Security on the Cloud – Systems Engineers Move to the Cloud

Published by on November 13, 2013 at 11:50 am.

CloudAs engineers, we are highly concerned with security. The move to the cloud seems high risk, but the benefits may be worth those risks. Scalability, responsiveness, collaboration, and simulations become almost limitless on the cloud. Cloud computing also allows for a lower cost. All of these benefits make cloud computing desirable to even those who are most concerned about security. If you are in an industry that works with classified information designs and projects must remain secure. The Government has actively sought to make the cloud more secure with policies such as Cloud First policy and FedRAMP, and are even gradually moving to the cloud themselves. Most cloud computing software runs on Google App Engine, because of this Google is highly invested in cloud security.

The Federal Government recognizes that the private sector has taken advantage of all the opportunities and benefits of cloud computing. The Cloud First policy does not just encourage, but mandates that the Federal Government also take full advantage of the benefits of cloud computing. The Federal Government has not utilized their Information Technology to its maximum capacity. The policy actually states that, “The cloud computing model can significantly help agencies grappling with the need to provide highly reliable, innovative services quickly despite resource constraints.” The Federal Government believes that having a Cloud First policy will increase efficiency and responsiveness to better serve the American public.

Even though the Federal Government is moving toward the cloud, we still have to be concerned with security. Whether we are working for the Federal Government or the private sector, systems engineers need to keep their work secure. The FedRAMP program authorizes cloud computing systems for government use. After one year only a few have been accepted. The Concept of Operations (CONOPS) is extensively large, reaching 49 pages and the FedRAMP’s current service providers are expensive compared to large commercial services.

Even with the Federal Government’s attempts at securing cloud computing, many people are still concerned. The responsibility is shifting away from the Federal Government and toward commercial application developers. SPEC Innovations uses Google App Engine (GAE) for their Model Based Systems Engineering Tool, Innoslate. We chose GAE, because of its security and efficiency. GAE is one of the most secure enterprise services in the world. It provides multiple layers of physical and virtual security. With multiple layers of firewalls, sandboxed code, and software protection GAE is more secure than most company networks.

A leader in cloud computing, Google has a complex system to ensure security. Some of Google’s security precautions include:

  • Custom built servers.
  • Eliminating unnecessary hardware or software, so to limit vulnerability.
  • Distributing data across many computers in various locations.
  • Chunk, replicate, and randomly naming data at multiple systems.
  • Destroying end of life hard drives in a multi-step process.
  • Employing a full time Information Security Team to protect the infrastructure.
  • Protecting the physical locations 24/7.

Commercial cloud providers, such as Google, have a vested interest in protecting our data. An interview with Google Security Director revealed Google’s main concerns with security. They concentrate their security by asking themselves three questions:

  1. “Do we have the right people in the places that we need to? Do we have the best experts that we can have to do those tasks?”
  2. “How do we engineer processes to make it easier for people to do the right thing, that is, the secure thing, than it is to do the wrong thing? and testing those processes.”
  3. “Do we have the technology to support those processes?”

Leaders such as Google have an invested interest in protecting our data and take strong precautions to do so. The Federal Government is strongly encouraging the use of cloud computing internally. The financial and medical communities believe that cloud computing is safe enough for them to use too. The real question is, is it good enough for us to use?

Topics: , ,