Why agencies are gun-shy of the public cloud
- By Paul McCloskey
- Jul 20, 2011
Will more government agencies bite on the advantages of moving their applications to public cloud providers?
Eventually, according to cloud computing experts at the FOSE conference July 19. But before that happens, agencies will opt to get a better footing in the new technology with their own private cloud pilots.
“You start with the private cloud and get comfortable,” said Ron Ross, a computer scientist with the National Institutes of Standards and Technology. “There’ s enormous potential savings with cloud. We’re going to get more comfortable with public cloud as we go forward in time.”
The current discomfort is clear. In a recent tracking poll of cloud usage, government IT reseller CDW-G found that nearly half of prospective cloud users would opt for a private approach to cloud computing.
:In the cloud, good policy makes good neighborsCloud security awaits encryption breakthroughs
Even at that, most agencies seem to be pulling their punches. While 84 percent of organizations were using at least one cloud-based application, the poll found only 38 percent had a working plan for adoption.
Moreover, the poll showed cloud users are missing key opportunities to secure data in the cloud even as they cite the risk of security as the greatest factor holding them back from the cloud.
Ross said he was not surprised at the numbers.
“It takes a while for agencies to get their arms around the technology and understand what the capability is and then try to apply that to what they’re doing,’ he said. “And that transition takes time especially in the federal government.”
The preference for private clouds is understandable, he said.
“It doesn’t surprise me at all the that private cloud is the dominant choice (now) because given people’s perception , the reality is that it’s a safer approach because you’re not having to co-mingle government information with other information in an external service provider’s environment.”
Public options will become more attractive when cloud security tools and convention are trusted, Ross said. He cited FedRAMP ( Federal Risk and Authorization Management Program), an effort at a standard approach to authorizing cloud services and products.
"FEDRAMP is going to solve a lot of those problems,” he said. “To me, it’s all about trust relationships between providers and consumers. And how do you build that trust? It’s through transparency -- that’s what were going to do over the long term.
Henry Sienkiewicz, chief information officer of the Defense Information Systems Agency (DISA), said the act of migrating to the cloud would itself provide some of the standards and practices needed for more widespread cloud adoption.
DISA is targeting 1.7 million users for cloud-based enterprise e-mail this year and is considering ways to handle other office productivity applications, he said.
“What you’re finding within these migrations is forcing your user base into a lot of standardization," Sienkiewicz said. "It forces users to change their behavior patterns, which forces transparency."
“I think at the end of the day, once you go through these migrations, I think you’re going to have a more secure environment.”
Sienkiewicz is bullish on the cloud, in part because of the benefits he’s already witnessed. That includes DOD’s involvement in setting up the All Partners Access Network following the Haitian earthquake. In the effort, DISA helped provision network services “in a matter of hours” to a set of “very nontraditional mission partners.”
“That was an example of the power of the cloud,” he said. “It allowed us to spin up resources very quickly: It literally saved lives.”
Paul McCloskey is senior editor of GCN. A former editor-in-chief of both GCN and FCW, McCloskey was part of Federal Computer Week's founding editorial staff.