Why Is It Safe For Government Bodies To Keep Data On The Cloud?


Technology Paradigms in Public Service

The government is not only the biggest data creator, but the largest consumer and aggregator as well. Central and State governments have large amounts of data in the form of user records, public policies, schemes. Thus it becomes critically important that the government has a strong and robust IT backbone to undergo a smooth transformation in its form and deliver all the services on demand. Information and Communication Technology increases productivity and efficiency while making the government machinery accountable, transparent and people friendly. The Digital India program initiated by the government is targeted precisely at meeting these objectives.

Downtimes due to hardware failures, software misconfigurations, security breaches and data loss are something that not just impact the productivity of the government offices (and therefore the quality of service) but also its credibility. Also, often projects drag on due to inadequately resourced sites severely compromising the return on investment made in the information system by the government organisation.

The cloud as a platform for such information system can remedy many of these shortcomings, while reducing costs, need for upfront capital and increased flexibility.

The Cloud

Cloud Computing, or, commonly referred to as ‘the cloud’ is delivery of services using computing resources over the internet. These services are classified as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Cloud Computing enables data storage, access to compute resources, data interlinking and data security on an on-demand and usage based model, optimizes the overall infrastructure cost and performance. All one needs to access the cloud is a working INTERNET connection.

Data Security Challenges

Migration to cloud essentially means moving sensitive government data to a third party infrastructure. Ideally the government should own the cloud where the data is stored. But the cost and effort required for such an exercise can be daunting. The risks can be easily mitigated by a SA (Service Agreement), that mandates the service provider to share the control over the data.

Any system used on the internet is not 100% secure. IT systems can be hacked and malware, virus, worms, etc, can be implanted which are harmful to the on premise data. The challenge is not limited to only software; an IT setup is threatened with cyber attacks, physical damage (maybe due to an accident or natural calamity) or a manual security breach. In each case, the system can be damaged to render them useless giving a huge blow to the investments, besides the loss of valuable data. Cloud service providers reduce this risk by implementing a distributed infrastructure wherein the data is backed up on multiple servers and a high level of physical and cyber security, thus ensuring adequate defence against system breakdowns or data loss.

In the cloud computing approach the data must be organised based on the impact levels. For example, the non sensitive or un-classified data can be displayed on public facing websites which has a lowest impact level. As the sensitivity increases and the impact is deeper, the data must be pushed to more secured storage. The United States has a dedicated policy called the Federal Risk and Authorization Management Program (FedRAMP), designed specifically to protect cloud-based government data.

Why Cloud Is A Safe Bet?

Disaster Recovery

Cloud Disaster Recovery (cloud DR) is a business continuity strategy that involves storing and maintaining copies of the records in the cloud as a security measure. The goal of cloud DR is to assure an organization with a method to recover data and/or implement failover condition in the event of a natural or a man-made disaster.

cloud disaster recovery

Image credit: TechTarget.com

Below are some of the effective ways of cloud DR:

Cloud service-level agreements

Service-level agreements (SLAs) help organizations in defining the terms and conditions before migrating the data on a cloud and incase of an unwanted contingency, can charge the service provider a proportionate penalty. This establishes accountability and therefore is the first step towards moving data on cloud.

Failback and failover methods to cloud recovery

For the purposes of continuity in business and services, the system should be able to fail over a similar redundant site or link, in case of a failure. Once the disaster is sufficiently addressed, the system is back on primary hardware and software. The Failback and Failover systems can be automated.

Choose the right service providers

Providers who follow industry policies and practices are worth the business transition. These providers ensure a functional back site, so that the main application fails safely and failing back to main system is hassle free.

Security at the user level

Cloud computing allows the administrator to set up users who can access the cloud and also define the levels of access as per the user. It is possible because of the ‘Attribute Based Access Control’ (ABAC) methods of cloud applications. ABAC is a method wherein the user requests for a permission to perform operations on the computer resources and the request is granted or denied based on the role the user performs in the organization.

Security measures undertaken by the cloud providers

Cloud providers, are competitive and keep the security of the cloud infrastructure top notch. Some of the popular security features are Firewall, Intrusion Detection System, Data-at-Rest Encryption. They invest heavily in the application security, while also providing physical security i.e., infrastructure, security staff, uninterrupted power and temperature controlled environment. Also the data is stored in redundancy format so even during regular maintenance services, the application works and the government services remain un-disturbed.

Cloud Computing Enabled Governments are the future

A Government is smart, if it is focused on governance rather than the government itself.

Conventional view of the people towards government can undergo a big change when they see the government optimizing its functioning to serve citizens better. The government is seen to be taking the right steps in this direction by enabling “Public Cloud Policy” and related policies around “Data Privacy and Protection”.  For example, The Government of Maharashtra is at the forefront creating an opportunity for public private partnerships for migrating the government data to the cloud. Under this policy, the government will ensure data is stored in India and maintained under the highest security standards.

To move quickly towards a future where service delivery to the citizens is effectiveness and transparent, the government must actively adopt the cloud as the underlying platform for IT driven service delivery to ensure that it does not get caught up with the wasteful task of building maintaining and managing the IT infrastructure.

Cloud computing infrastructure allows for building applications on top of it, without concern for the underlying IT infrastructure, and the ability to scale and expand with ease.

Ameya Paratkar is an ICT professional and has worked in the cloud computing domain with multinationals. Currently, Ameya heads a SaaS product in the Agri-tech domain in India. He has a keen interest in Technology Governance Policies.

Leave a Reply

Your email address will not be published. Required fields are marked *


Privacy Policy | Terms of service