Government applications that don't have stringent requirements under the Federal Information Security Management Act could be the first available for testing in a public cloud environment, according to the leader of the Federal CIO Cloud Working Group.
Government applications that don't have stringent requirements under the Federal Information Security Management Act could be the first available for testing in a public cloud environment, said Casey Coleman, who is the General Services Administration's chief information officer and the lead of the Federal CIO Cloud Working Group.
"Something like 45 percent of the IT portfolio is ranked at a FISMA certification level of low. What that means is that those applications and that data are candidates" for running on some sort of commercial or hybrid cloud service, she said, speaking at the O’Reilly/TechWeb Gov 2.0 conference, being held this week in Washington.
In July the GSA issued a request for quotations for industry cloud services that could be used by agencies through a GSA storefront. At the conference, Coleman talked a bit more of GSA's intent behind setting up a cloud storefront. GSA wants to make cloud computing services from industry available to federal agencies "in a way that it's easy to use, simple and extracts a lot of complexity," she said.
Although federal Chief Information Officer Vivek Kundra has called for agencies to pursue cloud computing, using commercial cloud services still provides myriad procurement, security and compliance issues agencies must sort out. With the storefront, Coleman said, "Our goal is to abstract out some of those issues," and make it easier for agencies easier to deploy them.
With the RFQ, interoperability and portability were key concerns. "As the technology evolves, we as a customer and consumer of those services don't want to be locked into a technology that is not going to be cutting-edge," she said. "So we want to have that portability. We want to be able to migrate our solutions to the right platform as technology evolves. We also want to make sure that the government doesn't have to worry about managing the infrastructure because of migration issues."
One of the chief advantages that cloud computing offers is that new deployments can be set up quite quickly. She admitted that the government has not traditionally been known for working at such a speed.
"In general, there is not a culture of rapid development or rapid release cycles, although we recognize there is value in taking that approach," she said. "Historically there is friction around the processes such as the time to complete the procurement, or time to complete the security compliance process. By taking some of the friction out of the processes, we free ourselves up to focus more on missions."
"One of the value propositions of cloud computing is that you can start small," she said. "You can go for those opportunities that are the low-hanging fruit and scale solutions that work. By doing so, you can start to build a culture that is more embracing of information sharing and sharing resources across organizations."
Coleman said that ultimately agencies will use a mixture of private and public cloud services. "The federal government is so large that there will never be one solution that will work for everyone," she said. "There are some elements that will never be in a commercial cloud [and those] will be candidates for a private or hybrid cloud."