One of the biggest news stories in 2010 provides a perfect example of how we can learn from past indiscretions (even if they weren’t ours); the posting of classified government documents and other stolen information on the WikiLeaks website. While this incident may not appear to have a direct impact on the IT channel, misinformation around the story creates a concern for the cloud—particularly around its security and the Federal government’s adoption of the technology.
While the WikiLeaks debacle is cause for alarm around the government’s information security processes, rumors and errant reports have put some of the blame on cloud computing. As members of the technology industry we need to set the story straight, educating customers and prospects on the security process failures that occurred in this case.
Airing Dirty Laundry
For those who haven’t kept up with the story, the WikiLeaks website (founded by Julian Assange) apparently obtained and posted a large cache of U.S. government documents, including details about the Iraq and Afghanistan wars.
The information is alleged to have been downloaded on a flash drive by a U.S. Army Private, who somehow transferred that information to Assange’s organization. Despite his status as a low-level intelligence analyst, his access to these documents was allegedly authorized by the recently introduced information-sharing initiative (called Net-Centric Diplomacy). In other words, the government made protocol changes that made it much easier to obtain classified information.
To me, this appears that it wasn’t a technology failure, but an unexplainable change in security procedures. Human failure should take the blame; it had nothing to do with cloud or internet vulnerabilities. Either way, the affair was an embarrassment to federal officials and may have leaked information that put people in danger.
The Channel Opportunity
Small businesses, municipalities and other organizations without a tech-savvy employee to educate and explain are most susceptible to misinformation around security and the cloud. The WikiLeaks conversation provides a perfect opportunity to coach your clients on the real issues with information security and share proper procedures for securing their data. Solution providers can also employ their information security expertise to create new practices (additional revenue opportunities) such as vulnerability assessments.
This process also allows you to clarify the true opportunity that cloud computing presents, enabling your clients to significantly improve their business operations without large capital investments. By utilizing web-services that follow proper security protocols and meet industry standards, such as ITIL and SAS 70, providers can maximize the protection of their clients’ information as well.
Government Assurances
Another validation of cloud security is the U.S. government initiatives that were introduced long after WikiLeaks was headline news. This “cloud first” policy, part of the Office of Management and Budget’s 25 point plan to reform federal IT management, shows the government’s commitment to web-based solutions.
According to the policy ”Each Agency CIO will be required to identify three ‘must move’ services and create a project plan for migrating each of them to cloud solutions and retiring the associated legacy systems. Of the three, at least one of the services must fully migrate to a cloud solution within 12 months and the remaining two within 18 months.”
In addition to the promise of significant cost savings (projected as high as 50%), web-based systems will make it easier to implement diverse technology applications to offices and employees around the world. Federal agencies have already started the transition, with the General Service Administration (GSA) announcing plans to move to a web-based email system, similar to Google Gmail. While the Federal government may be slow to make the transition, they are committed to the move and, with proper procedures in place, believe security will not be a problem.
Lessons Learned
What is the lesson we learned from the WikiLeaks discussion? I believe the issue was NOT an indictment of the cloud, but a cause for alarm concerning the human processes our government was following. More importantly, WikiLeaks allows solution providers to discuss information security with their clients and prospects, from both a technology and procedural perspective. Through this interaction, savvy MSPs and VARs can educate businesses on the benefits of cloud solutions, such as online backup and recovery and hosted email. With a basic understanding of the WikiLeaks issues, you can assure your clients that the cloud is secure—and start off 2011 with a little extra revenue!
Ted Roller is VP of channel development at Intronis. Find out more about Intronis’ partner program. Guest blogs such as this one are part of MSPmentor’s annual platinum sponsorship.
Read More About This Topic
Share This Post
Posted In: Guest Bloggers | Service Level Agreements
Tags: Cloud Privacy | cloud security | Intronis | online backup | online storage | Ted Roller
Interact: Add a Comment | Trackback Link | Permalink
Subscribe: RSS Feed
Take a look at our 
At best NOTHING is ever certain,it has been demonstrated that Govt.can and is operating on another level ,closing sites , internet banking and monitoring whatever it wants.Can anyone really believe that in these circumstances its wise to rely on the cloud system as being really safe let alone secure?
I support Wikileaks. Why does the media keep trying to swing people towards being against it? do they not realize we live in a world of government corruption and the need to know?
Loved the typo in your first sentence — of course you wanted “indiscretions.” A most enlightening analysis. Haven’t had so much fun since Richard Florida’s heat maps proving Seattle didn’t have a housing bubble
Joe@2: The blog doesn’t say anything about being against WikiLeaks. I’m a journalist who appreciates freedom of information. The blog DOES promote proper IT security, however.
John M@3: Typo fixed. Shoot the editor (that would be me…)
-jp