NASCIO Releases Capitals in the Clouds Part V: Managing the Risk of Free Cloud Services

LEXINGTON, Ky., Wednesday, April 3 – Cloud-based file sharing solutions have become very popular and certainly a growing and significant part of day-to-day computing according to “Capitals in the Clouds Part V: Managing the Risk of Free Cloud Services” an issue brief released today by the National Association of State Chief Information Officers (NASCIO). It is easy to see why these services are attractive to state government users after using them in many facets of their personal life. With a wide variety of choices in the market, these solutions are easy to access, configure and use. They support multiple devices (especially mobile), and data in multiple formats. The most important consideration for state employee users – these file sharing services are free.

Since the release of the 2012 NASCIO and Deloitte Cybersecurity Study, more security and policy questions have been raised on the use of free cloud services by states. In addition to the May 2012 Capitals in the Clouds IV guidance on rogue cloud users, states have continued to seek out leading practices on how to put the proper controls in place, meet security standards, craft acceptable use policies, and identify the open records and legal concerns regarding terms of service. In addition, state CIOs understand they must support the business objectives of their agency customers and offer enterprise alternatives to free cloud services.

“The business is the only reason we all exist in providing IT services. Without the business, IT has no role. However, identification, assumption and mitigation of risk must be an integral part of the overall business plan,” said Tony Encinias, state chief information officer for the Commonwealth of Pennsylvania. “Having the business acknowledge, understand and be accountable of the risk changes human behavior. This philosophy is an important tenant on how the Commonwealth approaches risk management.”

To address these concerns and take a deeper dive into the topic, NASCIO interviewed IT security expert Erik Avakian, chief information security officer for the Commonwealth of Pennsylvania. The insightful interview is available for download on NASCIO’s website at www.nascio.org/publications/.