Trump Administration Calls For Government IT To Adopt Cloud Services

According to Reuters, The White House said Wednesday the U.S. government needs a major overhaul of information technology systems and should take steps to better protect data and accelerate efforts to use cloud-based technology. The report outlined a timeline over the next year for IT reforms and a detailed implementation plan. One unnamed cloud-based email provider has agreed to assist in keeping track of government spending on cloud-based email migration. From the report: The report said the federal government must eliminate barriers to using commercial cloud-based technology. "Federal agencies must consolidate their IT investments and place more trust in services and infrastructure operated by others," the report found. Government agencies often pay dramatically different prices for the same IT item, the report said, sometimes three or four times as much. A 2016 U.S. Government Accountability Office report estimated the U.S. government spends more than $80 billion on IT annually but said spending has fallen by $7.3 billion since 2010. In 2015, there were at least 7,000 separate IT investments by the U.S. government. The $80 billion figure does not include Defense Department classified IT systems and 58 independent executive branch agencies, including the Central Intelligence Agency. The GAO report found some agencies are using systems that have components that are at least 50 years old.

Hmmmm....

[twistedcubic]

Sounds like a bad idea. I wonder which cloud provider wrote this directive?

Re:Goverment System = Secure Stable Durable

[Tailhook]

As a result of working for DOD contractors at various times my identity information — extremely detailed identity stuff, like who I went to grade school with and every place I've ever lived and every foreign country I've ever visited — has been stolen from Federal government systems three times now. We see no end of criminality in the handling of the Federal government's electronic documents and no end to the incompetence and deliberate neglect in maintaining recoverable backups.

This Federal government you imagine of competent, conscientious and moral people that don't neglect things and don't destroy incriminating things is a fiction inside your head, and no amount of billions of dollars can ever make it real; it's broken by design. I can't see how moving the bulk of it to efficiently run and competently maintained cloud environments could do any harm, and it may well improve things in a number of ways. At the very least it may stop being trivially simple for the next Paul Combetta to doctor and erase the record.

Re:Not a surprise.

[MeNeXT]

I have mod points but I prefer to post on this.

I understand your point but you haven't shown how not patching on bare metal is less secure than not patching on the cloud. Unless you are saying to completely outsource all your IT to the cloud service providers including your business logic and getting rid of your IT department.

The other thing you haven't mentioned is why it would be more secure to host an OS which is hosted on a OS which is hosted on bare metal. The added layer of complexity adds potential avenues of attack.

The assumption that someone else can better manage your needs perplexes me. I use cloud services and bare metal. What I found is that cloud services tend to be less expensive as a point of entry but 3 to 4 times more expensive than bare metal when considering the whole investment. There is an assumption that the cloud service provider will take the same care as you would in preparing the network. While I can't vouch for every provider or judge them all. I found that in most cases, if you care about your business, you will take the time to ensure that all is in place but there is no way you can ensure that the cloud provider did.

With all that being said my last 5 outages were due to my cloud provider while my bare metal problems didn't result in any outages. Now I am not sure what caused their outages. Is it equipment failure? Was it a miss-configuration? Was it a security breach? I was told that it was always equipment failures but I thought and was sold the solution that the cloud can mitigate such issues better than bare metal.

My point in all this is that when you pass control to someone who you can't completely evaluate, it may come to bite you in the ass if you don't have a backup up plan. The other thing is, I am sure that Apple, Microsoft, Google, Amazon et al don't disclose all their security breaches that affect their clients and that is speaking from past experiences.

But your mileage may vary. I am just speaking from my anecdotal experience.