Identity, data management crucial to cloud success

 

Connecting state and local government leaders

Identity and key management need to be addressed if cloud computing is going to achieve the cost savings and information technology operation efficiencies promised by proponents of the computing model, according to speakers from industry and government at a recent cloud conference.

Identity and key management need to be addressed if cloud computing is going to achieve the cost savings and information technology operation efficiencies promised by proponents of the computing model, according to industry and government repreentatives speaking at a recent cloud conference.

Another issue revolves around data and how organizations can get it into the cloud and ported across different cloud computing environments, speakers told attendees at the National Institute of Standards and Technology’s Cloud Computing Summit held on May 20 at the Commerce Department in Washington, D.C.

The summit served as a call to action for industry and the government to work collaboratively on standards for cloud computing interoperability, portability and security. The government defines cloud computing as an on-demand model for network access, allowing users to tap into a shared pool of configurable computing resources.


Related stories:

NIST portal could get cloud standards to fly

Don't look down: The path to cloud computing is still missing a few steps


“There are some technical issues related to security that are often underestimated,” said Tim Mather, founding member of the Cloud Security Alliance, during a morning panel with experts from industry.

“We have problems scaling certain technologies related to security” – identity management and key management come to mind, he said. “The cloud will exacerbate those problems."

Identity management deals with identifying individuals authorized to access an information system and controlling the access to the resources in that system by placing restrictions on the established identities. Key management focuses on the generation, exchange, storage, safeguarding, use, vetting and replacement of cryptographic keys, which are used to change plain text into encrypted data for higher levels of security.

“Identity is so broken," Mather said, adding that, given NIST’s expertise in computer security and encryption, the agency could play a role in guiding standards efforts for these areas.

Those issues “are technical and down in the weeds,” he said. "But if the cloud is really going to scale and if we are going to get to inter-clouds, interoperability and portability, those two problems have to be solved,” he said.

John Shea, director of Enterprise Services and Integration for the Defense Department's Office of the Chief Information Officer, acknowledged the scalability problem when dealing with a large number of identities.

DOD’s biggest challenge is the unknown, he said. “We found scaling is a huge question mark because it is not just about the cloud, but communities of interest and backbone clouds and how they play together,” he said during an afternoon session.

The question is: “Can we really deal with identity management on a large scale?” he asked. DOD has to deal with 47 million identities made up of employees, contractors, dependents and retirees – and that’s a huge number, he said.

On the cloud computing front, the CIO’s office is working on a proof -of-concept for moving desktop systems for 3 million users to the cloud. Sustaining desktops for such a large number of users cost roughly $8,000 to $10,000 a seat per year, he said. Three million users times $8,000 adds up to a lot of money that can be repurposed for other uses, he said.

Seventy-five percent of the user’s data is associated with Microsoft Office applications and Adobe Portable Data Format files, so that is the focus area, Shea said. However, to move those applications to the cloud, DOD needs a strategy. “And we don’t have a strategy yet,” he said.

But Shea’s team isn’t sitting idly by. “We are always looking for applications that we can demonstrate as [candidates for] movement to the cloud.”

Data and the management of that data is another challenge that will have to be addressed, Jim Blakely, director of data center virtualization and cloud computing for Intel, said during the industry panel.

“Data overall is a huge challenge,” Blakely said. “How do I get it in, how long will it take me? If I’m going to use [the cloud] for burst capacity [an increase in traffic], there is a potential for bottlenecks,” he said.

“Once I got the data in, how do I get it out?” he asked.

The Census Bureau dealt with potential bottlenecks for its 2010.census.gov web site by turning to the cloud.

Brian McGrath, Census' chief information officer, said the agency didn’t have the means to evaluate how traffic would impact the site in advance. Plus, the IT staff was concerned about the cost and time it would take to put up a site, he said during an afternoon government implementation panel.

Census was also concerned with downtime, especially that caused by denial-of-service attacks. Additionally, Census didn’t want to have a lot of hardware around for years after the 2010 Census was over.

So, Census contracted to use Akamai’s content delivery network, which is hosting the site in the cloud, he said. The bureau also uses Everbridge for mass notification to alert and send information to the nearly 1 million people temporarily hired to help with the Census.

Census was able to take advantage of the certification and accreditation processes the agency shares with other federal partners to ensure the vendors met Census’ security and compliance requirements, he said.

Census has also constructed a private cloud – based on a virtualized environment -- for the exchange of more sensitive information, McGrath said.

As agencies move to the cloud, McGrath advised that they first stop speaking “geekspeak” to the business managers and focus on the services they plan to deliver. He noted that his organization is a fee-for-service operation, so the IT directorate performed pilots showing cost-savings associated with a virtualized environment.

The decennial census was an opportunity to prove that IT could deliver services quickly, he said.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.