Federal cloud computing just got easier

New authorization board will vet products

Federal agency officials who want to embrace cloud computing but who worry about security risks will benefit from a new joint authorization board for cloud computing, said Peter Mell, who serves as vice chair of the federal government’s Interagency Cloud Computing Advisory Council.

The joint authorization board, announced in a speech April 7 by federal Chief Information Officer Vivek Kundra, creates an important new mechanism for granting government-wide approval for agency cloud computing applications that can then be adopted by other agencies, he said.

Related coverage:

Cloud computing really can save your agency millions

Feds, industry to hash out cloud standards at May summit

“The lack of government wide authority is one of the biggest hurdles to cloud computing” facing the government, said Mell, a senior computer scientist with the National Institute of Standards and Technology. He spoke at Input's MarketView conference, held today in Falls Church, Va.,

In addition, Mell said, a new security requirements authority has been created to focus on broad security hurdles that must be overcome if agencies are to move forward with cloud computing initiatives.

The new joint authorization board will consist of the agency sponsoring a system’s government wide authorization and senior executives from the Department of Defense, the Department of Homeland Security and the General Services Administration, supported by technical staffs from each agency.

“The intent of the board is not take away authority from agencies, but to enable them,” Mell said. It would do that by identifying and reviewing cloud computing processes and applications submitted by sponsoring agencies. Once they’ve been authorized, they can be used as building blocks for other agencies, letting them focus on incremental applications, Mell said. It would still be up to agencies to choose whether to use the approved applications.

The joint authorization board also represents an attempt to reduce the duplicative work and spending by agencies each of which must certify common computing processes, especially for security measures under the Federal Information Security Management Act.

Kundra recently cited the example of the Department of State, which spent $133 million amassing a total of 95,000 pages of security documentation for about 150 major information technology systems.

Cloud computing models are still evolving. But the promise of on-demand computing services delivering software, infrastructure and development platforms over the Internet, the way utilities provide electricity, has federal officials looking for ways to reduce the dependence on agencies building dedicated systems. But even if agencies share computing platforms, they are still required to prove they comply with a thicket of statutory requirements. The joint authorization board would help agencies reduce the need for duplicative work.

Peter Tseronis, senior technical advisor at the Department of Energy, who chairs the Federal Cloud Computing Council, also spoke at the INPUT conference. He emphasized that “There's no one size fits all approach to cloud. Savings vary greatly.”

He suggested that agencies may still need more of a push if cloud computing is to get the jump start many believe is needed if government officials expect to see savings anytime soon. “I don’t know if there needs to be a mandate,” he said. “But I’d like to know more about what other agencies are doing with the cloud.”

John Garing, director for strategic planning and information at the Defense Information Systems Agency, added during a panel discussion with Mell, Tseronis and the Department of Labor’s Hamid Ouyachi, that for DISA, the primary imperative for cloud computing was building better services first and achieving economies of scale and cost savings second. 

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.

inside gcn

  • phishing email (Abscent/Shutterstock.com)

    How agencies can protect against phishing attacks

Reader Comments

Sun, May 2, 2010 stopthemadness

So this is not a new problem. The use of external vendors for IT services has always presented this problem. For example, there may be several agencies using a single vendor to conduct a certain type of IT processing in a "non-cloud" environment. There are many mature solutions to how this is addressed in the private sector so why not adopt one of those frameworks and not waste more government money on committees designed to boost the political careers of those involved.

Thu, Apr 22, 2010 Chaz Chastain Herndon, VA

Like all technologies that have emerged over the years, all are not created equal. Some work as advertise while many do not. Sterling Commerce's industry leading Supply Chain Management applications are available through the Chenega Federal Systems Cloud Computing environment offered as SaaS. In another Cloud environment those same applications,also offered as SaaS, have been serving the US Navy, Us Air Force and Defense Logistics agency very successfully.

Tue, Apr 13, 2010 Interested Party

I agree with Geada. Until the cloud becomes more like a utility, much like the internet, and everybody knows the risks, there will be no large scale adoption.

Mon, Apr 12, 2010

Great information. If you're interested in reading more about cloud computing, check out the 2nd part in our 7 part series about using cloud computing in the federal government.


Mon, Apr 12, 2010 Dave Geada Sacramento, CA

It would seem that the government and private sector share the same concerns about cloud computing, namely the lack of clear standards and accountability. I applaud Vivek Kundra's efforts, and look forward to the day when both the private and public sectors work together to clear the confusion swirling around the cloud. For it's only after we develop a shared and accepted understanding for what constitutes the cloud and the role of users, providers and government in securing data that we'll see mass adoption of this new technology and realize the true benefits of this amazing platform. Regards, Dave Geada VP of Marketing http://w DOT ww.StrataScale.com

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group