But notice that the competition was between providers of cloud-based email for the Government, not between commodity cloud-based email. Matt Cain and I wrote a research note earlier this year, “Microsoft Speeds Race to Demonstrate Secure Collaboration Clouds” when Microsoft announced it had a “FISMA-ready” offering for cloud-based email. Google later announced the same thing.
Neither of these offerings were the vanilla, consumer-grade cloud based offerings both vendors offer. There are added-value security controls, physical constraints on the location of data centers etc. As Matt and I recommended in that Research Note:
- Make security certification and integrated security controls part of any evaluation of cloud suppliers.
- Look for cloud service providers that offer enough data protection to meet today’s compliance requirements. Over time, compliance requirements will adapt to challenges posed by cloud architectures.
- Avoid long-term contracts with cloud service providers since competition will rapidly drive providers to increase security.
Category: Uncategorized Tags: