Can Cloud-Based Collaborative Data-Sharing Be Secure Enough for Defense Systems?

Though wariness about the perceived lack of security in cloud-based services is often voiced, there are some situations where the opposite is the case. Some businesses mindful of security say the cloud services that are important to them have done a lot of work to meet their expectations about security.

Cloud activity to explode in 2012

Malcolm Carrie, head of strategy and architecture in the office of the CIO at defense and aerospace manufacturer BAE Systems, says collaborative sharing of information with supply-chain partners is necessary to develop and build complex military systems. Today, one way that's done is through a cloud-based version of Microsoft SharePoint 2010 hosted by Exostar. The service, ForumPass 5, is a community cloud with built-in strong identity management and data encryption.

"What Exostar has done that's unique is taken standard SharePoint and made it more secure so it's possible to run multi-tenant, allowing multiple organizations to use instances of SharePoint in a secure way," says Carrie.

BAE Systems can share sensitive product-design information for collaborative work with companies that include Boeing, Lockheed Martin and Rolls Royce in the Exostar cloud environment. The confidence to do that arises from efforts in security that Exostar made, such as managing a public-key infrastructure for federated identity management and encryption of data, as well as support for two-factor authentication. "It's a shared authentication and authorization arrangement," says Carrie. "My information is encrypted in flight and at rest."

The ForumPass 5 service was recently upgraded to include a digital rights management option which customers could request to be applied to their documents. A Microsoft Office Integration capability is providing users with a way to access and edit documents directly from the desktop, rather than downloading and working locally. For the Exostar cloud-based services it uses, BAE Systems "pays by the drink," says Carrie.

That's a common pricing model for cloud-based services, but it's far more commonplace to hear deep skepticism and doubts about the security associated with the wide variety of cloud-based computing services in use today.

"Cloud computing solves zero computing problems and creates a huge number," says Paul Kocher, president and chief scientist at firm security firm Cryptography Research when asked about cloud computing in general in terms of security. But Cryptography Research, which is involved in crypto-based design and evaluation of PC and mobile systems, may represent the ultimate cloud skeptic in some ways - computers in business use there with sensitive information simply aren't allowed to even connect to the Internet.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.