NIST releases 'Bible of cloud implementation'
Agency IT managers charged with deploying cloud computing programs will want to closely check the last two volumes of The U.S. Government Cloud Computing Technology Roadmap, according to industry observers.
The National Institute of Standards and Technology released drafts of the first two volumes of the document for public comment on Nov. 2. A third volume, “Technical Considerations for USG Cloud Computing Deployment Decision,” is under development, but NIST released a working draft of it along with the other draft documents on the NIST web site.
"If I was a federal CIO or manager responsible for deploying cloud, this is the bible for implementation,” said Kevin Jackson, general manager for cloud services with NJVC, a systems integrator and provider of cloud solutions. “It’s where the rubber meets the road.” The other two volumes give the foundation and background for cloud computing adoption, he noted.
Federal CIO says FedRAMP to be mandatory
NIST goes public with cloud computing tech roadmap
For example, Section 4.1 of Volume III maps out the technical considerations for cloud security and how these relate to the top 10 high-priority requirements. When picking services for the cloud: “Be prepared to implement security in the application layer, changing from legacy/platform-provided security to network services-based security,” the document states.
The USG Cloud Computing Technology Roadmap is intended for a diverse audience, including academia, agency managers, government entities, industry, policy-makers and standards developing organizations.
Melvin Greer, cloud computing strategist for Lockheed Martin, said there were two distinguishing characteristics that are important to note about the release of volumes l and II of the roadmap.
“Certainly we applaud NIST in articulating the top 10 requirements,” Greer said, noting that Lockheed Martin contributed to the roadmap and will submit formal comments.
“This helps agencies articulate in real terms to cloud providers what it is they are looking for,” he said. "That’s important. NIST has provided them a nomenclature and a common set of terms that can communicate these requirements.”
Volume II is analogous to The Cloud Computing Playbook that Lockheed Martin produced internally. The Playbook lets those deploying cloud infrastructures to know what to do no matter where they are in the cloud implementation cycle – planning, implementation or expansion stages.
“Volume I and II help agencies understand the requirements and create a common nomenclature to accelerate the adoption of cloud computing no matter where they are in the life cycle,” Greer said.
What happens beyond the roadmap?
The government and industry will see acceleration in the experimentation and development of prototypes of cloud solutions, Greer said. These in turn will validate that artifacts laid out in the roadmap are creating real mission value.
Data security and data portability standards will evolve through the development of hybrid clouds, Greer said. Interoperability standards evolve that help hybrid clouds and clouds from different providers focus on a singular mission independent of where they are sourced.
It is these kinds of prototypes that are the next step that will validate the artifacts [within the roadmap documents] that are produced today,” Greer said.
NJVC’s Jackson agreed that the Tech Roadmap will lead to more consistency in data portability.
Many people have voiced concern about security in the cloud from the inception of the concept. “I never believed security was an issue,” Jackson said. Security is a technology, technology is evolutionary and can be improved upon, he noted.
Data portability is the big issue.
“If an agency or organization uses one cloud vendor and there is no data portability [capability] then you’re stuck.” Now, the government has presented a view of a cloud architecture, a criteria that cloud providers can adhere to. If a cloud provider is not meeting certain service level agreements, an agency can move to another provider if there are consistent standards for data portability.
The USG Technology Roadmap is intended to start the discussion of cloud computing, not close it, said Dawn Leaf, senior advisor for cloud computing at NIST. However, the roadmap identifies actions agencies can take now regardless of where they are in their priority plans.