The only thing worse than taking too long to make important decisions with long-term and wide-ranging ramifications is rushing to embrace half-baked solutions.
The Pentagon’s breakneck blind rush to shift its most sensitive data to cloud computing servers has potentially grave and costly ramifications.
Today, most of DoD’s data resides on numerous government-owned systems, each with its own secure firewalls and protections. They fend off millions of attacks a day, ranging from mischievous hackers to criminal organizations and foreign powers.
Updating all these systems to keep them uniformly secure and interoperable is expensive in terms of people, software and hardware.
That’s why the notion of cloud computing has proved so attractive. By shifting the Pentagon’s data to the cloud, advocates argue, you can erect higher defenses around that single pool of information, making that data more secure than under today’s piecemeal system, but with fewer people and at less hardware cost. They add that putting all the data in one place will foster collaboration.
But this approach is not without enormous risks that cloud advocates all-too-blithely dismiss, particularly what happens when a hacker does breach those new, loftier walls.
True, encryption can add an additional layer of security, but once someone breaches its defenses, that person will likely also have breached the encryption algorithms and gained access to the “crown jewels,” intel-speak for the nation’s most-closely held information. Fragments of data may be stored on separate servers within the cloud, but because the architecture is designed to reassemble those fragments centrally for legitimate users, there is no defense against those who can spoof legitimate access.
Complicating matters further, the Pentagon wants to use commercial cloud servers to store its data. Such outsourcing will likely save money, but it raises concerns: Commercial vendors have made it clear they won’t allow DoD to continually monitor these proprietary networks because they also store data for customers who don’t want the U.S. government snooping on their activities, much less their files.
For decades, cloud computing has held promise as a powerful data storage and sharing tool, and now, thanks to better storage, security and connectivity technologies, it is finally gaining popularity and acceptance among businesses and the general public. But whether it is safe and secure enough for the Pentagon remains an open question.
After 9/11, the U.S. government concluded that it had too rigidly compartmented intelligence information, preventing anyone from piecing together all the clues that could have foiled the attacks. Share and share freely became the byword for U.S. intelligence, and for the most part, with great success.
Then came the Wikileaks affair, where a lone private with unfettered access downloaded and ultimately published vast troves of sensitive information that compromised valuable sources and methods, divulged national strategies, and embarrassed both the U.S. and its allies. Chastened, the U.S. government said it would review its guidelines to prevent a similar incident in the future.
Risk management and mitigation is always the key to making any major decision with lasting implications. Rushing too quickly to embrace an alluring concept before fully understanding the implications of doing so is not only irresponsible. It’s dangerous.