Government and Cloud Computing
Federal government sees great opportunities in cloud computing
May 16 , 2012
The federal government, like the private sector, sees great opportunities in moving its IT infrastructure in the cloud. A 2011 white paper by then-Chief Information Officer Vivek Kundra estimated that $20 billion of the government's $80 billion in annual IT spending could move to the cloud. A study by the MeriTalk Cloud Computing Exchange estimates that the government could save $12 billion a year through greater use of cloud services, which promote efficiency through elimination of duplication and higher utilization of equipment. But the reality is that because of complex regulations, especially those covering security and procurement, that move will be slow and painful.
Cloud computing is often a vague concept, but the feds at least have a precise definition to work with. According to the National Institute of Standards and Technology, it is "a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e g , networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
In the private sector, a company with a quick need for some extra capacity, perhaps to handle the launch of a new product or to trial a service before committing capital expenditure, can just go to Amazon Web Services (or any of a number of other providers) and order up virtual servers, storage, and other services. Although Amazon's Elastic Cloud Computing (EC2) service is certified by NIST for "medium" security uses, other rules make it hard for agencies to move to the public cloud.
The General Services Administration, the government's centralized purchasing operation, is building a system that should make moves to the cloud easier for agencies. The Federal Risk and Authorization Management Program, known as FedRAMP, is supposed to provide a standardized and secure approach for cloud moves when it becomes operational in June. The goal, according to GSA, is to provide an "approve once, use often" model for cloud service providers.
But even then, it isn't going to be easy. The Department of Health & Human Services Centers for Medicare & Medicaid Services "CMS Cloud Computing Standard" is a typical agency document laying out the additional difficulties. FedRAMP provides "authority to operate"—the critical approval all federal IT efforts require—only to the basic cloud service. But, as the standard says in its best bureaucratese:
The existence of a FedRAMP ATO does not replace the existing CMS A&A process. Rather, it provides a set of inputs to allow for standardized and consistent evaluation of CSP offerings. This simplifies the A&A process for external offerings and shortens the timeframe for granting an Authority to Operate (ATO) for those offerings.
In plainer English, each application or service that and agency wants to move to the cloud must go through its own assessments and authorization (A&A) process and receive its own ATO. This is a process subject to many rules and requiring much paperwork. Needless to say, it isn't going to happen quickly.
In the meantime, the government is pursuing a massive reduction in the number of data centers it runs, cutting the current 2,000-plus centers in half by 2015. The federal data centers are a very disparate lot, ranging from two mega-centers being built by the National Security Agency in Maryland and Utah down to what we used to call server rooms. The consolidation process is likely to lead to more cloud-like operations, with agencies or programs that used to operate their own facilities sharing more flexible centers where capacity can easily be reassigned for more efficient utilization.
The good news is that this consolidation process is likely to produce some of the benefits of the cloud—greater efficiency and lower cost to taxpayers—even as the complexities of the federal system slow the move to true cloud computing.
The contents or opinions in this feature are independent and do not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.
We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.