Will security concerns darken Google's government cloud?

More

Google Watch

• Update: Gmail gets social with Google Buzz
• Google Buzz takes the fight to Facebook
• Update: Google to make Gmail more social
• EPIC files FOIA request over reported Google, NSA partnership
• Gmail to drop IE6 support this year
• Clock may be ticking for Google to act on China
• China slams Clinton's call for Internet freedom
• Update: Google grows revenue and profit in Q4
• Clinton: U.S. gov't will push harder against Web censorship
• Google cyberattack probe includes employees

More Google coverage

Computerworld - When Google Inc. launches its cloud computing services for federal government agencies next year, one of its biggest challenges will be to overcome concerns related to data privacy and security in cloud environments.

Earlier this week, Google said that it was planning on offering cloud services such as Google Apps to federal agencies starting in 2010. Google said it is speaking with several federal agencies about its offerings, which the company has assured will be fully compliant with the requirements of the Federal Information Security Management Act (FISMA). A FISMA certification is required for a service provider, such as Google, to sell to federal agencies.

At a cloud computing event in California, Google announced its plans to deliver a government cloud. At the event, a company executive noted that the government services would be hosted on Google's data centers, but on systems that are compliant with government regulations. The government cloud service would also be operated by individuals with the appropriate security clearances, and all data that is part of a government cloud service would remain in the U.S, the executive said.

How far such assurances will go in assuaging concerns related to cloud computing service, especially in a government setting, remains unclear.

Karen Evans, former de facto federal CIO under the Bush administration, said that using cloud services such as Google's could help federal agencies significantly reduce IT costs. But for many "the biggest concern is going to be the security and information assurance associated with a cloud service."

A lot will depend on the kind of FISMA certification and accreditation that Google's cloud services receive, she said. Under FISMA, federal systems are classified into three risk categories: low, medium and high. Each level has its own requirements, Evans said, adding that she hoped that Google will be certified and accredited at the highest risk levels. Then it's just a matter of agencies working out a service level agreement that spells out their security requirements. She added that agencies interested in using cloud services will probably be best served moving their external, Web facing applications first before considering more sensitive applications.

Meanwhile, Unisys Corp., a major provider of IT services to the government, Wednesday released the results of an online survey that looked at the issues affecting adoption of cloud computing.

Of the 312 respondents, about 51% cited security and data privacy concerns as the biggest impediment to adopting cloud services. The next highest barrier was integration of cloud-based applications with existing systems. Concerns about the ability to bring applications back in-house ranked third.

The results are consistent with previous Unisys surveys on the same topic and with what the company has been hearing from clients, said Sam Gross, vice president, global IT outsourcing at the company. "For us [the results] are not surprising," Gross said. "We have been surveying our customer base and doing quick polls for a long time. The numbers are always different, but never the ranking," he explained. "Security continues to be the number one concern for cloud computing."