72 IEEE CLOUD COMPUTING PUBLISHED BY THE IEEE COMPUTER SOCIETY 2325-6095/16/$33.00 © 2016 IEEE KEVIN L. JACKSON GovCloud kevin@govcloudnetwork.com CLOUD COMPUTING IS REWRITING THE BOOK ON IT, BUT INTERCLOUD NETWORK- ING REMAINS A KEY OPERATIONAL ISSUE. Layering inherently global cloud services on top of a globally fractured networking infrastructure just doesn’t work. Incompatibilities abound and enter- prise users are forced to use “duct-tape and baling wire” to keep their global operations limping along. From a US federal government viewpoint, the Of- fce of Management and Budget Memo M-08-05 ad- dressed this issue head-on in 2008 by releasing the Trusted Internet Connection (TIC) initiative. 1 De- signed to optimize and standardize how the federal government secures external network connections, the TIC initiative sought to improve the federal gov- ernment’s security posture and incident-response capabilities by reducing and consolidating the to- tal number of external connections and providing enhanced monitoring and awareness of external connections. National Institute of Standards and Technology (NIST) Special Publication 800-60 Vol- ume 1, Guide for Mapping Types of Information and Information Systems to Security Categories, empha- sizes the importance of network security to informa- tion system security by stating 2 : One signifcant activity includes levying an overall security categorization for the agency’s supporting network infrastruc- tures. Since networks, as well as other general support systems, do not inherent- ly “own” mission-based or management and support information types, the infra- structure’s categorization is based on the aggregation of the information systems’ se- curity categorizations. In other words, the infrastructure’s security categorization is the high water mark of the supported infor- mation systems and is based on the infor- mation types processed, fowed, or stored on the network or general support system. Is this approach proper in a world where the or- ganization doesn’t actually own or have complete vis- ibility into the network? This viewpoint also seems to ignore the dynamic nature of today’s software-de- fned networking reality. A continuing gulf between IT professionals, mission owners, and business man- agers only exacerbates the networking challenges. IT professionals, however, bear a greater amount of blame because we’re responsible for providing the operational platform and enabling the new informa- tion-delivery models that drive modern constituent services and commerce. The increase in employee-owned devices in the workplace has also generated quite a few thorny net- working and security challenges. The use of these modern conveniences has driven an increase in the practice of sandboxing smartphone, tablet, and lap- top network traf fc. Although such practices have been shown to prevent the introduction of mal- ware and other harmful software into the govern- ment computing environment, the associated use of Government Cloud Achilles Heel: The Network CLOUD AND THE GOVERNMENT