While the general perception is that a cloud is a cloud, that won’t be the case for government agencies. Experts revealed more specifics about federal, state and local migration to cloud computing during the first panel at AFCEA International’s Homeland Security Conference. Eventually a governmentwide cloud for all services and data may be created, but today, while some services can move to the cloud environment, others will require customized clouds. For example, email services are a good candidate for the cloud, but those agencies that require extra security are likely to create private clouds for data storage and exchange. The latter not only applies to the usual suspects of national security agencies but also to local and regional law enforcement agencies that need to restrict access and protect information during ongoing investigations

The public sector is inching closer to a more widespread adoption of cloud computing, with cost savings cited as the greatest driver for state, local and federal governments, and governments around the world. A new survey from auditing firm KPMG shows that more than 40 percent of government respondents globally say they are already testing or implementing cloud solutions, and nearly 30 percent are working on a cloud strategy.

What do you do if your cloud provider is breached? Well, hopefully you’ve already planned for it ahead of time in your cloud contract. At the RSA Conference 2012 on Tuesday, a session offered advice to cloud users on how to plan for cloud computing breaches in their cloud computing contracts. Contracts “are an important initial line of defense in dealing with breaches in the cloud,” said James Shreve, an attorney in the Washington, D.C. office of BuckleySandler LLP.

More than a year in the making, the National Institute of Standards and Technology issued Feb. 28 an initial public draft updating one of its premier special publications, SP 800-53: Security and Privacy Controls for the Federal Information Systems and organizations, which incorporates expanded privacy controls and addresses new threats that were unheard of when NIST issued revision 3 in 2009.

Thousands of Americans export data overseas every day without U.S. government authorizations and don’t even know it. How? By using cloud-computing services, ranging from personal services like Gmail to large-scale enterprise data storage solutions. While cloud-based services have become a valuable tool for improving efficiency, outdated government regulation leaves cloud users exposed.

The Department of Defense (DoD) is funding research to create a cloud computing environment that can heal itself after a cyber attack. Researchers at the Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory (CSAIL) are working on a new system that would help a cloud identify an attack and recover from it almost instantaneously, according to MIT.

At the third annual Cloud Security Alliance (CSA) summit today, Michael McConnell, former director of the National Security Agency, urged the audience of 1,200 security experts to do what they can to help build trusted cloud computing systems."I've a message. Drive this technology, and drive the standards to force change. The economics of the cloud are so compelling they can't be denied. We have to get the security aspects right," McConnell said.

The safety and privacy of the information that government agencies entrust to cloud computing services is of paramount concern to experts at SafeGov.org. Recent incidents suggest that Google does not exercise adequate control over certain aspects of its technology which may compromise the security of government information in Google cloud services. SafeGov.org experts Karen Evans, Richard Falkenrath, Jeff Gould and Douglas Miller call upon Google to take proactive steps to reassure government customers that its services will fully protect their information.

At first glance, the new Booz Allen Hamilton survey of government health IT security readiness is pretty positive. A full 56 percent of respondents--IT directors and program managers with the U.S. Department of Health & Human Services, the Department of Veterans Affairs and other state and local governments entities--say they're fully compliant with federal security and privacy requirements. Another 65 percent say they have a risk management strategy and action plan for data breaches. And 60 percent say they have a "holistic" security strategy for responding to potential incidents.

Many organizations still have uncertainties regarding the implementation of cloud technology for their enterprise, with security being a key concern. In order to allay their overall apprehension first requires an understanding of what makes dealing with security in a cloud different from conventional IT enterprises. This knowledge will help an organization to mitigate the security risks through the establishment of the proper controls, technologies and procedures.