Skip the navigation

How GSA is securing its cloud apps

By Carolyn Duffy Marsan
March 19, 2012 06:24 AM ET

Network World - As the General Services Administration (GSA) migrates to a work-anywhere, work-anytime strategy, the real estate arm of the U.S. federal government is discovering that having an iron-clad security strategy is critical to its adoption of cloud-based applications.

GSA says the combination of a unified directory service, single sign-on software that covers both cloud- and premises-based applications, and two-factor authentication is allowing the agency to meet regulatory mandates for information security. GSA uses passwords and smart cards for authentication.

"Identity management is really a critical piece of this," said GSA CIO Casey Coleman. "We have a two-factor authentication solution. You can use that two-factor authentication solution as the main criteria for provisioning and de-provisioning. When an employee comes on board, nothing happens until you issue a credential or token, and when they leave that's the first thing that's reclaimed. By doing that, you don't have to turn off accounts in all of these other cloud systems. By taking away that second factor that's required to get into these systems, you improve your ability to maintain your right set of access controls."

MORE: Identity management in the cloud emerges as hot-button issue for CIOs

GSA is at the forefront of the Obama administration's "cloud-first" strategy, which is designed to lower IT costs and eliminate federal data centers through the adoption of cloud-based applications. The new policy requires agencies to identify three "must-move" IT services that can be migrated to cloud computing applications and to complete the migration in 2012.

GSA, a fee-for-service organization, has vowed to be the first agency to meet this "cloud-first" requirement.

"Our administrator Martha Johnson has issued us a mandate that GSA goes first," Coleman said. "Our goal in doing that is that by adopting these technologies, GSA can provide the value and share the lessons learned in deploying them to other federal agencies or other corporations. Our goal is to serve as a public steward for the prudent adoption of new technologies."

By the end of the year, GSA will complete its migration to cloud computing for three popular applications used by its 17,000 employees. GSA selected Google Apps for email, Fiberlink for remote device management, and Salesforce for customer relationship management (CRM) and collaboration. The Google Apps and Fiberlink transitions are done, and the Salesforce migration will be complete in 2012.

"GSA has been enthusiastic and eager to be out in front of other federal agencies in the adoption of cloud computing," said Ray Bjorklund, chief knowledge officer at Deltek, a federal IT market research firm. "To their credit, they have been trying to ensure that all of the cloud concepts and principles work really well for the government. They've been collaborating very aggressively with [the National Institute for Standards and Technology] on security issues."

Originally published on Click here to read the original story.
Reprinted with permission from Story copyright 2012 Network World, Inc. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!