Understand your data to reap the benefits of the cloud
There is little debate today about whether cloud computing works for government – many agencies are already taking advantage of the flexibility, economy, and convenience of cloud offerings such as the Microsoft Azure platform. Today, the cloud discussion evolves around the question, “What value will it produce for me? What can I put there?”
Despite its excellent track record, concerns about the cloud persist in the public safety and national security community, where letting sensitive information out of an agency’s direct control has traditionally been taboo. These concerns may keep some agencies from taking advantage of the benefits of the public cloud – a flexible, economical platform for the public information that every agency holds.
With IT budgets under pressure and greater volumes of data being generated every day, governments cannot afford to pass up the economy offered by the public cloud. The key to reaping these benefits is data governance: Understanding your data, how it is classified, and how it must be handled today and in the future.
It is the “public” in public cloud that creates this concern. The public cloud, usually operated by a third party service provider, provides a virtual environment using shared physical resources for multiple customers. It enables agencies to dynamically provision computing resources including online storage, email and other applications. Because of economies of scale, public cloud offerings from large service providers can be significantly more cost effective than private clouds or agency-owned systems. And because of the resources of a large provider such as Microsoft, customers do not have to sacrifice security to obtain savings.
To some, the idea of a “public” platform conflicts with the requirements that information be kept confidential. While it might make sense for agencies to maintain their most sensitive information in their own systems, however, there is no reason why the public information that all agencies must keep cannot be moved to a more practical platform in the cloud.
The Mexican tax authority, for example, was faced with a shrinking IT budget and growing storage needs. Working with Microsoft, it was found that not all of its information was sensitive enough to require additional security. Although personally identifiable information (PII) certainly merited extra protection, other information that was publicly available did not. The identity data of taxpayers is held on in-house storage, and other data was moved to a public cloud. The data from the two sites is accessed through a communications hub that associates data from the different sites as needed. It is a smart way of solving the problem of storage on a tight budget, leveraging the power of the cloud and reducing requirements for on-site infrastructure.
Just about every agency, no matter how sensitive its mission, has public information that it is required to hold and make available, such as administrative records and material on their public websites. Although PII contained in some information can make it sensitive, data often can be anonymized, making it suitable for an economical cloud solution.
The decision of where information should reside goes beyond the IT department and the information security shop. Because this decision requires an understanding of the data, it should be made by the owners of the data and those who manage it and who are responsible for its protection.
By understanding your data and your requirements for handling it both today and in the future, and by understanding the options available in modern cloud offerings—private and hybrid, as well as public—agencies can be better positioned to take advantage of the convenience and economy these platforms offer, regardless of their mission.
