I recently fielded a request to contribute to an article on cloud computing – as it applies to the federal government. As part of Obama’s budget request, he is asking agencies to make cloud computing a major part of technology modernization efforts in the federal government. One of the questions I addressed was:
What role will cloud computing play in tele-work and work at a distance?
This is obviously intended to be a public transit, productivity, and lifestyle question, but I decided to look at it from a security standpoint. What could be some of the “unintended consequences” of a large-scale shift to tele-working and/or tele-commuting by federal government workers? Here is my response:
Cloud computing offers great promise, but there is also a huge security issue. One of the weakest points of current security processes is protecting the data that is displayed on the computer screen. In a controlled-access work place, there is the assumption that a nefarious person will not be able to enter the premises, stand over the shoulder of a worker, and record what is shown on the worker’s screen.
In tele-work and work at a distance, there is no controlled physical situation. To surreptitiously record information on a computer screen, it is much easier to install a hidden camera in a home office or in a favorite coffee shop than in a controlled access building. There are a wide range of technologies that can be deployed in these types of espionage efforts. It is especially concerning that if done successfully, this approach can easily bypass all the network and encryption efforts typically used today. Worse yet, it is usually completely undetectable. To get a feel for this issue take a look at this recent article in Scientific American.
It makes me wonder if I want to save tax dollars and relieve congestion on DC area freeways by having our Federal servants working from the suburbs…
