NARA Official: Hardest Part of Cloud Transition is Verifying Security


Convincing shareholders that data stored offsite is still secure is a challenge, Marlon Andrews said.

Proving that data is secure in the cloud is one of the biggest challenges to migration, according to one federal IT executive.

“Back in the old days of the data center, you locked up your racks, you locked up the room, you had to have an access badge to get physical access to the equipment," Marlon Andrews, deputy chief information officer at the National Archives and Records Administration, said during a June 15 MeriTalk panel in Washington.

The hardest part is, "[h]ow do you document that, and convince your stakeholders that, because the data's not located physically [on premise]," Andrews said.

"It's all about that cultural shift," he said, noting it can be difficult to demonstrate the agency maintains ownership and control over the data, and can ensure it's encrypted, "even though you can't see where that data resides" or might not have an exact location for where it's stored.

Defining the relationship between the agency and the cloud provider can ease the secure transition to cloud, he said.

"It's really everybody understanding what their new roles and responsibilities are,"  Andrews added, as well as making sure system owners and other groups within the organization have the same understanding of the data governance process.