 |
What can Government do to facilitate the adoption of cloud computing to more effectively provide IT services? Please list specific actions that you'd recommend Government should take. |
- Ron Knode, Director, GSS, LEF Research Associate, CSC
- Navin Sharma, Prashant Shenoy, David Irwin, and Michael Zink, Laboratory for Advanced Software Systems, University of Massachusetts
- Nicklous Combs, Chief Technology Officer, EMC, Federal
- Barry X Lynn, Chairman and CEO, 3Tera
- Gregg (Skip) Bailey, Ph.D., Director, with contribution from Paul Krein, Deloitte Consulting LLP
- Gretchen E. Curtis, Director of Communications, NASA Nebula Cloud Computing Platform
- Larry Pizette, Principal Software Systems Engineer, MITRE
|
Ron Knode
Director, GSS, LEF Research Associate
CSC
The question for February 2010 is clearly just a short step from January's question. So, let's deal with both of them:
• First (Jan 2010): "What's most significant cloud computing concern for federal orgs?"
The most authoritative (and accurate) answers would indeed come from "federal orgs" themselves. But, the three primary "lacks" in cloud computing that are encountered by "orgs" of all kinds, i.e., lack of standards, lack of portability, and (most importantly) the lack of transparency, are only intensified in government needs for cloud computing. (See www.csc.com/security/insights/32270-digital_trust_in_the_cloud for more discussion.) When we consider: (1) that security approval doctrine (certification and accreditation) is mandatory in the government (not an item to be traded off as part of a risk/reward equation); (2) that government data can be nationally classified, and therefore directly subject to laws and consequential impacts of non-compliance (not just a policy violation); and, (3) that the government uses IT as an element of national policy projection, including combat (and therefore must include stakeholder impacts far beyond those traditionally considered by commercial enterprises), then we can see how the impact of the three "lacks" becomes intensified.
• These circumstances lead naturally into a response for February's question: "What can Government do to facilitate the adoption of cloud computing to more effectively provide IT services?"
If the lack of standards, portability, and (especially) transparency are, indeed, the largest obstacles to the effective provision of cloud-based IT services for government use, then the government can certainly move powerfully to reduce the impact of those "lacks".
- Publish the government's interpretation of certification and accreditation (C&A) in cloud computing. We know that NIST is working hard on a publication that delivers the U.S. government definition of a cloud (http://csrc.nist.gov/groups/SNS/cloud-computing/index.html), and which is expected to provide recommendations on how cloud computing might be safely used by the government. By expanding this publication to include C&A doctrine and process for government cloud computing, much of the speculative ambiguity about what is and isn't acceptable could be eliminated.
- Actively join in the standards bodies that are attempting to define protocols and techniques that can reclaim visibility/transparency into and through cloud processing. Such participation could also come via the issuance of government criteria, but interactive dialogue with industry around such efforts would be even better. For example, the A6 effort (www.rationalsurvivability.com/blog/?p=1276) and industry offerings like the CloudTrust Protocol (www.csc.com/security/insights/32270-digital_trust_in_the_cloud) offer ready-made places to start.
- Identify a government cloud research, development and approval "center of excellence". While the pre-eminence of NIST as the cloud standards leader for the government is unquestioned, the initiation of a parallel development, test, and deployment lead would centralize and speed knowledge collection, including actual (trial) implementations and case studies. New applications for government use could emerge more quickly, even including a special emphasis on their "C&A‑ability". Such agencies as NASA or DHS could well organize and lead this effort on behalf of the entire government.
For the complete blog response, visit www.trustedcloudservices.com/3-things-government-can-do-for-cloud-adoption.
For further information, please contact Ron Knode at: rknode@csc.com
Posted: February 5, 2010
|
Navin Sharma, Prashant Shenoy, David Irwin, and Michael Zink
Laboratory for Advanced Software Systems
University of Massachusetts
Over the last five years the idea of cloud computing---using remote
on-demand computation and storage---has emerged as a dominant paradigm
for the next-generation of Internet-enabled network services. Yet,
despite their growth, the development of cloud infrastructures,
especially commercial clouds, remain in a nascent state, providing an opportunity to significantly impact their evolution moving forward.
As with the initial development of the Internet 40 years ago , the
Government has a role to play in ensuring that clouds advance key
societal goals, in addition to commercial ones. To accomplish
broader societal goals, we believe the Government should focus on at
least three areas: encouraging cloud standardization and
interoperability, incorporating networks into networked clouds, and
more closely linking the clouds that process data to the sensors that
produce it.
First, the Government must support the standardization of both
internal and external cloud interfaces to enable consumers to more
efficiently shift their computation and storage between independent
clouds. The Internet never would have grown into what we know today
if Internet Service Providers had built and commercialized closed
networks at an early stage of its development. The Government-run
Internet forerunners, e.g. ARPANET and NSFnet, were crucial in
developing the standards and protocols that made the commercialization
of an open Internet possible. Likewise, the Government will now play
an important role in determining whether or not independent clouds,
like the Internet, are interoperable and open.
Second, the Government should build on efforts to include network
resources as part of cloud infrastructures, as embodied by NSF's GENI
initiative (http://www.geni.net). The ability to reserve isolated
network links, in addition to computing and storage, will promote the
development of more secure distributed services and enhance researcher
capabilities for wide-area Internet experimentation. Ironically, the
"network" has been a key element missing in the growth of networked
cloud computing. The Government should increase support to
cloud-enable Government-sponsored national networks, and allow
researchers to study how to include the "network" in networked
cloud computing.
Finally, the Government should encourage expanding clouds to
incorporate the programmatic sensors and actuators that already serve
key societal functions. The Government already operates an array of
data-producing sensors, such as the NEXRAD radar network, that monitor
the environment to serve near-term, e.g., predicting hurricanes and
tornadoes, and long-term goals, e.g., longitudinal studies of
potential climate disruption. Meanwhile a key motivator in the
development of cloud infrastructures has been the capability to
quickly and efficient harness vast numbers of computers for tasks
requiring massive, parallelized data processing. Closely linking
these sensors, as well as the data they produce, to cloud
infrastructures will enhance both investments by providing a
scalable platform to drive future sensing based on processed data.
ViSE (http://geni.cs.umass.edu/vise) is an open testbed we are
building as part of GENI to study these concepts by closely linking
sensors, such as radars and cameras, to the GENI prototype, a national
testbed based on open and interoperable edge cloud testbeds at
multiple Universities linked by Government-sponsored national networks
including the National Lambda Rail and Internet2.
Posted: February 15, 2010
|
Nicklous Combs
Chief Technology Officer
EMC, Federal
Cloud Computing is the most overused term in IT today. The cost benefits of moving to a cloud type environment are just too beneficial to avoid. The important thing for federal organizations is to understand how they can get the characteristics of a cloud environment yet still meet the security requirements to protect the information. The private cloud is the only way federal organizations can address this issue today. Although security is at the top of the list, standards is something that has not yet been adopted for cloud computing. If you believe that virtualization is the foundation of a cloud like I do, then we need to adopt a cloud operating system that follows a standard that all vendor's can support. This will prevent vendor lock-in and provide a baseline for clouds to become federated enabling private clouds to match the public cloud cost models. As we move to this new environment we must move from perimeter security to an information centric approach to security.
Perimeters and bolt on security are still going to be important but will not solely address the needs of data protection in a federated cloud environment. When it comes to DoD, technology tends to be pretty reactive and behind the technology curve, this is due in large part because of the acquisition process. DoD 5000 was written for the development and acquisition of tangible products like trucks and planes not networks and technology. Programs today must follow a rigorous process that do not allow them to keep up with the changes in technology. We must take action to modify these acquisition rules.
Here is our web site. http://www.emc.com/?fromGlobalSiteSelect
Posted: February 17, 2010
|
Barry X Lynn
Chairman and CEO
3Tera
I am going to take a counter-position here? Why?
Well, yes. Government will have to make changes to adopt Cloud Computing, as will any large organizations and enterprises. But, I am certain that mitigation of the most important challenges facing government IT in general is inherent in Cloud Computing done right.
So, what are these challenges, and how are they mitigated by Cloud Computing done right.
Security and Privacy – the common belief that Cloud Computing creates problems in this area is a myth. In fact, it improves security and privacy. When Cloud is done right, and applications can be abstracted from the physical resources they require, ergo can run anywhere, any time, they can be set up as moving targets, rather than sitting ducks always running the same way in the same place like they do today.
Deployment – Many government applications, especially those that support very tactical operations, require very fast deployment in multiple geographies. Cloud done right, where applications are fully encapsulated and abstracted from their data centers, enables instantaneous deployment in any geography.
Standards – Cloud done right creates the ability to manage services and applications, regardless of what infrastructure they run on. When services can run independent of infrastructure, the need for standardized infrastructure for those services to be used anywhere, goes away. In fact, my advice to the government here, when adopting Cloud Computing is don't wasted tons of time standardizing infrastructure. If the Cloud is done right, you shouldn't have to.
And, all of the above aside, the most important point to make here is this.
There is an accepted belief that government IT is slow and not very innovative. But this is another myth. Government IT folks are thought leaders. Their technologists are ahead of the game, capable and nimble. The misconception arises because the approval and procurement processes are soooooooo slow.
So, sure, the most obvious recommended action item is to streamline these processes. Wishful thinking, right? Well, where I come from, hope is NOT a strategy. It would be wise, instead of hoping that these processes become streamline some day, to mitigate the negative effect that the current processes have.
That's exactly what Cloud Computing can do.
You see, Cloud Computing done right enables the most granular scalability, and, more importantly, the ability to scale in an instant. So, when implementing things on a large scale, if they can be implemented in many small pieces without huge up front initial investments, approval of gigantic projects and the ensuing procurements becomes several procurements for several much smaller projects. And we all know that the overall hassle with regard to procurement has little to do with the number of procurements done, and everything to do with the size of the procurements.
So, the single most important action item I can recommend to the government is – Move to Cloud Computing done right in a hurry. You ARE ready NOW!
Posted: February 22, 2010
|
Gregg (Skip) Bailey, Ph.D.
Director
with contribution from Paul Krein
Deloitte Consulting LLP
Cloud Computing is touted as the holy grail of computing technology for the 21st century. It may prove so, but technology usually isn't so much a revolution as an evolution. The enterprise and the mission may take bigger leaps forward – as the business side is what we expect to be disrupted, even reinvented. Cloud Computing, alongside operational efficiency mandates, may be just the catalyst we need for this change.
The good news for the CIO is that the technology change is truly evolutionary – combining virtualization, better management tools, tremendous bandwidth and innovations around aggregating capacity. Pressures facing the next federal CIO include being bombarded with competing technologies and users who are more enabled and demand greater, faster, simpler access to their favorite technologies. The mission still needs agility and ever increasing quality, while the expectation is for a steady decrease in the cost of services each year, all coupled with a sea of changing demands. Cloud Computing brings promises of commodity pricing, high resiliency, and immediate sign-up for anyone willing to take the leap. However, Cloud Computing is more of a business opportunity than a technology change. The CIO now, more than ever, needs to have a clear understanding of where the organization is going from a business perspective, the challenges confronting the organization and the critical success factors of the business.
The CIO who embraces the opportunity and focuses on re-orienting his organization with a clear vision and supported expectations will be out in front. But, to stay out in front, the CIOs role will quickly change from How good is your operation, to What have you done for me today In order to help the business deliver new value, CIOs will have to step up with a well defined plan and a personal extreme makeover – role wise.
To sell the plan, CIOs will have to get out of the traditional IT box and create a vision and a roadmap to accommodate and leverage future choices. The future CIO must figure out a go forward strategy which embraces the rapid trajectory of the technologies, while enabling greater success for the organization. Their organizations core IT disciplines must be solid, but the nature of those disciplines will change. The opportunity is about preparing for the various toolsets of the future, and setting the right vision to intersect with the future demands of the business, even if the capabilities are not fully defined today.
The makeover is challenging; transitioning from the role of Efficient Operator to purveyor of capabilities and services is a major shift. At the same time the organization is demanding more innovation. In a nutshell either the CIO can act like the services broker to the business, and offer an optimized portfolio of services to the client, or the users will take on the broker role for themselves.
All things considered, it is no surprise that major enterprises are finding that deploying Cloud Computing models to be non-trivial and wrought with peril.
For further information, please contact Gregg (Skip) Bailey at: gbailey@deloitte.com
Posted: February 24, 2010
|
Gretchen E. Curtis
Director of Communications
NASA Nebula Cloud Computing Platform
There are several key actions that the Government should take to accelerate the successful adoption of Cloud Computing. First, it should invest in Cloud Computing pilots to gain a better understanding of the technology and how the Cloud operating model impacts costs. Pilots hasten the adoption of technology standards and best practices and allow the Government to test, with a limited level of risk, the impact that the Cloud model has on budget and infrastructure procurement. The experience gained from Pilots will help the Government be a smarter, more informed buyer of Cloud technology.
Next, it should push the adoption of Cloud standards through open collaboration with the private sector. Public-Private collaboration maximizes the use of each sector’s strengths, reduces risk, lowers capital investment, and improves efficiency. The Private sector sometimes has some advantages over Government, such as greater management efficiency, access to newer technologies, increased mobility as well as a broad perspective of the actions needed to meet public demands. Partnering with Industry allows Government Agencies to tap into this knowledge and leverage their expertise to better serve American citizens.
Finally, Agency CIOs should actively collaborate and participate in Federal Cloud Governance bodies, such as the Cloud Computing Advisory Committee and Cloud Computing Working Groups. Open communication and inter-Agency collaboration allows Government Agencies to share valuable experiences and insights and build upon a common body of knowledge, preventing a duplication of effort and leading to greater efficiency.
For further information, please contact Gretchen E. Curtis at: gretchen.e.curtis@nasa.gov, or visit NASA Nebula Cloud Computing Platform.
Posted: March 2, 2010
|
Larry Pizette
Principal Software Systems Engineer
The MITRE Corporation
Thank you to the February submitters who provided insightful responses on the challenges facing government IT leaders with the adoption of cloud computing. The knowledge of all the submitters – from academia, government, and industry – and their variety of perspectives sheds light on the steps that government leaders can take.
Consistent with past IT innovations, government leaders need to determine whether cloud computing concepts meet their IT needs and how they can best be leveraged to maximize the benefit and minimize risk. In government, the range of IT needs is broad. Needs range from highly secure systems that always need to be available for national security, to systems that contain information destined for public dissemination that do not always need to be available. These systems vary in their requirements based upon operational needs, statutory requirements and levels of security. As a result, government IT leaders' trade-offs for cost savings, scalability, location independence, security, application portability and tolerance for risk will vary.
Similar to the breadth in government requirements, cloud computing capabilities are also quite broad. For example, NIST defines three service models for cloud computing which are infrastructure-as-a-service (IaaS), platform-as-a service (PaaS), and software-as-a-service (SaaS) and four deployment models which are private, community, public and hybrid. The service models have implications for Government IT leadership in many program focus areas such as development timelines and portability. The deployment models have different characteristics for cost reduction, type of costs (e.g., capital costs vs. operating expense), acquisitions, security, risks, and scalability.
The cloud computing choice is not binary – there are many options. The challenge for Government IT leaders will be to match their requirements and system and data characteristics to the cloud computing capabilities that can best provide value to them within risk tolerances for the type of data, applications, and users they have. For this, we suggest a structured decision process that incorporates the following general steps:
- Determine which cloud services will provide benefit
- Establish a business case
- Define detailed requirements for a cloud solution
- Determine when to use internal private clouds or external public clouds
- Assess when to use cloud offerings provided by other Government entities
My colleague Geoff Raines and I will talk more about this decision process in an upcoming white paper that we are currently preparing.
In stepping through this decision process, Government IT leaders can consider their needs against the benefits and risks of different cloud options. They can also look for process "accelerators." IT leaders can look for cloud offerings that are available via already negotiated buying schedules or that have already been certified and accredited. Similarly, they can look to place select capabilities and data that are intended for public consumption in cloud environments.
In order to mitigate risks, government IT leaders can employ pilots or move capabilities to cloud offerings incrementally to learn as they go. How to employ pilots is an open topic for discussion. In fact, this will be the topic of our March 2010 blog question. Please check back in March for in-depth thoughts from our submitters!
For further information, please contact Larry Pizette at: cloudbloggers-list@lists.mitre.org
Posted: February 24, 2010
|
If you would like to contribute an answer to this question, or future questions, please Contact Us. Terms and Conditions of Use
|
|
If you are from a U.S. government agency or DoD organization and would like to pose a question for this forum, let us know.
Welcome
"Ahead in the Clouds" is a public forum to provide federal government agencies with meaningful answers to common cloud computing questions, drawing from leading thinkers in the field. Each month we pose a new question, then post both summary and detailed responses.
Current Month
January 2011
|
|
|