WikiLeaks and the Cloud: No Legitimate Connection
One of the biggest news stories in 2010 provides a perfect example of how we can learn from past indiscretions (even if they weren’t ours); the posting of classified government documents and other stolen information on the WikiLeaks website. While this incident may not appear to have a direct impact on the IT channel, misinformation around the story creates a concern for the cloud—particularly around its security and the Federal government’s adoption of the technology.
While the WikiLeaks debacle is cause for alarm around the government’s information security processes, rumors and errant reports have put some of the blame on cloud computing. As members of the technology industry we need to set the story straight, educating customers and prospects on the security process failures that occurred in this case.
Airing Dirty Laundry
For those who haven’t kept up with the story, the WikiLeaks website (founded by Julian Assange) apparently obtained and posted a large cache of U.S. government documents, including details about the Iraq and Afghanistan wars.
The information is alleged to have been downloaded on a flash drive by a U.S. Army Private, who somehow transferred that information to Assange’s organization. Despite his status as a low-level intelligence analyst, his access to these documents was allegedly authorized by the recently introduced information-sharing initiative (called Net-Centric Diplomacy). In other words, the government made protocol changes that made it much easier to obtain classified information.
To me, this appears that it wasn’t a technology failure, but an unexplainable change in security procedures. Human failure should take the blame; it had nothing to do with cloud or internet vulnerabilities. Either way, the affair was an embarrassment to federal officials and may have leaked information that put people in danger.
The Channel Opportunity
Small businesses, municipalities and other organizations without a tech-savvy employee to educate and explain are most susceptible to misinformation around security and the cloud. The WikiLeaks conversation provides a perfect opportunity to coach your clients on the real issues with information security and share proper procedures for securing their data. Solution providers can also employ their information security expertise to create new practices (additional revenue opportunities) such as vulnerability assessments.
This process also allows you to clarify the true opportunity that cloud computing presents, enabling your clients to significantly improve their business operations without large capital investments. By utilizing web-services that follow proper security protocols and meet industry standards, such as ITIL and SAS 70, providers can maximize the protection of their clients’ information as well.
Another validation of cloud security is the U.S. government initiatives that were introduced long after WikiLeaks was headline news. This “cloud first” policy, part of the Office of Management and Budget’s 25 point plan to reform federal IT management, shows the government’s commitment to web-based solutions.
According to the policy ”Each Agency CIO will be required to identify three ‘must move’ services and create a project plan for migrating each of them to cloud solutions and retiring the associated legacy systems. Of the three, at least one of the services must fully migrate to a cloud solution within 12 months and the remaining two within 18 months.”
In addition to the promise of significant cost savings (projected as high as 50%), web-based systems will make it easier to implement diverse technology applications to offices and employees around the world. Federal agencies have already started the transition, with the General Service Administration (GSA) announcing plans to move to a web-based email system, similar to Google Gmail. While the Federal government may be slow to make the transition, they are committed to the move and, with proper procedures in place, believe security will not be a problem.
What is the lesson we learned from the WikiLeaks discussion? I believe the issue was NOT an indictment of the cloud, but a cause for alarm concerning the human processes our government was following. More importantly, WikiLeaks allows solution providers to discuss information security with their clients and prospects, from both a technology and procedural perspective. Through this interaction, savvy MSPs and VARs can educate businesses on the benefits of cloud solutions, such as online backup and recovery and hosted email. With a basic understanding of the WikiLeaks issues, you can assure your clients that the cloud is secure—and start off 2011 with a little extra revenue!