While cloud security continues to be the top concern for those leery of cloud computing, one major governmental group has cast its vote for the technology, adopting cloud collaboration tools for its most important meetings.
After a month of rigorous testing, the Canadian government selected OpenText’s Social Workplace platform as the cloud collaboration tool of the Toronto G20 Summit, a meeting of the world’s largest economies focused on fiscal planning, in June 2010. The group continued to use the collaboration platform at its November 2010 meeting in Seoul.
The idea for adopting a social media platform came from a senior Canadian diplomat tired of sending large files to even larger groups over email.
“He was fed up with emailing documents back and forth, and that’s really where the idea of a virtual G20 came from,” said Tyler Knowlton, chief social media strategist for Canada’s Department of Foreign Affairs and International Trade (DFAIT).
Presented with a variety of options by the Canadian Digital Media Network, the DFAIT chose Social Workplace and began a vetting process.
“We had the system as it stands vetted through our own security people, and they made some recommendations,” said Knowlton. “We also had the [mobile] application vetted.”
“Everybody’s coming from different perspectives, to get everyone on the same platform talking about issues in a cloud environment – everyone has their own security concerns they bring to it,” said Alex Benay, director of industry marketing and vice president of government relations at OpenText.
OpenText’s challenges were focused around a few key issues – mobile security, hackers or digital protesters, and finding a balance between government transparency and security, Benay said.
The DFAIT’s biggest concern when it came to mobile cloud computing recalled a similar issue it previously had with the advent of laptops -- what happens if the device falls into the wrong hands?
“The platform had to work with mobile devices, because everything is mobile these days. We had to make sure we ran through the gauntlet of all security issues,” Benay said. “We were estimating over 70% of the usage would be through smartphones.”
With data being hosted in the cloud, not on each individual device, and various authentication protocols keeping the user from the data, OpenText was able to satisfy the DFAIT’s concerns.
Digital protesters, who have caused problems at previous international summits, were of significant concern and a driving force behind moving to cloud collaboration. In fact, cloud collaboration proved to be a safer method of communication. At previous summits, government officials’ email addresses were released and spammed by hackers until they were forced to shut down, Benay said. A safer way of communicating through the cloud figured into the government’s decision making.
Most of the protests in the past had focused on the third key issue – transparency.
“How much openness is enough to be open, yet making sure we’re managing security?” Benay said. “The dialogue could be open, but we probably don’t want President [Barack] Obama’s location disclosed during the summit.”
The DFAIT had a short window between mid-January and the end of March to test and deploy Social Workplace, but Knowlton said the implementation process posed no technical problems. He added that the biggest hurdle they faced was training people to use the software and setting up technical support centers.
While the DFAIT succeeded in setting up support centers before the summit, Knowlton said that they were an unused resource.
“There were no requests about ‘How do I do this? How do I do that?’” he said, adding that the only recurring complaint for users regarded password retrieval.
What the private sector can learn from the public sector
While the Canadian government was willing to trust a cloud collaboration company to handle sensitive data related to the world’s largest economies, many enterprises are still reluctant to put their data into the cloud.
Jeff Boehm, vice president of global product marketing for business intelligence firm QlikView, sees it all the time in his business.
“In terms of demand and pickup, I will in all honesty say that it’s not strong yet,” Boehm said in reference to the demand for QlikView’s SaaS-based offerings versus its on-premises solutions. “We are seeing some of our customers move applications, or some applications into the cloud, but it’s not huge demand. We see the vast majority of our customers running our applications on premise, with the middle ground being a private cloud.”
Despite white papers on the strength of their mobile and cloud security, and a server-side approach that keeps data safe behind authentication tools, QlikView still sees the majority of its business done on-premises.
“I think the security concerns today are largely overblown,” Boehm said. “There’s a bit of a herd mentality around this, and as people get more comfortable with it, people will move to it.”
Security moving forward
Benay acknowledges that events like the leak of Sony Playstation’s data are “the sort of thing that keeps CEOs who deal with the cloud up at night,” but believes that cloud networks can be secured if the environment is adaptive and if vendors of cloud-based products don’t “rest on their laurels.”
“To me, the cloud is more adaptable, which makes you able to implement these countermeasures to new security threats,” Benay said, adding that, “even if you’ve spent millions and billions on security, there’s always a new threat out there.”
Benay also believes that it’s important to keep cloud in perspective when comparing it to on-premises solutions.
“Everything that happened before the cloud was also secured and not secured,” Benay said. “Security is always a cat-and-mouse game; there’s always someone that’s going to try to breach and there’s always someone that’s going to prevent you from breaching.”