Bring your smart phone to work; leave your data in Somalia
Two recent federal edicts will have a significant impact on the advancement of cloud computing in the federal government. One is shortsighted but may ultimately help make the business case that agencies need to move toward cloud-based virtualized desktops for both PCs and handheld computing devices. The other makes sense from a security standpoint, but it leaves unanswered several questions that could slow the penetration of third-party cloud services into the federal space.
Issue One is President Barack Obama's executive order of Nov. 9 to "cut duplicative and unnecessary employee information technology devices," essentially limiting the number of employees who can be issued things like smart phones and tablet computers if they also have other computers.
Enterprise architects must prove their worth in reducing duplication
Scrutiny of IT spending: The new normal
On one hand, the order makes sense, because issuing multiple devices to government employees is expensive and not necessarily efficient. But on the other hand, agencies need to acknowledge that the march toward multiple types of portable computing devices is inevitable. Although it may save money to restrict who receives the devices, this decision may also limit worker efficiency, especially when workers are on the road.
The real issue is that agencies need to become more device-agnostic. Yet, as devices proliferate, it's difficult to ask internal IT shops pay for and support a wide array of mobile devices. The answer, which could have a true long-range impact, is to allow workers to bring their own smart phones and tablet computers into the office or to use them outside the office to connect to government services. To do so, virtual desktop images must be set up to load on mobile devices. But supporting the software (and server-side) virtual desktops rather than a full range of hardware devices means the responsibility of IT managers stops at the virtual window. All other hardware support and device maintenance is up to the owner of each device.
This takes pressure off the IT managers but still offers support for new devices. It also gives employees who want other types of computing devices a chance to use their own hardware (which, in many cases, they are already carrying anyway) to enjoy new flexible ways of computing. Also, virtual desktop solutions can be configured to store all data on a central server, which makes it safer to carry these devices around. (That includes traditional notebook PCs.)
Cloud servers in Somalia?
Issue Two starts with a mid-October decision by the Government Accountability Office, which stated that the General Services Administration must make significant revisions to the contract program that helps federal agencies move to cloud-based services, including e-mail and other solutions. Before this decision, the rules stated that tech firms providing cloud-based service to the government could locate host facilities for cloud computing in the U.S. or in a specific subset of Trade Agreements Act-approved countries. These include Afghanistan, Yemen and Somalia. But, according to the wording of the contract, providers could not locate the facilities in other countries such as India or Brazil.
The decision was triggered by complaints filed by Technosource Information Systems of Annapolis, Md., and TrueTandem LLC of Reston, Va. Both said the data-center location requirements were "unnecessarily restrictive of competition."
In reality this is an issue related to free trade rules as they are outlined in the Trade Agreements Act; it's a large issue that is not likely to be resolved through this decision alone. By setting the original limits, GSA was actually working toward restricting out-of-country locations for data centers that might serve federal agencies' cloud computing needs. But restricting data-center locations to U.S.-only might have violated certain free trade rules, so they essentially added the limited subset of other countries.
GAO's decision basically says that concerns over data-center locations cannot be addressed by limiting data centers to specific countries. Instead, the question of where data centers can be located should be addressed by requiring vendors to specifically identify their data-center locations. Unfortunately this leaves things a bit muddled on how restrictive agencies can be about the locations of any cloud data center. This may result in a slowing of cloud migration, and it also might result in agencies writing specific data-center location requirements into their contracts.
The original intent of the Trade Agreements Act was to promote international trade. But cloud computing introduces a new set of issues, and I fall on the side of those who believe that cloud solutions should not fall under this agreement. But the issue likely will need to be resolved at the congressional level.
Bottom line: The two issues outlined here do not immediately seem connected, but both are issues that will affect current data-center consolidation plans and the way agencies ultimately choose to move toward cloud computing while supporting new computing devices.
Thus, the CIOs of federal departments will need to consider both while making their computing decisions for 2012 and beyond. For the issue of where data centers can be located, they may need to involve legal counsel and consult with congressional offices to make sure they are meeting both national security concerns and free trade agreements. For the computing device issue, most agencies should at least be exploring virtual desktop solutions and testing a variety of computing devices to make sure that the desktop solution they offer can be viewed by as many participants as possible.