National security systems should move to cloud, says White House advisory committee
The president should direct agencies that oversee national security and emergency preparedness, or NS/EP, programs to move mission-critical systems to the cloud, recommends (.pdf) a May 15 report to the president from the White House's national security telecommunications advisory committee.
The report says all NS/EP-related cloud service level agreements should address continuous availability and assured capacity, identity management, periodic third-party audit, continuous monitoring, encryption of data at rest, security process transparency, and the certification and accreditation of hosting systems and processes.
Report authors also recommend that the Federal Risk Authorization Management Program, or FedRAMP, expand to include more "high risk impact level" environments, in order to include more systems relevant to NS/EP.
The government should also consider launching a new collaborative program that could give "priority access to cloud-based equities in times of need, based on infrastructure degradation due to natural or man-made causes," says the report.
Before directing NS/EP systems to be moved to the cloud however, the administration should consider some policy issues, says the committee. For example, prior to migration to a cloud where the vendor could store data on servers in foreign countries "conduct an examination of the data laws for foreign countries and only proceed if the results indicate acceptably-robust protections for such data," recommend authors.
The Homeland Security Department and the General Services Administration could help agencies with jurisdiction over NS/EP select the best cloud solutions, says the report.
- download the "NSTAC Report to the President on Cloud Computing" (.pdf)