Slashdot Mirror
Trump Administration Calls For Government IT To Adopt Cloud Services (reuters.com)
According to Reuters, The White House said Wednesday the U.S. government needs a major overhaul of information technology systems and should take steps to better protect data and accelerate efforts to use cloud-based technology. The report outlined a timeline over the next year for IT reforms and a detailed implementation plan. One unnamed cloud-based email provider has agreed to assist in keeping track of government spending on cloud-based email migration. From the report: The report said the federal government must eliminate barriers to using commercial cloud-based technology. "Federal agencies must consolidate their IT investments and place more trust in services and infrastructure operated by others," the report found. Government agencies often pay dramatically different prices for the same IT item, the report said, sometimes three or four times as much. A 2016 U.S. Government Accountability Office report estimated the U.S. government spends more than $80 billion on IT annually but said spending has fallen by $7.3 billion since 2010. In 2015, there were at least 7,000 separate IT investments by the U.S. government. The $80 billion figure does not include Defense Department classified IT systems and 58 independent executive branch agencies, including the Central Intelligence Agency. The GAO report found some agencies are using systems that have components that are at least 50 years old.
Great another webservice that will be slowly "upgrapded" over time to uselessness then shutdown.
Either it's a local application, or I'm ignoring it.
I'm not surprised that this administration has fallen for the shiny veneer of cloud services. However, the idea that this will improve security is laughable. I agree that we need to a technological overhaul using the latest protection but cloud services are not the solution and far from the panacea they claim to be.
Anons need not reply. Questions end with a question mark.
Great idea, what with the poorly secured cloud instances yield all sorts of fun stuff making it into the news lately.
http://dilbert.com/strip/1995-... good times.
There is no XUL, only WebExtensions...
What could possible go wrong?
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
I bet Russia has a few vendors showing interest.
Better security or move to the cloud: you can only pick one.
Sounds like a bad idea. I wonder which cloud provider wrote this directive?
The government should never use cloud services. They should by law be mandated to maintain, quite expensive hardened electronic data systems, backed up by manual, actual dead tree and pen and pencil systems. So that in the event of catastrophic failure which is inevitable, (major solar flare, impacts, extreme storm events, major geologic events et al). They can rebuild systems, this versus the idiotic lowest tenders, maximise this quarters profits, who gives a fuck what happens in a years time, so what if society suffers I have a bunker, moronic thinking. Oh look the orange orangutan likes cloud and his idiots council has been paid big time bribes so contract out to private for profit clouds. That way private corporations will control and access all government data for total control, well, right up until catastrophic failure and than a whole bunch of Americans die over years as the country slowly rebuilds. Stupid is as stupid does.
Chaos - everything, everywhere, everywhen
It's just using someone else's computer.
Im sure certain departments have cloud services, but they really need everyone to code up the backdoors so others can hack
Trump is all talk, but at the end of the day he will go along with whatever he gets told. He recently signed in a new regulation without removing any, going against his own Executive Order. He can safely ignored domestically for the next 3 years. Congress are the ones to watch.
https://www.cnet.com/news/white-house-unveils-cloud-computing-initiative/
https://obamawhitehouse.archives.gov/blog/2010/05/13/moving-cloud
This is the exact sort of thing that I would to expect to come out of a big white building full of executive level upper management morons with big bank accounts.
I'll be damn surprised if there's not an on premise IT grunt at the White-house getting his pink slip right now.
In fact, where does one apply for the position? (asking for a friend)
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
Wow, spy work just got really, really easy hey?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
'Cloud services' are the in thing right now, just like we went through outsourcing. Few people in management give a shit about IT, it's an expense. If they can externalize it and not have to deal with as much in house, they will.
So right now I get to bitch and moan that it's a mistake, knowing the only good it does is to let me vent. And if I'm still with the same employer 10-15 years from now, I'll be working on the project to start bringing things back in house because of all the problems cloud services cause us. And I'll get to say, "I was right but nobody listened", and exactly zero people will think anything of it except that I'm an old crank.
So all these servers you're going to move in the 'cloud'?
In reality that means moving the servers off their local secure network onto the wider network, into a third party data center. Calling it 'cloud' is really fluffy but its just outsourcing your local network to a remote server out of your legal/physical control.
You still have to secure that network, and the local office network, only now, you have to open a port to a remote server on someone else's network over which you don't have physical control. You cannot control access to the server, you can only control the contract (a promise) on how the third party will control access.
The UK for example, outsources its emails to Microsoft in Ireland, and it did that even after discovering its emails were being read by the NSA and used as lobby fodder to pre-empt laws the US deemed unfavorable to US business. There's little you can physically do to protect that network, UK police cannot raid Ireland data centers, and Microsoft has limited liability cover. Literally they cannot even ensure their data travels across a direct link to Ireland, it most likely routes via any third party country. Yet if the server was in the Parliament building on the local network it would run only within Parliament, and the staff there would be subject to UK law, and it would be as secure as the client machines connecting to it.
That's an issue. What if KasperskyCloud were given control of email cloud? Sure they won't be called KasperskyCloud, they'll be called 'PatrioticMericaFlag Corp' and run by Erik Prince.
You say "cloud services", I say "time-sharing".
Big system with segmented processes and storage. They were a security nightmare. The first international conference on computer security in London in 1971 was primarily driven by the time-sharing concerns. /get off my lawn
Can't Locate Our User's Data
'Nuff said
"better protect data"
"use cloud-based technology" ....
It is pitch black. You are likely to be eaten by a grue.
Seems like the animus that propelled the US gov't, post-WW2, would have no problem taking today's technology and building its own closed, high-performance systems, creating dozens of standards and new technologies in its wake.
US government procurement is a NIGHTMARE!
It literally takes an act of congress to buy almost anything.
By moving it to cloud service. It's a service contract.
What Amazon, or whoever else gets certified, does to maintain the service is their problem (expense).
Congress has painted the US government into a corner. Since the government can't buy anything, service contracts are the only way.
Regardless of my other opinions of trump, this is a reasonable business decision.
Too late.
Perhaps you've noticed how many things are served by AWS, or cloudflare
They're already on your lawn.
And, you've probably let them on.
I watch companies with security requirements get themselves into very interesting "cloud" situations on a regular basis. Would hope the government of the USA wasn't as stupid.
w00t! Obama so smart and intellektual and want to use newest tech - he so hip, I like him.
Trump wants to use cloud services.
WOTTA IDIOT! MORON! CLOUD SERVICES IS STOOPID AND INSECURE.
But it's nice to see slashdot fulfilling its role as 2nd rate daily kos again.
Captcha - Admire.
There are plenty of "mandate by law secure systems" already. Doesn't do much good because laws don't create competence. "Requiring" that agencies be secure doesn't even make people *want* to do a good a job - an apathetic sysasdmin indeed becomes MORE apathetic with each new regulation.
I've been required to follow federal security standards before, at a government job. The federal standards required we use MD5. We wanted to use SHA256, because it's FAR more secure. MD5 has been broken for several years. But regulations are regulations. Gotta follow the regulations, although it means any script kiddie can access your account.
Another poster pointed out DoD has been hacked over and over again. One reason is that DoD suckerity standards *require* you to do really stupid things. Even government standards such as NIST which are optional and therefore more quickly updated say you must NOT do some of the things DoD requires, because following the government mandates forces security weaknesses.
The fact is, Amazon has hundreds of security professionals working for them and they've put thousands of man-hours into the security of RDS. I'd challenge anyone to find even one federal government database server anywhere that is as secure as RDS with the default security group. There is no perfect security, but the "security" mandates the feds operate under result in some of the least secure systems around.
That said, if an underpaid, unqualified, apathetic diversity hire at a government agency fires up a *Windows* server on AWS and install their own outdated copy of SQL Server, then actively sets the security group to allow connections from everywhere, they aren't going to benefit much from all the security efforts that have been applied to RDS. They certainly can screw up with an AWS server just like they can screw up with a physical server. They'll screw up a lot less if they let Amazon handle the servers and they use services like RDS, Glacier, and Lamda.
I found this great offer for cloud-based government email. It claims over 24 years experience managing classified data. Whaddaya think?
clintonhosting.com
This is, quite simply, a stunning idea.
I support all government services being pushed to "The Cloud". Every. Last. One.
Then, let that "Cloud" provider run afoul of the lack of net neutrality laws.
Hilarity ensues.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
May be this is their way to try to open the government up to everyone?
Most here wouldn't use cloud services for secure data and the "T-Empire of America" still wants to do for it, so may be they really want to open their data and not secure it?
This is just a continuation of what has been existing federal government policy for the last six years:
Federal Cloud Computing Strategy
This smells like a shell game to reduce headcount. They did the same thing about 10 years ago.
Step 1: Get rid of as many IT positions as possible.
Step 2: Hire them back at double the cost as contractors. Employees make less money than before with no job security. Contracting firms rake in the profits.
Step 3: Show Congress & White House what a good Govt Agency you are (yes you are!) for trimming employee payroll. Nevermind that your agency's total budget went up.
Step 4: Profit.
n/t
Increasing security and moving to the cloud are inherently contradictory requirements. If you access something on the cloud, then your enemies can potentially (also) access it on the cloud. But on the other hand given Trumps links to Russia, maybe that's the whole idea - to give the Russians access to US computer systems?
I guess this initiative from six years ago was Trump's fault, right?
The editors here are worse than CNN.
"accelerate efforts to use cloud-based technology."
No, No! a thousand fucking times NO!!!.
The cloud is nothing more than someone else's computer, we DO NOT need government data or data on citizens floating around on any random service providers computer that the government decides to choose.
Recently a former co-worker told me about how his employer had migrated to cloud-based email, and federated login (and some other services). It was true that their IT infrastructure was horribly outdated, and in serious need of a complete overhaul, in order to continue meeting contractual requirements with customers.
But the way this migration was performed, was a complete failure. Over 6 months, they met NONE of their goals. Software license costs ended up being more than double what was estimated. During the migration, the login servers were compromised by a new exploit. There were several complete re-installs, and on every re-install, they found the system was infected or compromised again within minutes. They went through two "big-bang" replacements, where all systems were shut down over an extended weekend, and physical servers were replaced with the spares. As operations were halted, this costs them a huge amount of money. And the extra hours of IT and vendor service were costly. (law enforcement was also involved, and, my former co-worker tells me, there will be a lawsuit by the employees whose personal information was exfiltrated). The only real gain here, was the IT staff got good experience at disaster recovery practice.
In the end, the company's yearly numbers were completely blown. They lost customers, their reputation was damaged. They ended up cutting staff. (some of us already had a feeling that things were heading in a bad direction years ago, and left).
I really really wish that I could name names here. Not just the company but the vendors. This migration plan was announced ahead of time, and so many people drank the marketing cool aid - people who should have known better. But privately, the criticisms were flying, and exactly everything that sound reasonably thinking people said would happen, did happen.
I could go further - to the beginning of the whole "Cloud Services" craze. We've all had our doubts, and pointed out the obvious flaws. And even where a service like Amazon's QuickStart setups can supposedly configure everything to be fully secure and compliant. . . this service is deceptively over-simplified, and there are so many details that are left unspoken. Moving your IT out of your own data center to the cloud may look cheaper on paper, but shipping it to some one-size-fits-all cookie-cutter cloud service is not the answer. You're still going to need a shit ton of very skilled expertise to architect and configure it, and then you're still at risk. Because your data is not in your building under your physical control. Which is really your last line of defense when shit gets real. If you need to, you can unplug.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
There is only OTHER PEOPLE'S SERVERS.
Besides, doesn't the government have enough security problems with things locked behind their own networks as-is?
Chas - The one, the only.
THANK GOD!!!
nah, lets just use the cloud.
Cloud Services or better data security. Ain't gonna get both in the same package.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
It's 2017, wake up and smell the blue smoke.
The fact is, amazon can provide you with an infrastructure that's cheaper, more reliable, and more performant at a price point that you can't match.
There are good reasons to use your own infrastructure, but there are many, many, many more reasons to use amazon.
Examples:
Does that failover cluster you built actually work? I mean, really really works? Like have you actually tested it during production?
Did you accidentally wipe a config last time you upgraded some firmware? Oops.
How did the power failover test go?
Does your backup link actually work?
Do you actually know where that server is and how to get it back into operation? Do you have parts for it?
Did you actually run that application on a production workload before you bought the hardware? Did you account for growth and bad development?
It's tiring listening to these ignorant old men parade their ignorance in public. The fact is, AWS can kick the ass of most infrastructure out there, period. They're just better at it. The fact that you may not recognize that shows that you may suffering from dunning-kreuger.
It was all so easy and since the US govt didn't keep any paper records it collapsed.
Now the anarchy FSociety has always craved is real.
the Central Committee of the CCP
wait, I mean Baidu Cloud
Our President is so dumb that he thinks clouds mean rain.
And what are the odds that confidential information is going to be held on commercial servers in foreign nations? How about classified data? Now, if they want their own cloud, even built be contractors, that's fine, but keep our shit out of foreign hands please. And, sweet Jesus, please don't pull the dumbass moves that OMB did. Our private data doesn't have to be available 24/7 on the web.
Just another day in Paradise
Just tell Trump that Obama started this (running services and storing data on the cloud) and he'll make it so that not even the government meteorologists can say the word cloud.
It has been for years. My organization has been fighting tooth and nail to prevent our organization from moving to "the cloud." It costs us about $200,000 a year for the necessary infrastructure (servers, maintenance, power, cooling, etc.) to run our program. The CHEAPEST cloud provider quote we've gotten to do the same thing is about $1 million dollars a year. Some are as high as $3 million. Cloud services are an order of magnitude or more higher to do the same thing.
That doesn't even take into the account the fact that most DoD instalaltions (like this one) are starving for bandwidth, as we can't even get to the internet most days. So rather than having our systems here local and fast, they will be remote and damn near unusable. Not to mention the year or more of work it will take to move to a cloud provider, plus the massive downtime involved. It's truly a disaster. We've been fighting it in hopes that someone would realize how insane this is and have the pendulum swing back the other way, but now after seeing this, it looks like we are fighting a losing battle.
If you adopt Cloud Services you put our business, data, and security at risk. If you want your company to have an edge, then employ your own IT talent.
What an idiot.. he said he would stop H1Bs, and support American IT workers. That's one of the reasons why he was elected. Myself and many other IT professionals voted for him because of it. Man do I have buyers remorse. He's just like any other politician. Full of shit.
it would mean a big shift in purchasing and consequently a ton of money he could give away to himself or his buddies. As always with politics, follow the money.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Cloud services. Great buzz word. They will save the world! Unless you actually need to use them a lot, then they will cost the world. Sure, cloud providers will give you more redundancy than you would likely be able to create yourself, but the cost is going to be through the roof. But who cares! It's just money that they get from us little ole taxpayers.
And then what happens when some dumbass places some secure document on the wrong server, and/or forgets to put a SECURE password on the share? The more you use services like that, the more chances that someone is going to make a stupid mistake. So I guess it's more secure... until it isn't.
Yes, just wait when the low-cost bidder is the FSB
Time to buy stock in the company.
Because if your clowd is actually in Russia, there's no need for secrecy anymore.
Once the government moves to cloud services, the ISP can charge more for access to their services with net neutrality going away!
"we need more security... now move it all onto the cloud"
What's really ironic is given Trumps hatred of Jeff Bezos, he's basically demanding the government start spending billions and billions on Amazon's offerings. Perhaps no one alerted him to this?
"to better protect data and accelerate efforts to use cloud-based technology"
Nothing wrong with the cloud, but as you say not only is the idea that it will improve security laughable (likely the opposite actually), but that is will solve all the governments IT problems, specifically that of costs is equally laughable.
As someone who works in the industry I get this question all the time. Why is it so expensive to do IT work in Government as opposed to private industry? Sure some of that is bureaucracy and waste, but likely little more than what exists in any very large organization including private industry. Certainly one problem is how funding is assigned (yearly, with little guarantee in many cases after that, making any large IT project which will take multiple years challenging), and additionally the fact that typically the election cycle swings between opposing ideologies, meaning not only every couple years do you have direction coming down from above constantly changing, but with partisan politics, direction to actively sabotage whatever they predecessor did so they cannot take credit for it during the next election cycle. None of that is really IT related, or have anything to do with the folks that work hard in the civil service. However on top of all of that, is the fact that government is held to a much HIGHER standard than private industry, least of which is to ensure you are getting a good return for taxpayer dollars. Not only in security and accountability, but in IT standards must be followed, and what processes must be done. That accountability also includes extreme procurement processes so as to try and be fair to everyone etc... and can border on ridiculous. I've seen projects with longer procurement processes than actually project time. All of that stuff takes overhead. Another directly related to the security question is privacy. Not only is government held to a MUCH higher account for privacy, in many cases government is required to collect a lot of mandatory information from people that private industry just would not. Even the idea of putting a lot of this information in the "cloud", which really just means on someone else's servers is a bit unsettling. To be sure there are advantages to a cloud framework, but you also give up a lot of things including a lot of controls. Sure you can outline a lot of things in the agreement, but when stuff "happens", even if the agreement wasn't upheld, who do you think will ultimately get the blame? Lastly on the topic of "why is costs so much" is that government in an attempt to save money, but probably more so to look smaller (in terms of employees), pretty much outsources just about everything to consultants and private industry anyway. Not only do they charge through the teeth, they know government isn't going to default on them and that they are going to get paid, so these esteemed private industry contractors drag it out for as long as possible and suckle at the teet like parasites.
So in short, while cloud technology may help in some regard in certain situations, it is hardly a cure all for what ails government IT. Most of which isn't really technical or how much people get paid, or general waste or ineptitude but rather entails the fundamental difference between what is government VS private industry. For some time now there has been pressure for government to behave more like private industry, which I always found funny because intrinsically they are different, and if you think about it a bit beyond simple ideology you probably wouldn't want it to either.
Wasn't this already done 6 years ago?
https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/federal-cloud-computing-strategy.pdf
Anyone that was fooled by the switch in terms from "Third Party Storage" to "Cloud" should resign.
Those who think that outsourcing you valuable data is a good idea, your short term thinking
is what's wrong with the last fifteen years...
Everyone knows the best way to secure your systems is to obscure them under the fog of war. A cloud is naturally the next best thing.
I don't believe in karma, I just call it like I see it.
Amazon must be calling in a campaign favor...
That's a weird way to spell "amazon".
Can't help but think that if a Liberal had come up with this idea you all would be kissing ass and saying it's the greatest idea ever...
But, if it is in the cloud, at least you can count on some security expertise, vs the wife of a middle-east technical school graduate that Wasserman-Schultz had running the DNC's computers.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
With net neutrality in question, I advise people not to move to "cloud" services (remember, cloud == someone else's computer), as if their ISP doesn't favor the cloud provider, they are screwed!
THis shows how disconnected he is from reality. Can we put him in the corner until he wisens up? Lets let our security people mull this one over real good, and issue a report.
shiny veneer indeed. He has lost his mind. or, he is being steered by manipulative people looking to make money off the process.
BTW - DJT - how is Jared going to cover the bills coming due for 666 5th Ave while a member of your Staff? Is this part of the solution?
but only if they have really good encryption. Oh wait, they don't want anyone to have good encryption.
You live and learn, or you don't learn much.
We keep selling out government to contractors more and more all the time. I know people who've seen it; the contractors always are worse and cost LESS. My best friend had a government background check by the FBI for his clearance and I was involved in that. The private version that took over he went and got a job doing for a while; he said is was mostly BS and he got paid well but didn't do much of anything compared with what he had done for him and his job was setup so he couldn't do much. He didn't even have an office, he had a cell phone and a car provided and just drove person to person all day without the time to do anything. If something seemed off he could say something but no real investigation. He felt like a truck driver and quit. That was for giving security checks for the government. Not high level, because government employees still did that... but probably not anymore...
MOST the stuff we hear about involves contractors. Not saying they are always the cause, but they are always involved close enough to be the problem. So to blame gov workers and not leave out the numerous sweet contractor deals is not being honest. Especially when there has been a MASSIVE shift to contractors continually since the 80s.
A few years back, the UK gave cloud a pass, because they couldn't be guaranteed that UK government data would remain on UK soil.
And, speaking as en employee of US federal contractor and sysadmin, you're going to prove to me that a) it stays on US soil, and not, say, in datacenters in the Middle East or Russia; b) that every single person who has access to the physical servers that provide the service all have US federal security clearances?
Fat chance. But that's ok, Trump & the GOP are smarting over the US OPM b reach of a few years ago, and they want a *bigger* breach.
wife of a middle-east technical school graduate that Wasserman-Schultz had running the DNC's computers.
You know you have a weak hand politically when you have to make shit up to win.
Would it not cost us more for agencies to access inter departmental data in a cloud over a metered internet? Is this somehow benefiting someone or interests by forcing the government to use premium fast lane internet?
Cloud-based e-mail: All government having its eggs in the same basket. What can possibily go wrong?