The federal government Tuesday afternoon released draft plans for a program to ensure cloud services meet federal cybersecurity guidelines, which should help shore up lingering government concerns about cloud security and accelerate adoption of the technology.
The government expects the program, the Federal Risk and Authorization Management Program (FedRAMP), to be operational by the first quarter of 2011. Through the voluntary program, developed with cross-government and industry support over the last 18 months, cloud services would go through a standardized security accreditation and certification process, and any authorization could then be leveraged by other agencies.
"By simplifying how agencies procure cloud computing solutions, we are paving the way for more cost-effective and energy-efficient service delivery for the public, while reducing the federal government's data center footprint." federal CIO Vivek Kundra said in a statement.
The Obama administration has been pushing federal agencies to adopt cloud computing to help save the government money, with Kundra and other top officials championing the technology and instituting policies, such as data center consolidation requirements, that could help spark a shift to the cloud. However, federal IT managers have consistently raised security concerns as the biggest perceived barrier to adoption.
The debate over cloud security recently reached a boil in some government quarters. Google sued the Department of Interior last month for favoring Microsoft's cloud email service in a proposed acquisition. In the suit, Google claims that the agency's CTO told it that its product wasn't compliant with agency security requirements, but the agency then declined to provide those security requirements.
In addition to inconsistent requirements and fears about who controls the underlying data, the government's security concerns arise in part because cloud computing is a new paradigm that must be shoehorned into the security requirements of regulations like the Federal Information Management Security Act, which governs federal cybersecurity for most of government. FedRAMP achieves that by mapping out the baseline required security controls for cloud systems, and thus creating a consistent set of security guidelines for cloud computing.
FedRAMP also aims to eliminate a duplicative, costly process to certify and accredit applications. In the past, each agency would typically take apps and services through their own accreditation process. However, in the shared-infrastructure environment of the cloud, such a process is redundant, and FedRAMP allows services to be accredited once and have that accreditation leveraged by all government agencies.
The FedRAMP draft includes three major pieces: a set of cloud computing security baseline requirements; a process to continuously monitor cloud security; and a description of proposed operational approaches to authorizing and assessing cloud-based systems.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Server Market SplitsvilleJust because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.