Information security is often cited as the primary barrier to government moving to the cloud. But security can be managed.
“We spent a lot of time ensuring that the state of Nebraska data would be transmitted and stored in a secure manner,” says Jayne L. Scofield, network services manager in the office of the CIO. “Although we are still in the pre-migration phase, a significant amount of time is being spent understanding outage notifications, escalation processes, and even understanding how simple tasks such as recalling e-mail from the cloud will be handled.”
For his part, Tom Trobridge, CIO of the city of Alexandria, Va., puts a lot of faith in the fact that Microsoft Office 365 has been certified under the Federal Information Security Management Act (FISMA). “Security was one of our top concerns, and we looked at a number of public cloud providers,” Trobridge says. “I’m satisfied that our e-mail is now more securely stored and easier to recover than it would be if it were still housed here.”
And to many, that’s the crux of the security concern: getting past issues of control. “E-mail has been so deep and close and personal, but your data center may not be the safest place for it, especially for small organizations,” says Randy Paul, IT director of Klamath County, Ore. “Guaranteed, they’re not going to have the security and resources a large vendor has.”