The U.S. Department of Defense announced Tuesday that its missions will be allowed to use approved public cloud services to store information classified as high as Secret. The new DoD guidelines give commercial cloud providers detailed security specifications for hosting classified data, and offer the latest sign that even highly regulated and sensitive data may end up migrating to the cloud.
Information classified Top Secret and above will remain on physically restricted DoD networks.
The new cloud guidelines are “designed to ensure that DoD attains the full economic and technical advantages of using the commercial cloud without putting the department’s data and missions at risk,” Mark Orndorff, a DoD risk management executive, said in a statement.
That’s exactly the equation many enterprises are trying to balance as they weigh the cost benefits of the public cloud against potential security risks and auditing requirements — concerns that have thus far prevented a stampede to the cloud.
Among IT decision makers at large U.S. enterprises, 82 percent say security is their main concern with cloud services, according to a September survey from BT Group. Still, 79 percent of U.S. respondents in the same survey report plans to adopt cloud storage and web applications.
Emerging network technologies such as network virtualization and SDN could play a big role in the seemingly inevitable migration to the cloud. A separate IDG survey from November found 61 percent of IT pros are evaluating those approaches as a way to get more agility out of their cloud deployments.