What is the Current Cloud Computing Policy at Your Facility?
The term “cloud computing” is increasingly becoming part of the American vocabulary and the concept is seen as the next big thing in Internet computing. And while cloud computing is still in its relative infancy, it will cause government agencies and other businesses to undergo significant changes.
Cloud computing is altering the way computers are utilized — from computing power and infrastructure to application usage and program access. Business collaboration processes, online classrooms and information sharing services are now accessible online and not necessarily purchased individually and restricted to one computer.
Advantages of cloud computing are realized in financial savings and collaboration capabilities but some organizations remain hesitant to move to cloud computing based on perceived security concerns.
"Security tends to be something that people focus on a lot, and they should," commented Accenture CIO Frank Modruson. "You want your information to be secure. The perception that something under your control is inherently more secure is misguided,” he says.
“Is your money safer in the bank or under your mattress? Cloud vendors, because of their scale, may invest much more in security than a single enterprise ever would,” Modruson says. “The key is to approach cloud security diligently: test, monitor, review.”
FedRAMP Ramps Up Agency Data Migration
Currently, each federal agency must work through varied stages — which can take from six to 18 months — to develop an assessment and authorization on the security of a cloud solution before the migration of data can begin.
However, the federal government this month introduced a memorandum on the Federal Risk and Authorization Management Program (FedRAMP). The goal of FedRAMP is to increase efficiency, safety, security and reliability in the migration of the federal government data into cloud-based solutions. The new FedRAMP system seeks to develop "trusted relationships" between federal agencies and cloud service providers. These relationships will provide other agencies a much quicker path to the cloud because vetting criteria already will be met.
Federal CIO Steven VanRoekel called this approach a "do once, use many" approach. Once FedRAMP is online, all federal agencies will be expected to use it before moving to a cloud-based service. FedRAMP will also set standards that trusted cloud vendors must meet in order to be assessed for the program. Ultimately, this program aims to reduce costs and eliminate redundant cloud assessments.
While these types of policies currently only serve federal agencies, the framework is now in place for state, county and local governments to develop like policies that facilitate the move to the cloud. FedRAMP could also provide an initial list of trusted vendors these entities to start with.
Is Cloud Computing Right for Your Business?
So what exactly is cloud computing?
The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services and interfaces that combine to deliver aspects of computing as a service. Cloud services can include the delivery of software, infrastructure and storage over the Internet. The delivery method can happen independently or as a complete suite of services.
To make this a little easier to understand, think of the cloud in this way. Try imagining the cloud as a one of your everyday utilities that we take for granted, like water. When you turn on the faucet, water flows out. You didn’t make the water yourself. You probably have no idea where the water is really even coming from. The water is just there when you need it to be. All you care about is that when you turn on your faucet, it works. The same goes for your data. You turn on your computer and you have access to your data. This can be done by either saving and accessing your data to and from your own computer, or by accessing data from a remote data-center you have chosen to save it on (i.e. “The Cloud”). The benefit of storing your data in the cloud over storing them on your own hard drive is that you can access all of your applications, files or data — anytime, anywhere, from any device. If you have access to a web browser, you can view all your files.
There is actually a very good chance you have already used some form of cloud computing without even realizing it. If you have a web based e-mail account such as Gmail, Yahoo or Hotmail then you have had exposure to cloud computing. Instead of running a standalone email program on your computer, you log in to your web e-mail account, which is remotely hosted.
The software, emails, attachments and calendars for your account does not exist on your computer —it is in the cloud and you can access it from any device that has a connection to the web. To take it a step further, you may have used these email services for a little more advanced cloud computing. Have you ever emailed yourself a document, spreadsheet or picture as an attachment so you could access it while you are away from your computer? Welcome to the cloud.
For most large organizations, the process of switching to new technological infrastructures usually involves a long and slow implementation process. Not only does this process usually involve a change in the physical structure of the technology, but also in changing mindsets and concepts. And with good reason. No one wants to be the one to have to answer for a technology that adversely affects your facility. But what if a technology could actually reduce the size of your overall infrastructure, make it faster, and be accessed by all of your existing computers?
This is what the promise of the cloud brings.
By switching data to a cloud-based infrastructure, the management of on-site physical data storage is eliminated, requiring less machinery and less upkeep. Operations are not slowed because of continuous downtime for computer maintenance, virus sweeps and software updates because the cloud allows it to happen in real time. With data stored redundantly across multiple data-centers, it is almost always accessible, even as maintenance and updates take place. This results in higher worker productivity from lack of system downtime, increased savings from not having to purchase high-powered hardware, and overall reduction in in-house IT overhead.
Additionally, computer crashes do not result in loss of data, either temporary or permanent. By outsourcing the data storage to remote hosted data-centers, resources can focus on core business functions.
As a correctional facility or organization, this means more money getting back to the officers, training, safety and security.
Organizations currently use a few different types of cloud environments that that corrections could benefit from.
A public cloud is based on the standard cloud-computing model, in which a service provider makes resources — such as applications and storage — available to the general public over the Internet. Public cloud services may be free or offered on a pay-per-usage model.
Private cloud (also called internal cloud or corporate cloud) is a marketing term for a proprietary computing architecture that provides hosted services to a limited number of people behind a firewall. The infrastructure is operated solely for a single organization and managed internally or by a third party. A private cloud is can be hosted internally or externally.
A hybrid cloud is a composition of two or more clouds — private, community, or public — that remain unique entities but are bound together to offer the benefits of multiple deployment models. It can also be defined as multiple cloud systems that are connected in a way that allows programs and data to be easily moved from one deployment system to another. Hybrid clouds are typically offered in one of two ways: a vendor has a private cloud and forms a partnership with a public cloud provider, or a public cloud provider forms a partnership with a vendor that provides private cloud platforms.
A community cloud shares infrastructure between multiple organizations from a specific type of community with common concerns (security, compliance, jurisdiction, etc.). It can be managed internally or by a third-party, and hosted internally or externally. The costs are spread over fewer users than a public cloud but more than a private cloud, so only some of the benefits of cloud computing are realized.
So what is the current Cloud Computing policy at your organization or facility? Maybe it’s time to start asking that question.