With both the Obama Administration and the Federal Risk and Authorization Management Program (FedRAMP) so steadfast on the implementation of the cloud, it is imperative that they subdue all doubts the general public may have about its security. FedRAMP has reached out to officials from General Services Administration (GSA), Department of Homeland Security, the Department of Defense, and others to standardize the security of government cloud-based services.
Issues with the cloud arise when it comes to the different cloud varieties; it is difficult to assess security with so many different types of cloud services that exist. Another complication arises when looking into cloud hosting. In some cases, one vendor’s cloud services may be hosted in another company’s cloud server. This requires that the two vendors have contractual agreements and service-level agreements to ensure security within the respective corporations. With such a new technology, cloud testing and security assessment relies on a “learn as you go” perspective. At this point, there is no concrete method of determining security and operation.
Moving forward, government agencies must work together in accordance with FedRAMP if they want to cloud movement to be successful. They must monitor the different agencies and how cloud-based services are working. Assessing both operations and security, while providing potential vendors with the proper information, is the key in the success of the cloud. If FedRAMP is able to convey the cloud in a positive light, it will undoubtedly attain the positive publicity it requires to sustain long-term success.