Commentary

John Foley
Editor, InformationWeek  

Uncle Sam's Cloud Computing Dilemma

Federal agencies are under pressure to deploy cost-effective IT systems quickly, and cloud computing is one of the solutions favored by the Obama Administration. Yet, would-be cloud users in government will have to navigate a thicket of security requirements and other guidelines, warns one expert.

Federal agencies are under pressure to deploy cost-effective IT systems quickly, and cloud computing is one of the solutions favored by the Obama Administration. Yet, would-be cloud users in government will have to navigate a thicket of security requirements and other guidelines, warns one expert.In a slide presentation shared with attendees at a cloud interoperability workshop yesterday in Arlington, Va., John Curran, CTO and COO of ServerVault, tackled the question of what cloud vendors could do to let federal agencies use cloud services while complying with federal IT policies. "For many agency applications, stringent compliance requirements in areas such as privacy, financial controls, and health information will preclude use of public clouds, regardless of the actual security controls of the provider," he says.

Curran outlines a handful of existing regulations originally designed for outsourced IT that he says also apply to cloud computing. They include FISMA section 3544b, the OMB M-08-21, and FIPS publication 199 and 200. You can get more detail on those requirements from Curran's downloadable presentation here.


More Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

According to Curran, the "Federal CIO's dilemma" is that cloud computing, in some respects, represents a newer, better approach to IT, but issues around security, compliance, and interoperability are yet to be resolved. He presents a to-do list to get the cloud computing industry from here to there. It includes technical standards for interoperability, to support data and applications portability across public clouds, as well as between public clouds and "private" government cloud environments.

As a managed service provider to government agencies, ServerVault has already cleared the hurdle on some of the strict facility, personnel, and process requirements of providing IT services to Uncle Sam. I asked Curran whether federal agencies would tap into cloud services from general purpose cloud providers such as Amazon and Google. "That's the big question," he said.

The most likely scenario, he said, is that federal agencies would use commercial cloud services for unclassified, "low impact" data and applications--those in which any data loss would have minimal adverse effect--and not for data or applications more sensitive in nature.


Related Reading




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
T-Shirt Giveaway T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting!
Subscribe to RSS

Resource Links