December 2011: GovCloud Moves From Policy to Law

Over the past years, government cloud computing has steadily moved forward from it’s early beginnings as an interesting curiosity:

Since Sunday’s broadcast, I’ve been asked numerous times about my real answer to the question “Will ‘Cloud Computing’ Work In White House“. Although I would never assume to be in a position to advise the President-elect, I’m more than happy, however, to add my voice to the Center for Strategic and International Studies (CSIS) and the distinguished list of contributors that recently released the CSIS Commission on Cybersecurity for the 44th Presidency.

I truly believe that cloud computing technology can be used to implement some of their recommendations. One in particular is their recommendation for a National Office for Cyberspace (NOC) and a new National Security Council Cybersecurity Directorate (NSCCD). Along with the relevant agencies, these organizations would:

“Assume expanded authorities, including revised Federal Information Security management Act (FISMA) authorities, oversight of the Trusted Internet Connections (TIC) initiative, responsibility for the Federal Desktop Core Configuration (FDCC) and acquisition reform, and the ability to require agencies to submit budget proposals relating to cyberspace to receive its approval prior to submission to OMB.”

Government cloud computing is a reality and as Peter Mell of NIST succinctly put it, “2010 will be the year of the cloud computing pilot.” I look forward to continuing this exciting conversation with you all!

2011 will be the breakout year for GovCloud! Pressure to reduce budget, pressure to manage I resources better and the political pressure of the next presidential election will combine to accelerate adoption. The GSA IaaS groundwork has been laid and new policies are just about ready to be released !!

December 2011: And what did Santa bring this year!!

Each Executive department or agency shall:

i. Use FedRAMP when conducting risk assessments, security authorizations, and granting ATOs for all Executive department or agency use of cloud services;

ii. Use the FedRAMP PMO process and the JAB-approved FedRAMP security authorization requirements as a baseline when initiating, reviewing, granting and revoking security authorizations for cloud services;

iii. Ensure applicable contracts appropriately require CSPs to comply with FedRAMP
security authorization requirements;

“PERFORMANCE PLAN FOR REDUCTION OF RESOURCES
REQUIRED FOR DATA SERVERS AND CENTERS.— …

(2) DEFENSE-WIDE PLAN.—

(A) IN GENERAL.—Not later than April 1, 2012, the Chief Information Officer of the Department shall submit to the congressional defense committees a performance plan for a reduction in the resources required for data centers and information systems technologies Department-wide. The plan shall be based upon and incorporate appropriate elements of the plans submitted under paragraph (1).

(B) ELEMENTS.—The performance plan required under this paragraph shall include the following:

(ii) A Department-wide strategy for each of the following: ….

(II) Transitioning to cloud computing.

(III) Migration of Defense data and government-provided services from Department-owned and operated data centers to cloud computing services generally available within the private sector that provide a better capability at a lower cost with the same or greater degree of security.

(IV) Utilization of private sector-managed security services for data centers and cloud computing services.”

( Thank you. If you enjoyed this article, get free updates by email or RSS – KLJ )