All across the federal government, officials are preaching the gospel of cloud computing.
The Obama administration has made cloud computing a high priority, calling for a "fundamental re-examination of investments in the technology infrastructure." Federal chief information officer Vivek Kundra--the White House's relentless advocate for the cloud—has touted cloud computing as "the next generation of IT" in government.
According to General Services Administration officials, whose role in the initiative is to help agencies procure cloud services, "the overall objective is to create a more agile federal enterprise, where services can be provisioned and reused on demand to meet business needs."
When GSA last September launched Apps.gov—a one-stop "storefront" through which agencies can learn about cloud computing and shop for cloud services—a CIO at one agency declared: "The advantages of cloud computing are so compelling, I don't think there is any going back."
Other proponents of cloud computing in government echo that same kind of zeal.
"There is the real potential to deliver services more cheaply and effectively because you're not having to manage a large, complex infrastructure," said Tim Grance, program manager of cyber and network security at the National Institute of Standards and Technology, which the administration has tasked with promoting the effective use of cloud computing, furnishing technical guidance and developing standards for agencies to follow.
NIST's cloud-computing research team has been working on a standard definition of cloud computing so that users across the government can benefit from a shared understanding of its attributes and characteristics. "Without that shared understanding, people are going to have different views about it," Grance said.
NIST officials expect to issue a white paper on cloud computing, including a comprehensive definition, "in a month or two," Grance said. In a draft of the document, NIST has included descriptions of deployment models, including the public cloud, the private cloud and what it calls the "community cloud."
Many officials believe that a community cloud model, which supports a select group of organizations, may be uniquely suited to the government setting, where many agencies have common objectives and concerns, such as mission goals and security requirements.
Everyone not on board
Despite robust efforts to promote cloud computing, some feds are still wary of handing off their IT infrastructures and applications to the cloud. To be sure, stubborn resistance to change is a common bugbear in government IT.
Martha Dorris, deputy associate administrator of GSA's Office of Citizen Services and Communications, said that when GSA last year moved its huge information portal, USA.gov, to the cloud, the primary hurdle was cultural, not technical. She offered these tips for overcoming organizational resistance to cloud migration:
- Understand the security issues. Although GSA migrated USA.gov to a private cloud, which is ostensibly safer than a public cloud, security is still key. While you can harden servers according to NIST standards (which GSA did), you need to understand what level of protection your hosting company is providing.
- Prepare for differences in backing up data. Sometimes vendors provide backup for their cloud but not for your applications. In this case, you will have to set up your own backup routines, which includes scheduled backups and movement to disk for critical applications.
- Educate your team. It is critical to understand how the migration to cloud computing will impact your agency, the differences in roles and responsibilities of your technical teams and the benefits that cloud computing can yield. Be sure to weigh the potential challenges. And you may want to leverage the experiences of others who have taken this journey as part of the education process.
- Train your teams ahead of time. Depending on the environment you are migrating from, there could be a big difference in systems administration when you go cloud. To ensure that your team is prepared, begin training well advance of the move.
Indeed, security of data in the cloud is perhaps the overriding concern—and a source of cultural resistance--among government officials.
"Whenever people say security is an issue [in cloud computing], it's almost pro forma," Grance said. But he calls security a "tractable" problem. "There's this notion that administrators can't go in and hug their servers," he said. "That gives people a certain discomforting feeling. But the cloud vendors know where the data is. Just because a cloud is public it doesn't mean that your data is public."
Grance and other cloud-computing experts noted that vendors are under strict requirements to meet federal accreditation and certification requirements and comply with standards under the Federal Information Security Management Act of 2002.
For Susie Adams, chief technology officer for Microsoft Corp.'s federal business, cloud computing isn't an all or nothing proposition when it comes to security. "There are going to be some scenarios [where agencies] just aren't going to be comfortable putting certain data in the cloud," she said. "They should just keep that data behind their firewall."
About the author:
Richard Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 10 years.
This was first published in March 2010