In its recommendations, the Commission on the Leadership Opportunity in U.S. Deployment of the Cloud, or Cloud2, a group of 71 academics and industry execs put together by industry group TechAmerica, encouraged the Obama administration to take a number of steps that the group said would help government become more efficient and spur a more rapid development of the cloud computing market.
The Cloud2 effort parallels work going on at NIST to develop cloud computing standards and case studies. It also provides a bit of a roadmap for the government and government agencies as they pursue the Obama administration's "cloud first" policy that requires agencies to consider cloud platforms as they plan new IT projects.
The commission's 14 recommendations fall broadly into four buckets: facilitating trust and security, managing data flows, transparency and data portability, and changing policies in miscellaneous areas from acquisition to training. The recommendations include steps that agency IT departments can take on their own as well as steps that will need to be taken by policy-makers and even industry.
In terms of steps that IT departments can take on their own, for example, the commission recommended that agencies begin considering whether they can host certain workloads in other countries, rather than requiring cloud vendors to host everything on American soil as most agencies do today. "Trust and security depend on many factors, and physical location is just one of many," Dan Reed, corporate VP of tech policy for Microsoft, said at a press conference to announce the recommendations.
The commission also recommended that government upgrade its IT infrastructure to optimize for cloud computing and create formal education and training around cloud computing.
As for policy changes, the commission had no shortage of ideas, including changing how IT projects are funded and budgeted, updating the 25-year-old Electronic Communications Privacy Act, developing a joint research agenda with academia and industry, updating and strengthening criminal laws against hackers, facilitating identity management efforts, and improving breach notification laws.
The 16-page buyers guide gives federal agencies pointers on how to comply with the cloud first policy, providing them with a series of best practices, including recommending that agencies build detailed business cases for cloud investment, prioritize and assess the cloud attributes they are looking for in each cloud platform such as automatic upgrades and ease of use, understand the triggers for considering cloud deployment for specific IT projects, and understand security requirements. It also lays out best practices across several different functional roles, from acquisition managers to CIOs.
The group has shared or plans to share its recommendations widely across government with stakeholders like outgoing federal CIO Kundra, Commerce Secretary Gary Locke, and Pat Gallagher, director of NIST. Capellas said that the recommendations are "living documents" and will be updated moving forward.
Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In this Dark Reading Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes and controls. Read our report now. (Free registration required.)