As the national security community considers cloud computing as an IT infrastructure option, it is surely looking at the value of the cloud in an information sharing world. Implementation of the recently signed Presidential Memoradum on Controlled Unclassified Information is an imporant challenge that may be met by the deployment of a government cloud.
“(1) This memorandum (a) adopts, defines, and institutes "Controlled Unclassified Information" (CUI) as the single, categorical designation henceforth throughout the executive branch for all information within the scope of that definition, which includes most information heretofore referred to as "Sensitive But Unclassified" (SBU) in the Information Sharing Environment (ISE), and (b) establishes a corresponding new CUI Framework for designating, marking, safeguarding, and disseminating information designated as CUI. The memorandum's purpose is to standardize practices and thereby improve the sharing of information, not to classify or declassify new or additional information.”
DHS has been working hard to develop and execute the appropriate business processes and associated workflows across multiple federal, state and local government information walls. Since the department inherited its IT portfolio from it's many predecessor organizations, virtualization of their infrastructure into a cloud seems to be a option worthy of study. Server and storage virtualiztion, however, is only the first step. Data and applications must also be virtualized through the adoption of a department-wide services oriented approach. A cloud platform with the appropriate embedded security capabilities seems appropriate.
In this secure cloud computing environment, access management, device management and user management will also be critical deployment aspect.