Uncle Sam's Cloud Computing Dilemma
Federal agencies are under pressure to deploy cost-effective IT systems quickly, and cloud computing is one of the solutions favored by the Obama Administration. Yet, would-be cloud users in government will have to navigate a thicket of security requirements and other guidelines, warns one expert.
In a slide presentation shared with attendees at a cloud interoperability workshop yesterday in Arlington, Va., John Curran, CTO and COO of ServerVault, tackled the question of what cloud vendors could do to let federal agencies use cloud services while complying with federal IT policies. "For many agency applications, stringent compliance requirements in areas such as privacy, financial controls, and health information will preclude use of public clouds, regardless of the actual security controls of the provider," he says.
Curran outlines a handful of existing regulations originally designed for outsourced IT that he says also apply to cloud computing. They include FISMA section 3544b, the OMB M-08-21, and FIPS publication 199 and 200. You can get more detail on those requirements from Curran's downloadable presentation here.
According to Curran, the "Federal CIO's dilemma" is that cloud computing, in some respects, represents a newer, better approach to IT, but issues around security, compliance, and interoperability are yet to be resolved. He presents a to-do list to get the cloud computing industry from here to there. It includes technical standards for interoperability, to support data and applications portability across public clouds, as well as between public clouds and "private" government cloud environments.
As a managed service provider to government agencies, ServerVault has already cleared the hurdle on some of the strict facility, personnel, and process requirements of providing IT services to Uncle Sam. I asked Curran whether federal agencies would tap into cloud services from general purpose cloud providers such as Amazon and Google. "That's the big question," he said.
The most likely scenario, he said, is that federal agencies would use commercial cloud services for unclassified, "low impact" data and applications--those in which any data loss would have minimal adverse effect--and not for data or applications more sensitive in nature.
Cloud Connect
Don’t miss Cloud Connect, the first event to bring together business executives, IT pros, and developers to define the cloud and drive growth and innovation. See the latest technologies and learn from cloud computing’s thought leaders at Cloud Connect’s conference and expo. Save 30% on conference passes or register for a free Expo pass below.
March 15-18, 2010
Santa Clara Convention Center
Silicon Valley, CA
Subscribe to our free, weekly report exploring the business, strategy, and management issues of cloud computing.
Get the details on ‘infrastructure as a service’ from a dozen vendors, including data on prices, services, contracts, platforms supported, and more.
Cloud computing adds abstraction, interdependency, and uncertainty about where data goes and how it’s protected. Here’s how to evaluate performance, cost, and risk in the cloud.
Featured Resources
