Is Cloud Computing Becoming a National Security Risk?
'What would be the economic impact of Google mail going down?'
Apr. 14, 2009 08:15 PM
I'm back from Stockholm and starting to get caught up with my various blog reading. In one of the more interesting posts, Ken Fischer asks a very thought provoking question on his web 2.0 blog, his question is simple yet far reaching, "What would be the economic impact of Google mail going down be?"
Fischer says that "In the next 5 years or so, there will be a massive shift from single server to cloud computing as well as an increasing reliance on everything being always up because of the interwoven nature of the semantic web. Websites andwebservers will no longer be individual and isolated but exist on the ‘cloud’..."
With the newly appointed / retired Federal chief information officer Vivek Kundra in the U.S., my question is, will a key focus of his job description be in addressing cloud based availability & Security? Could cloud security become so critical as to become a risk to a nations national security?
In another recent post on the ITworld website, Meridith Levinson outlined a tough job for the new US CIO in which he is forced to balance openness with security. In the post she goes on to outline " that Kundra will have to strike a balance between the President's drive for openness and transparency and the need for security. Cyber-threats against the country and the government are growing exponentially, and the desire to connect agencies and make government open, transparent and interoperable makes it easier for hackers to carry out their attacks." -- Willopeness and interoperability make us as a nation less secure?
For me the bigger question is, assuming we are moving toward to a fully outsourced computing future, what happens when crucial pieces of communication infrastructures is brought down, either by accident or on purpose? Are we moving toward a future where Gmail is considered critical to the national security of the country? And if this is a reality we may be soon facing, how can governments work to protect these key pieces of cloud infrastructure? Or should they?