Feds Get Detailed Cloud Planning Advice - InformationWeek
04:16 PM
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Feds Get Detailed Cloud Planning Advice

Private sector execs, academics suggest changes like updating laws and setting research priorities, share practical recommendations for CIOs.

Top 20 Government Cloud Service Providers
(click image for larger view)
Slideshow: Top 20 Government Cloud Service Providers
An industry and academia-led group created with the urging of federal CIO Vivek Kundra and the Department of Commerce released recommendations on Tuesday on how the government can better foster the deployment of cloud computing and a cloud buyer's guide for government agencies.

In its recommendations, the Commission on the Leadership Opportunity in U.S. Deployment of the Cloud, or Cloud2, a group of 71 academics and industry execs put together by industry group TechAmerica, encouraged the Obama administration to take a number of steps that the group said would help government become more efficient and spur a more rapid development of the cloud computing market.

The Cloud2 effort parallels work going on at NIST to develop cloud computing standards and case studies. It also provides a bit of a roadmap for the government and government agencies as they pursue the Obama administration's "cloud first" policy that requires agencies to consider cloud platforms as they plan new IT projects.

The commission's 14 recommendations fall broadly into four buckets: facilitating trust and security, managing data flows, transparency and data portability, and changing policies in miscellaneous areas from acquisition to training. The recommendations include steps that agency IT departments can take on their own as well as steps that will need to be taken by policy-makers and even industry.

In terms of steps that IT departments can take on their own, for example, the commission recommended that agencies begin considering whether they can host certain workloads in other countries, rather than requiring cloud vendors to host everything on American soil as most agencies do today. "Trust and security depend on many factors, and physical location is just one of many," Dan Reed, corporate VP of tech policy for Microsoft, said at a press conference to announce the recommendations.

The commission also recommended that government upgrade its IT infrastructure to optimize for cloud computing and create formal education and training around cloud computing.

As for policy changes, the commission had no shortage of ideas, including changing how IT projects are funded and budgeted, updating the 25-year-old Electronic Communications Privacy Act, developing a joint research agenda with academia and industry, updating and strengthening criminal laws against hackers, facilitating identity management efforts, and improving breach notification laws.

The 16-page buyers guide gives federal agencies pointers on how to comply with the cloud first policy, providing them with a series of best practices, including recommending that agencies build detailed business cases for cloud investment, prioritize and assess the cloud attributes they are looking for in each cloud platform such as automatic upgrades and ease of use, understand the triggers for considering cloud deployment for specific IT projects, and understand security requirements. It also lays out best practices across several different functional roles, from acquisition managers to CIOs.

The group has shared or plans to share its recommendations widely across government with stakeholders like outgoing federal CIO Kundra, Commerce Secretary Gary Locke, and Pat Gallagher, director of NIST. Capellas said that the recommendations are "living documents" and will be updated moving forward.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In this Dark Reading Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes and controls. Read our report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll