Many commentators will point out that the biggest hindrance to wide acceptance of the cloud model for enterprise computing is doubts to its security. For many folks, this concern is real. For others, it seems they have an agenda in mind, and they are determined to kill this potentially beneficial innovation.

No lesser luminary than Vivek Kundra, the CIO of the United States, has said recently “the risks are being over hyped.” I agree with him.

Cloud service providing is not going to be a “small company” game. It requires a huge amount of resources and a lot of capital investment on the part of the provider. For the client, the financials are compelling. It can save you money on capital expenditures and infrastructure. It can save you people, and take difficult IT actions out of the hands of your non-IT personnel. It can save space and make your footprint on the ecosystem lighter. There is no doubt in my mind that we are moving to a cloud-enabled world, and we should not fight it.

Can the cloud be secured? Absolutely yes! I will not say that every cloud offering out there is secure. If you go with a second tier provider, you are rolling the dice; but go with a big, capable, and reputable firm, and your data can be safe and secure. Likewise, there are concerns with things like data retrieval, ability to do compliance reports, and not co-mingling data. If you go small and cheap, you may get what you pay for, but go to a top tier provider, and you will be well served.

Now we should not be unwise. If the cloud is beckoning you, you have responsibilities as a potential consumer. First, figure out what you have now in your legacy systems with regard to security, data management, and IT provisioning / management. Then, make any perspective provider show why what he is offering is better. DO NOT simply believe the brochure from the smiling girl in the trade show booth. When I say MAKE them show you, I mean demand it. If they claim it’s all proprietary, walk away. Any really trustworthy provider will be more than willing to show you they can protect your network because the good ones can. You may even consider getting a third party to do an assessment.

Lastly, migrate iteratively, with the low-hanging fruit first. As you become more comfortable with the cloud environment and all the benefits intendant there in, you’ll want to move more. It works.

Vivek Kundra is trying to move our government networks into the 21st Century and in a resource-constrained environment. His tilt toward the cloud to accomplish this is righteous, and he deserves our support. The cloud is securable, and we can do it today.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More