New government cloud services regulations improve upon existing policies

Monday, January 30, 2012

Related Articles

May 21, 2012 - Cloud and mobility services can help SMBs

May 17, 2012 - Companies look to cloud to improve data protection

May 17, 2012 - Citibank makes big time bet on cloud services

Contact Us

Phone: +1 (720) 475-4000
Toll Free: +1 (877) 803-9629
Email: info@virtela.net

Managed service providers have always encountered rigid legislation when extending into the government sector, mostly due to the classified information that agencies upload to internal clouds. Existing regulations like the Federal Risk and Authorization Management Program (FedRAMP) are designed to lay out standardized cloud security procedures to service providers, and are specifically worded to make it easier for federal branches to upgrade to cloud services. However, new documents are shifting attention away from these providers and encouraging government users to implement data security themselves.

For example, the National Institute of Standards and Technology (NIST) recently released a publication boldly stating that government organizations are responsible for cloud security, not service providers.

"Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," said NIST program manager Tim Grance.

The challenge for cloud service providers is meeting the specific regulations set down by programs like FedRAMP. The NIST report encourages government agencies and providers to negotiate via methods such as service-level agreements to ensure that neither party misses out on the benefits that the other offers.

Essentially, the idea is that certain branches of the government do not need as many cloud security procedures. For instance, the CIA cloud would need to be guarded heavily, while the Parks and Recreation one may not.