Federal CIO Vivek Kundra officially launched the Federal Cloud Computing Strategy. While this is clearly not new news, the document does state the government's position in a very succinct manner.
- By using the cloud computing model for IT services, we will be able to reduce our data center infrastructure expenditure by approximately 30% (which contributes to the estimated $20 billion of IT spending that could be migrated to cloud computing solutions).
- Cloud computing can complement data center consolidation efforts by shifting workloads and applications to infrastructures owned and operated by third parties.
- The shift to cloud computing can help to mitigate the fragmented data, application, and infrastructure silo issues associated with federated organizational and funding models by focusing on IT services as a utility.
- Cloud computing can accelerate data center consolidation efforts by reducing the number of applications hosted within government-owned data centers.
Cloud computing allows the Federal Government to use its IT investments in a more innovative way and to more easily adopt innovations from the private sector. Cloud computing will also help our IT services take advantage of leading-edge technologies including devices such as tablet computers and smart phones.
The strategy document also highlight the necessary change in federal agency mindset. "To be successful, agencies must manage cloud services differently than traditional IT assets.As with provisioning, cloud computing will require a new way of thinking to reflect a service-based focus rather than an asset-based focus."
Security concerns are also address in a head-on, balanced manner:
"The Federal Government will create a transparent security environment between cloud providers and cloud consumers. The environment will move us to a level where the Federal Government’s understanding and ability to assess its security posture will be superior to what is provided within agencies today."
"The first step in this process was the 2010 Federal Risk and Authorization Management Program (FedRAMP). FedRAMP defined requirements for cloud computing security controls, including vulnerability scanning, and incident monitoring, logging and reporting. Implementing these controls will improve confidence and encourage trust in the cloud computing environment."
"To strengthen security from an operational perspective, DHS will prioritize a list of top security threats every 6 months or as needed, and work with a government-wide team of security experts to ensure that proper security controls and measures are implemented to mitigate these threats."
"NIST will issue technical security guidance, such as that focused on continuous monitoring for cloud computing solutions, consistent with the six step Risk Management Framework (Special Publication 800-37, Revision 1)."
Cross-posted from Cloud Musings