While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Even if the notion of moving large portions of your agency’s data or processing to the cloud seems implausible, you should consider at least a pilot project, say several feds.
The IT team needs to ask itself, “How do you dip your foot into the water and get started on this?” says Peter Tseronis, former deputy associate CIO and now senior advisor at the Energy Department.
For some agencies, he suggests, that might mean offering services to other agencies or offering services differently within their own organizations using a cloud arrangement. “There has to be a way to take advantage of the investment in existing boxes and also figure out what possibilities for services are available,” Tseronis says.
The government is admittedly a somewhat unique environment because of its vast installed base of computing hardware, point out Tseronis and other federal IT officials who participated in a panel discussion hosted by the Armed Forces Communications and Electronics Association.
A chief reason that agencies need to participate in cloud computing — the delivery of scalable IT applications, services and infrastructure over the Internet — is to keep pace with where computing is going, says General Services Administration CIO Casey Coleman.
“We don’t want to wall ourselves off from the possibilities that arise from commercial developments,” Coleman says. In government, there’s significant data that is not highly sensitive, she notes, and “it seems that some of this type of data could be placed in the public cloud.”
Alfred Rivera of the Defense Information Systems Agency agrees. There are several public-facing websites across the Defense Department that could potentially be exposed in some way, says Rivera, DISA’s director of computing services. “We need to extend standardized and consolidated services as far out to the public as possible.” And that, he says, will require “brutal standardization.”
Standardization will be important for agencies because in most instances they will want and need to manage hybrid environments combining their installed infrastructures with some set of federal and commercial cloud services, says Chris Kemp, CIO at NASA’s Ames Research Center. Kemp has launched Nebula, a cloud program, at the Moffett Field, Calif., facility, which is already providing services within NASA and also for some other programs, including USAspending.gov, one of the Obama administration’s transparency initiatives.
Federal IT groups need to participate in responsibly creating standards that allow interoperability between internal and external clouds, Kemp suggests. Standards will take time to develop, and organizations typically are not as effective as end users at driving standards, which will likely create some tension, he adds.
Agencies will also need to account for three other factors: security, processing capacity and acquisition, says Keith Trippie, executive director of enterprise system development for the Homeland Security Department.
“Is the service behind a trusted Internet connection? And do we have the oomph to deliver the service?” are a pair of important questions that agencies will have to answer if they want to use their infrastructures to provide cloud services, Trippie says. Plus, federal procurement practices, buying regulations and contract tools will need tweaking to accommodate the on-demand nature of cloud services, from both a provisioning and purchasing standpoint.
Agencies can ignore the cloud at their own peril, Tseronis says. “There’s no mandate out there that ‘Thou shalt use cloud.’ ” But with a third or more of the annual federal IT budget going to infrastructure — $20 billion to $30 billion — there will be oversight pressure to show that these funds are being used as efficiently as possible to provide the most up-to-date computing services available, he says.
Plus, Kemp says, because “the consumerization of IT is about to hit the cloud,” people will bring infrastructure components in themselves if they need something to do their job.
This will be a challenge for IT and for the enterprise architectures within agencies. “Already we have issues with folks bringing in small portable devices,” Kemp says. “How will we deal with infrastructures coming in the door? When people can create instants of computing at their home, they will seriously want it at work.”