Can Government Come Together Around Cloud? - InformationWeek
Software // Information Management
08:57 AM
Michael Biddick
Michael Biddick
Connect Directly

Can Government Come Together Around Cloud?

The Cloud Computing Forum & Workshop works to bring the government closer to adopting common standards

NIST sponsored the Cloud Computing Forum & Workshop; a kickoff event to bring the government closer to adopting common standards around the most critical issues of security, privacy, and data portability in the cloud. FedRAMP and SAJACC were the two big initiatives, but will they help?It seems clear to all that government is passed the tipping point and is dependent on technology to achieve policy goals. The scale of those requirements makes cost containment a critical objective for the federal government. CIO Kundra's opening remarks around the staggering federal government IT costs are staggering; $76B in IT spending annually, 10,679 IT systems, 300M customers and $1.9M federal employees.

The drumbeat around focusing on services and not infrastructure has been getting louder across the agencies, but the big question is around the government's ability to adopt common policies around cloud computing that allow it to take advantage of the platform.

While some technical challenges exist, like the scale of identity and key management and access to broadband connections, especially in rural areas, most of the issues surround common acceptance of security and policies in the cloud.

The workshop focused on two distinct efforts to try and alleviate these challenges. FedRAMP, spearheaded by the federal CIO Council, is a unified government-wide risk management program focused on developing accepted cloud computing environments. Although the goal of FedRAMP is to provide security authorizations and continuous monitoring of shared systems (clouds initially), individual agencies will still be have the authority and responsibility to use systems that meet their specific security needs. So while agencies will be able to save significant time and money by leveraging the FedRAMP authorizations, it will not be a requirement.

FedRAMP will work with a vendor (currently Microsoft and Google are in pilot mode) to evaluate their overall security environment and publish a list of security controls. FedRAMP will likely not meet the goals of all agencies, so moving to cloud will still require some security work. While FedRAMP will be based on the new NIST security framework that included DoD - there still will be some gaps between civilian, DoD and Intel agencies that will not make FedRAMP certification a slam-dunk for vendors. All of the implementation details on how this is funded, who monitors the systems after certification and who executes and enforces FedRAMP are also all TBD.

The other initiative, Acceleration to Jumpstart the Adoption of Cloud Computing SAJACC (pronounced Say - Jack) sponsored by NIST will be examining use cases, specifications and pointers to systems to help promote cloud solutions. The current focus is on IaaS since there are more standards around how to use foundational infrastructure like servers and storage. The big focus for SAJACC is portability, interoperability and security in the cloud. NIST is creating a portal where folks can see how government is using the cloud and work to connect them to solutions. Like FedRAMP, the details still need to be ironed out in terms of commercial software licensing and the process for vendor evaluation; however, they already identified nine systems that will be included in the portal.

The move to cloud will not be easy and it will not be fast for the government. The real test will be if agency leadership can come together and agree on standards. The value of the cloud is the economy of scale and there is no bigger IT consumer than the U.S. federal government. However, to achieve the benefits of cloud computing it requires that the federal government behaves like a unified enterprise, not a collection of departments and agencies with their own policies and procedures - and that is a tall order. While the carrot of cost savings and use cases may be compelling for some, we will likely need a little stick to break down some of the barriers to adoption and realize all of the potential benefits of cloud computing.The Cloud Computing Forum & Workshop works to bring the government closer to adopting common standards

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll