Cloud computing is likely to dominate federal IT over the next few years. The first indication this year, was the appointment of Vivek Kundra as the first-ever federal CIO. Kundra, who has long been an evangelist for cloud computing, has said that the cloud will do for government what the Internet did in the '90s. Kundra also believes that cloud computing can save millions of dollars for the federal government by moving away from infrastructure ownership, making efficiency and cost savings two big drivers for the push in cloud computing. The second indication came more recently, when President Obama, with his FY 2010 budget request, boldly went where no President has gone before - into the brave new world of cloud computing. The section of the budget document that mentions cloud computing, Cross Cutting Programs, talks about the benefits of cloud computing and the pilots that will be carried out in selected federal agencies, saying "Pilot projects will be implemented to offer an opportunity to utilize more fully and broadly departmental and agency architectures to identify enterprise-wide common services and solutions, with a new emphasis on cloud-computing."
In spite of support at the highest level, and likelihood of significant resources being set aside for cloud computing, there is still no clear agreement on what cloud computing is. National Institute for Standards and Technology (NIST), the federal agency which promotes the effective and secure use of technologies such as cloud computing by providing technical guidance and promoting standards, defines cloud computing as a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. However this is still a draft definition as there is still a lot of disagreement on this issue. We also don't have details on what exactly cloud computing implementation will mean for the federal government.
To learn more about Cloud Computing and how it will be used in the government, I talked to Peter Tseronis, Deputy Associate Chief Information Officer at the U.S. Department of Energy, and also Co-Chair of the upcoming MeriTalk Federal IT on a Budget Forum on May 21, where he will be moderating a session on cloud computing. As a member of the Government Information Technology Executive Council, Peter is recognized as a thought leader within the public and private sectors. Peter's strategic and innovative direction is consistent with Vivek Kundra's ultimate goal of lowering the cost of government operations via service-oriented architectures.
On Cloud Computing
"The NIST definition is still evolving. The goal is to develop a cohesive and harmonized characterization of cloud computing that resonates across the federal government and industry. Essentially, cloud computing is a scalable, service oriented, next generation computing platform layered in a three-tiered architecture; an architecture rooted in providing infrastructure, development platforms, and applications (as services). Infrastructure as a Service (IaaS) represents the foundation layer delivering commodity-based services, such as storage and computing capabilities. Platform as a Service (PaaS) represents the middle layer delivering an on-demand development platform for software and testing. The top layer, also known as Software as a Service (SaaS), delivers absolute application offerings via multi-tenancy without building or provisioning a datacenter. Cloud computing is about delivering software and infrastructure services via the Internet in a seamless, economical, and reliable manner. [Note: Ubiquitous computing, a term often used alongside cloud computing, refers to the practice of making computers so common and accessible that users are not even aware of their physical presence while elastic networks refer to flexible and adaptable networks].
Multiple design techniques exist with regard to developing a cloud computing environment. Virtualization can be thought of as the keystone design principle in any and all cloud computing architectures. Abstracting the physical computing resources from the users and applications using them typifies what virtualization is all about. [Note: Virtualization allows for the ability to separate the physical layout of a network and its devices from how uses are organized into workgroups]
On risks and opportunities
"The advantages of cloud computing include minimal capital investments in infrastructure, essentially allowing a customer to pay as it goes for what is consumed. Therefore the government does not have to get tied into one vendor or a set of vendors. In addition, the ongoing overhead costs associated with hardware and software upgrades are minimized. Cloud computing allows for multiple data centers and increases availability of computing resources across agencies, thus providing massive scalability. Fault tolerance, reliability, and scalability represent just a few of the many potential advantages of cloud computing as opposed to an on-premise computing environment. Effective planning is of paramount importance. Agencies should employ the federal enterprise architecture principles of architecting, investing, and implementing wisely in order to ensure a smooth transition to the target environment. As a continuous improvement effort, this performance improvement lifecycle enables optimization.
Risk mitigation needs to be a part of any cloud computing strategy. The risks associated with cloud computing are the same risks associated with any investment in technology. We can manage it by using firewalls, encryption, authentication, VLANs and other devices at our disposal. In addition, regulatory compliance will drive implementation. Securing the cloud computing perimeter is important, yet we need to acknowledge that the greatest risk to penetration resides within the perimeter.
On cloud computing pilots
DISA's Rapid Access Computing Environment (RACE) is a well-regarded cloud computing pilot. In this case, there is a "fee for service," where a customer comes to DISA and pays for services provided. RACE is therefore a shared services cloud that gives DISA customers on-demand, self-service access. RACE is located in one place (within DISA) unlike many cloud computing platforms but customers get a full range of options that are available to cloud computing clients.
[Note: Defense Information Systems Agency (DISA) is heavily committed to cloud computing. John Garing, the CIO of DISA has said: "If you deploy a force somewhere in the world for disaster relief ... or a special operations team, they ought to be able to connect to the network like you or I can from home, and bring together or compose ... the services and information they need for what they're doing at that particular place and time, rather than have to connect to a bunch of applications."]
On lessons learned/best practices
I find it useful to think of the technology challenge as: what is the "as-is?" what is the "to be?" and "how do you get there?". Agencies need to be flexible and responsive as technology changes. For instance, when I bought my wife the Kindle2, I thought I was ahead of the curve. And yet the next day I read in the Washington Post that the Kindle3 is ready to roll-out! This is yet another example of how fast technology evolves. Cloud computing represents the evolution of how infrastructure and software can be delivered and utilized as services. In line with President Obama's participatory and collaborative government theme, sharing best practices is a step in the right direction.
I still feel, though, that the biggest challenges are related to how we can change the culture of the agencies and encourage service orientation, virtualization, and standardization.
On privacy
Handling privacy is an issue that needs to be addressed adequately. In a public cloud, a third party would own and operate the computer infrastructure, and federal agencies would need to rely on these providers, even in cases of classified information or where there are compliance issues. This may not meet federal needs. What is more likely is that some services are likely to be kept within government perimeter and other services and data in a private cloud. Trust is perhaps the most important issue where privacy is concerned; we need to be cognizant of relevant laws and regulations such as Sarbannes-Oxley and Health Insurance Portability and Accountability Act (HIPAA). With different agencies building data centers, we need to manage for social engineering risks, as well as maintain security and build reliability using typical tools such as firewalls etc. that I mentioned earlier.
Managing cloud computing
GSA, under the direction of CIO Casey Coleman, is the agency that has been designated by the Vivek Kundra to lead the federal cloud computing program. This federal working group is building on the IT Infrastructure Line of Business (ITI LoB) initiative. Several different agencies are represented in the Federal Cloud Computing Working Group. [Note: Last week, GSA announced that it would make the move to cloud computing with the assistance of Terremark Worldwide Inc., which provides Internet-based computing facilities and support].
In spite of support at the highest level, and likelihood of significant resources being set aside for cloud computing, there is still no clear agreement on what cloud computing is. National Institute for Standards and Technology (NIST), the federal agency which promotes the effective and secure use of technologies such as cloud computing by providing technical guidance and promoting standards, defines cloud computing as a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. However this is still a draft definition as there is still a lot of disagreement on this issue. We also don't have details on what exactly cloud computing implementation will mean for the federal government.
To learn more about Cloud Computing and how it will be used in the government, I talked to Peter Tseronis, Deputy Associate Chief Information Officer at the U.S. Department of Energy, and also Co-Chair of the upcoming MeriTalk Federal IT on a Budget Forum on May 21, where he will be moderating a session on cloud computing. As a member of the Government Information Technology Executive Council, Peter is recognized as a thought leader within the public and private sectors. Peter's strategic and innovative direction is consistent with Vivek Kundra's ultimate goal of lowering the cost of government operations via service-oriented architectures.
On Cloud Computing
"The NIST definition is still evolving. The goal is to develop a cohesive and harmonized characterization of cloud computing that resonates across the federal government and industry. Essentially, cloud computing is a scalable, service oriented, next generation computing platform layered in a three-tiered architecture; an architecture rooted in providing infrastructure, development platforms, and applications (as services). Infrastructure as a Service (IaaS) represents the foundation layer delivering commodity-based services, such as storage and computing capabilities. Platform as a Service (PaaS) represents the middle layer delivering an on-demand development platform for software and testing. The top layer, also known as Software as a Service (SaaS), delivers absolute application offerings via multi-tenancy without building or provisioning a datacenter. Cloud computing is about delivering software and infrastructure services via the Internet in a seamless, economical, and reliable manner. [Note: Ubiquitous computing, a term often used alongside cloud computing, refers to the practice of making computers so common and accessible that users are not even aware of their physical presence while elastic networks refer to flexible and adaptable networks].
Multiple design techniques exist with regard to developing a cloud computing environment. Virtualization can be thought of as the keystone design principle in any and all cloud computing architectures. Abstracting the physical computing resources from the users and applications using them typifies what virtualization is all about. [Note: Virtualization allows for the ability to separate the physical layout of a network and its devices from how uses are organized into workgroups]
On risks and opportunities
"The advantages of cloud computing include minimal capital investments in infrastructure, essentially allowing a customer to pay as it goes for what is consumed. Therefore the government does not have to get tied into one vendor or a set of vendors. In addition, the ongoing overhead costs associated with hardware and software upgrades are minimized. Cloud computing allows for multiple data centers and increases availability of computing resources across agencies, thus providing massive scalability. Fault tolerance, reliability, and scalability represent just a few of the many potential advantages of cloud computing as opposed to an on-premise computing environment. Effective planning is of paramount importance. Agencies should employ the federal enterprise architecture principles of architecting, investing, and implementing wisely in order to ensure a smooth transition to the target environment. As a continuous improvement effort, this performance improvement lifecycle enables optimization.
Risk mitigation needs to be a part of any cloud computing strategy. The risks associated with cloud computing are the same risks associated with any investment in technology. We can manage it by using firewalls, encryption, authentication, VLANs and other devices at our disposal. In addition, regulatory compliance will drive implementation. Securing the cloud computing perimeter is important, yet we need to acknowledge that the greatest risk to penetration resides within the perimeter.
On cloud computing pilots
DISA's Rapid Access Computing Environment (RACE) is a well-regarded cloud computing pilot. In this case, there is a "fee for service," where a customer comes to DISA and pays for services provided. RACE is therefore a shared services cloud that gives DISA customers on-demand, self-service access. RACE is located in one place (within DISA) unlike many cloud computing platforms but customers get a full range of options that are available to cloud computing clients.
[Note: Defense Information Systems Agency (DISA) is heavily committed to cloud computing. John Garing, the CIO of DISA has said: "If you deploy a force somewhere in the world for disaster relief ... or a special operations team, they ought to be able to connect to the network like you or I can from home, and bring together or compose ... the services and information they need for what they're doing at that particular place and time, rather than have to connect to a bunch of applications."]
On lessons learned/best practices
I find it useful to think of the technology challenge as: what is the "as-is?" what is the "to be?" and "how do you get there?". Agencies need to be flexible and responsive as technology changes. For instance, when I bought my wife the Kindle2, I thought I was ahead of the curve. And yet the next day I read in the Washington Post that the Kindle3 is ready to roll-out! This is yet another example of how fast technology evolves. Cloud computing represents the evolution of how infrastructure and software can be delivered and utilized as services. In line with President Obama's participatory and collaborative government theme, sharing best practices is a step in the right direction.
I still feel, though, that the biggest challenges are related to how we can change the culture of the agencies and encourage service orientation, virtualization, and standardization.
On privacy
Handling privacy is an issue that needs to be addressed adequately. In a public cloud, a third party would own and operate the computer infrastructure, and federal agencies would need to rely on these providers, even in cases of classified information or where there are compliance issues. This may not meet federal needs. What is more likely is that some services are likely to be kept within government perimeter and other services and data in a private cloud. Trust is perhaps the most important issue where privacy is concerned; we need to be cognizant of relevant laws and regulations such as Sarbannes-Oxley and Health Insurance Portability and Accountability Act (HIPAA). With different agencies building data centers, we need to manage for social engineering risks, as well as maintain security and build reliability using typical tools such as firewalls etc. that I mentioned earlier.
Managing cloud computing
GSA, under the direction of CIO Casey Coleman, is the agency that has been designated by the Vivek Kundra to lead the federal cloud computing program. This federal working group is building on the IT Infrastructure Line of Business (ITI LoB) initiative. Several different agencies are represented in the Federal Cloud Computing Working Group. [Note: Last week, GSA announced that it would make the move to cloud computing with the assistance of Terremark Worldwide Inc., which provides Internet-based computing facilities and support].
|
|