Part 1 of this three-part series discusses the promise cloud computing holds for federal agencies to drastically cut costs while boosting performance and improving services.
The U.S. government is searching for ways to reduce the fog of bureaucracy to improve communication with citizens, and has turned to the cloud as a key strategy to achieve that goal.
In addition to improving services to taxpayers, use of the cloud could save cash-strapped federal agencies millions of dollars. With an annual tab of more than US$80 billion for information technology, the federal government is in a unique position to leverage the potential efficiencies offered by cloud computing.
Commercial vendors, as well as government managers, are well aware of the potential for cloud computing at the federal level.
“The cloud represents a great opportunity for government to focus on its main objective of serving the public. Cloud computing offers tremendous advantages for federal agencies, such as higher productivity, access to innovation, improved collaboration, built-in disaster recovery, better reliability, and unmatched economies of scale and savings,” Mike Bradshaw, director of Google Federal, told the E-Commerce Times.
Google is aggressively pursuing government business and in late July introduced Google Apps for Government, a Cloud-oriented program that includes features dealing with the policy and security needs of government agencies.
“By using cloud computing services, the government can gain access to powerful technology resources faster and at lower cost,” said Federal CIO Vivek Kundra at a House committee hearing on cloud computing in July. “Ultimately, this will allow the government to focus on mission-critical tasks instead of on purchasing, configuring and maintaining redundant infrastructure.”
White House, GSA Lead Effort
The strategy for adopting the cloud on a broad basis is still very much a work in progress. There are two critical federal centers for cloud development.
The first is the Office of E-Government and Information Technology, which is charged with guiding the use of Internet-based technologies. The office is directed by Kundra, who is encouraging the adoption of cloud technology through informal educational and promotional efforts, as well as through formal directives.
The second is the General Services Administration, which established a Cloud Computing Program Management Office (PMO) in April 2009. The GSA office is responsible for coordinating the federal cloud computing effort in key areas such as security, standards and acquisition. GSA is considering its future role as a cloud provider within the government, both as a consultant to agencies and as a conduit for acquiring cloud resources.
“We are discussing that role, but we see it as based on industry participation. GSA may act as a broker and as an acquisition mechanism, but industry is going to get the business,” Sonny Bhagowalia, GSA’s deputy associate administrator for innovative technologies, told the E-Commerce Times.
The pace of moving federal agencies to the cloud has picked up within the past year. In September 2009, Kundra launched a more aggressive federal cloud initiative. The key element was an Internet accessible platform developed by GSA, Apps.Gov, that was designed to assist federal managers in learning about and acquiring cloud technology.
In November 2009, the GSA cloud office established working groups on security and standards, with the National Institute of Standards and Technology (NIST) charged with leading the effort. In February 2010, GSA launched a government-wide security certification and accreditation process for cloud computing solutions. Last May, NIST hosted a forum for government and industry officials to collaboratively develop standards and explore solutions for cloud interoperability, portability and security.
In addition to developing an overall plan for cloud adoption, both GSA and the Federal CIO are working to incorporate cloud computing operations at a functional level, both to demonstrate the capabilities of the cloud to other agencies, and to improve efficiencies within government. For example, in February 2010, Kundra directed all federal agencies to develop plans for consolidating various data centers, with an eye to using cloud technology for data management.
“Over the past decade, while the private sector was consolidating data centers, the federal government increased its data centers from 432 to over 1,100, leading to redundant investment, reduced energy efficiency, and poor service delivery,” Kundra said at the House committee hearing. “Cloud computing has the potential to greatly increase data center efficiency. It is a model for delivering computing resources — such as networks, servers, storage or software applications.”
For its part, GSA is seeking to transfer more than 15,000 of its own email accounts to a cloud application. GSA plans to replace its current enterprise, on-premise system with a primarily Web-based Software as a Service operation offered by commercial cloud service providers. GSA accepted proposals through July 12 and is now analyzing vendor offerings.
GSA Eyes Procurement Role
Despite these initiatives, widespread adoption of the cloud at the federal level could take years, as agencies and departments strive to overcome impediments to adoption, including the receptiveness of IT managers, security issues and vendor relationships.
For example, GSA’s role as a cloud broker and facilitator is still a bit of a mixed bag.
“The success of GSA remains to be seen. The Apps.gov site has not been utilized for actual cloud computing purchases as GSA envisioned,” Deniece Peterson, manager of industry analysis for INPUT, told the E-Commerce Times. “Agencies have used the site more for information and education — however, it may make it easier for agencies to find vendors. But ultimately, centralized procurement is easier for the government, for sure.”
Deployment issues including security and interoperability have not been completely resolved. For example, the General Accountability Office (GAO), noted that while cloud computing can increase security by reducing the use of portable devices, the use of the cloud can also pose added security risks.
“In response to a GAO survey, 22 of 24 major agencies reported that they are either concerned or very concerned about the potential information security risks associated with cloud computing,” Gregory Wilshusen, GAO’s director of information security, said at the July hearing. GAO faulted GSA and OMB for failing to develop a comprehensive cloud implementation strategy and a better plan for safeguarding information.
In response, GSA’s Bhagowalia told the E-Commerce Times that “we have initiated a cloud strategy program, and we should be making that public by the end of the year.” In addition, GSA, OMB and NIST are collectively developing a Federal Risk and Authorization Management Program (FedRAMP), a government-wide initiative to provide joint authorizations and continuous security monitoring services for all federal agencies, with an initial focus on cloud computing.
The FedRAMP initiative is important for IT vendors.
“Federal agencies need to have valid certification and accreditation processes and a signed authority to operate in place for each cloud-based product they use,” Douglas McClure, GSA associate administrator for citizens services and innovative technologies, said at the hearing.
“While vendors are willing to meet security requirements, they would prefer not to go through the expense and effort of obtaining a certification and authority for each use of that product in all the federal departments and agencies,” he explained.
The FedRAMP template, expected for release this fall, is designed for multiple applications.
Federal agencies are also worried about becoming dependent on a single vendor for a cloud application for a long period of time. The vendor lock-in concern is another factor contributing to reluctance to adopt cloud technologies.
However, these concerns about security and operations may be overblown.
“I am a little skeptical when people make general statements about some of the impediments to cloud adoption,” Dan Burton, senior vice president for global public policy at Salesforce.com, told the E-Commerce Times.
“First we heard the cloud was okay for the private sector but not for government, until we installed some government applications. Then we heard about security issues — until it worked for the State Department on nuclear nonproliferation issues,” Burton recalled.
“The vendor ‘lock-in’ issue is not that big of a deal,” he maintained. “It doesn’t take a whole lot of effort to opt out of a vendor’s platform because there are standard transfer programs that are readily available. When it comes to cloud adoption, you really have to look at the specific government application and the capability of each vendor.”