House panel questions cloud computing assumptions

Government, industry testify at hearing

Proponents of cloud computing today gave members of Congress an update on federal initiatives designed to achieve cost-savings and make the computing model more secure for wider agency adoption. The House Committee on Oversight and Government Reform's Subcommittee on Government Management, Organization, and Procurement held a hearing that allowed a panel of government officials and another panel from the private sector to speak and take questions.

The committee's interest in cloud computing reflected a new awareness within the legislative body of it's growing importance, although some members expressed skepticsm about how quickly cloud' computing might be adopted in the face of bureaucratic obstacles.

The Obama Administration is pushing for agencies to adopt the computing model when possible to achieve cost savings and information technology operation efficiencies.

“I’m a big fan of cloud computing,” said Rep. Darrell Issa (R-Calif.), the committee's ranking minority member. "So don’t have anything I say cause you to think that it is anything other than my fear of bureaucracy that causes me to sound like we’re not going to get there as quick as we would like to.”


Related coverage:

The march to the cloud reaches a turning point

 Security must come before cloud, GAO says


Issa and other members of the panel, including its chairman, Edolphus Towns (D-NY) pressed federal officials to address some of the underlying assumptions driving the push to cloud computing. Couldn’t the federal government just move and manage physical servers to a virtualized environment like Congress did and still chip away at the $80 billion federal agencies spend on IT, freeing it up to be used for more innovative operations?  Couldn’t it do this without having to vet the fitness of a cloud provider?

“This is exactly what we are engaged in,” said Vivek Kundra, the federal Chief Information Officer and administrator for e-Government and Information technology with the Office of Management and Budget.

Federal information technology expenditures include about $20 billion annually on infrastructure such as routers, servers and switches, he said. In recognition of the enormous investment, the administration is making sure that agencies develop a detailed plan for data center consolidation, which has to be a part of the 2012 budget process, Kundra said.

Over the past decade, the government has increased its data centers from 432 to 1,100.  Cloud computing can help make the most of data center capacity, Kundra noted.

“We don’t want to consolidate to one place, so people can bring down all of federal IT," he said. "The goal is to make sure that there is enough geo-diversity to ensure security but make sure that data centers aren’t popping up all over the country."

Some members also questioned the cost savings that some reports indicate can be achieved by agencies moving to the cloud, up to 50 percent by some estimates. David McClure, associate administrator with the General Services Administration’s Office of Citizen Services and Innovative Technologies, warned against putting too much stock in such predictions.

“Cost savings will be dramatically different depending on the type of applications and the type of cloud environment we are putting solutions in,” he said. There can be savings in software development or storage costs because operations are running more efficiently, he said.  He added that there are other benefits, including greater agility in meeting agency computing needs.

Cloud computing consists of a combination of third-party data centers, Internet Access and a pay-as-you-go subscription model, said Dan Burton, senior vice president of global public policy with Salesforce.com, a provider of software-as-a-service cloud solutions used by government agencies and the private sector.

But Burton argued against the "private cloud" approach that some agencies are considering as a compromise between efficiency and security. The real benefits come when multiple clients share a cloud approach, likening it to the economies many tenants enjoy in sharing the foundation, utilities and security controls operating independent offices in a skyscraper. 

A single-tenant compute model -- the private cloud -- would require a minimum of two servers per application, plus additional servers for redundancy and disaster recovery, he noted.

Agencies are looking for more governmentwide guidance in implementing cloud computing, Gregory Wilshusen, director of information security issues with the Government Accountability Office said during his testimony.

Federal agencies have begun efforts to address information security issues for cloud computing but specific guidance is lacking and efforts remain incomplete, according to a GAO Report “Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing,’ released at the hearing.

Over the past month the federal government has unveiled initiatives such as the Federal Risk and Authorization Management Program, which will allows agencies using cloud providers to share security certifications. The National Institute of Standards and Technology in May announced Standards Acceleration to Jumpstart Adoption of Cloud, an initiative geared to support the adoption of new technology and standards for the cloud.

 

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above