as federal agencies transition away from legacy systems, there are also myriad performance issues, such as migrating applications to the cloud, speed and reliability of delivery and application readiness—all of which potentially impact end users and the organization’s ability to deliver on their mission.
Given the apparent disconnect between government’s concerns about security and lack of concern about performance-based issues, there appears to be a need for more education about security risks and opportunities with cloud-based and as-a-service delivery models.
In the Market Connections-PSC study on Convergence, both government and contractors agreed on the most important characteristics of contractors delivering converged solutions, and those were not limited to security: subject matter expertise, secure solutions, cost competitive and understanding the customer mission.
Likewise, in the GDIT study, government respondents pointed to more than just security for important characteristics of cloud providers: offering a highly security platform, providing access to customer support, experience with federal government, providing customized solutions and offering a cohesive, forward-thinking cloud strategy topped the list.
Whether you’re a contractor selling to government or a government IT decision-maker trying to sell your organization on cloud-based solutions, invest time in educating your audience and users on the security and performance-oriented benefits of the services. Closing the security disconnect will ultimately help government organizations realize the cost, security and performance benefits of cloud-based technologies and as-a-service models.