US Softens Stance on Sensitive DoD Data in the Cloud

The United States’ Cloud First initiative was announced in 2010 and it enabled the US Federal government to get a head start on the cloud. This early investment has given different branches of government a new set of tools in order to use in their information technology endeavors. Since some of this technology has been in place for several years now, the security layers that surround these technologies have matured enough that the government has now said that they would consider allowing US Department of Defence data to reside inside the government’s private cloud.

More specifically, the Wall Street Journal reports that Department of Defence contractors are not allowed to take data on how to build US weaponry outside of the US.  The regulations that cover this policy are called the International Traffic in Arms Regulations. The broad policy covers everything from hand radios to fighter jets.  This data is classified as being sensitive and up until now, the data was not allowed to exist in the cloud. The US contracted Perspecsys, Inc. for an opinion on the security of the cloud and how the government could keep this data in the cloud but disallow the data from actually leaving the country. Perspecsys’s opinion was that it would be possible to “take all of the steps necessary” in order to make the private federal cloud comply with the ITA Regulations.

Before going full steam ahead with the idea, a State Department official noted that “What we’ve said is that if a U.S. person takes sufficient means to ensure data is only viewed by authorized U.S. persons we’re fine with them putting it on the cloud.” In efforts to further clarify the previous statement, the State Department official went on to say, “We’re not saying whether those means exist yet.”