Implementation of Cloud Computing Solutions in Federal Agencies : Part 2 – Challenges of Cloud Computing

(This is part 2 of the series entitled “Implementation of Cloud Computing Solutions in Federal Agencies” that first appeared on Forbes.com. This series provides the content of a whitepaper I recently authored. A copy of the complete whitepaper will be available at NJVC.com starting September 7, 2011.)

Despite the myriad benefits of cloud computing solutions, several challenges still exist. Being a young industry, there are few tools, procedures or standard data formats or service interfaces in place to guarantee data, computer application and service portability. As evidenced with the recent situation involving the services failure of Amazon’s Elastic Compute Cloud, outages can be a potential risk—and can have widespread implications for consumers of cloud services. This risk becomes even more severe if a mission-critical environment could be impacted.

A benefit as well as a challenge, security concerns have also slowed the widespread adoption of cloud computing. A variety of security concerns exist. According to the article, “Three Cloud Computing Risks to Consider,” in Information Security Magazine (June 2009), “the logging and auditing controls provided by some [cloud] vendors are not yet as robust as the logging providing within enterprises and enterprise applications,” which can put critical and sensitive data and information at risk. Security, of course, becomes increasingly critical in defense and intelligence IT environments.

For the government market, the lack of regulations and compliance standards are also cause for concern. Currently, no federal regulations are in place to govern cloud computing, and according to an April 2011 Information Systems Audit and Control Association survey of 1,800 Chief Information Officers (CIOs), compliance is a top risk. Approximately 30 percent of the CIOs surveyed said that “compliance projects are the biggest driver for IT risk-related projects”—particularly in public clouds. Specific to federal environments, data sovereignty is a challenge. According to a speech given by Federal CIO Vivek Kundra at an April 7, 2010, National Institute of Standards and Technology (NIST) forum,” [Data sovereignty] is not going to be a question of technology. [Data sovereignty] is going to be a question of international law, and treaties that we will need to engage in the coming years.” CIO Kundra later added: “We’ve got a very diverse interpretation and a very diverse perspective when it comes to privacy or international security, if you look at our neighbors—Canada or Mexico—versus what’s happening in the European Union.”

Cloud Computing and the Federal Government

The Obama administration has identified cloud computing as a means to achieve savings in IT budgets across federal agencies—across the board—and to address various other challenges (e.g., delays to capabilities and other inefficiencies) that have negatively impacted IT implementations. In his Fiscal Year (FY) 2011 budget, President Barack Obama ordered a three-year freeze in spending for non-defense, intelligence and national security programs and the trimming of the budgets of some federal agencies by five percent. At a July 1, 2010, House subcommittee hearing, CIO Kundra testified: “To do more than less [in terms for federal spending], we need game changing technologies. Cloud computing is one such technology.” The federal government is in the early stages of a decade-long process to “move to the cloud,” but has taken definitive steps in its adoption. Several key milestones have been achieved during the past two years in support of this effort:

• 2009: Establishment of the General Services Administration (GSA) Cloud Computing Program Office to coordinate the government’s cloud computing efforts; assembly of a public-private sector Industry Summit to discuss the benefits and risks of cloud computing; and creation of Security and Standards Working Groups to encourage collaboration and discussion on cloud computing by federal agencies
• 2010: Commencement of the development of federal security certification and accreditation processes for cloud services; convening of a NIST-hosted, public-private sector “Cloud Computing Forum and Workshop” to collaboratively develop cloud standards; release of 25-point federal IT reform plan; announcement by GSA and Federal Chief Information Officers Council on the requirements for the Federal Risk and Authorization Management Program, a standard approach for the federal government to access and authorize secure cloud-computing services and products
• 2011: Release of the Federal Cloud Computing Strategy (per the Obama administration’s 25-point IT reform plan) and award of 12 GSA IaaS blanket purchase agreements

The Obama administration adopted a “cloud-first” policy as part of its earlier referenced 25-point federal IT reform plan. This plan was developed after extensive review of federal IT projects with a particularly hard eye on 26 large-scale projects at risk due to being over budget and behind schedule. This policy is part of the 2012 budget process. One of the first steps in the “cloud-first” adoption is the requirement for every federal agency to develop and implement one cloud-based solution by December 2011 and three cloud-based solutions by June 2012. As of April 2011, agencies are making progress in this endeavor. During a special White House event, CIO Kundra said that CIOs from 15 agencies have already informed the Office of Management and Budget that they will evolve to cloud-based email solutions by the December 2011 deadline.

Cloud computing also has been identified by the Obama administration as a viable solution to the administration’s challenge to cut the federal budget via the consolidation of 800 of the government’s 2,094 data centers by 2015. CIO Kundra has specifically identified cloud computing as a central measure to reduce the costs and increase the efficiencies of federal data centers. Cost savings are already being achieved. At an April 12, 2011 Senate subcommittee hearing, Dave McClure, Associate Administrator, GSA Office of Citizen Services and Innovative Technologies, testified that the consolidation of just 12 data centers to three will save $2 million a year. Mr. McClure also testified that GSA’s move to a cloud-based email system will save $15 million over the next five years.

So, whether or not federal agency CIOs support cloud computing, the evolution to the cloud in their specific IT environments is not something to consider in the future: it is something to undertake today—and is mandated. Therefore, the way the federal government conceives of IT operations must change from traditional practices and operating systems to new enterprise resource controls, standards and business processes and operations. With the computing stacks functioning as a utility within the infrastructure as a platform and new business processes in place, highly automated resources provide the extensible platform needed to meet agency or mission needs.

( Thank you. If you enjoyed this article, get free updates by email or RSS – KLJ )