Federal Cloud Computing Strategy Officially Launched

Sunday, February 20, 2011

Kevin L. Jackson

21d6c9b1539821f5afbd3d8ce5d96380

Federal CIO Vivek Kundra officially launched the Federal Cloud Computing Strategy. While this is clearly not new news, the document does state the government's position in a very succinct manner.

  •  By using the cloud computing model for IT services, we will be able to reduce our data center infrastructure expenditure by approximately 30% (which contributes to the estimated $20 billion of IT spending that could be migrated to cloud computing solutions).
  •  Cloud computing can complement data center consolidation efforts by shifting workloads and applications to infrastructures owned and operated by third parties.
  •  The shift to cloud computing can help to mitigate the fragmented data, application, and infrastructure silo issues associated with federated organizational and funding models by focusing on IT services as a utility.
  •  Cloud computing can accelerate data center consolidation efforts by reducing the number of applications hosted within government-owned data centers.
image

Cloud computing allows the Federal Government to use its IT investments in a more innovative way and to more easily adopt innovations from the private sector. Cloud computing will also help our IT services take advantage of leading-edge technologies including devices such as tablet computers and smart phones.

The strategy document also highlight the necessary change in federal agency mindset. "To be successful, agencies must manage cloud services differently than traditional IT assets.As with provisioning, cloud computing will require a new way of thinking to reflect a service-based focus rather than an asset-based focus."

Security concerns are also address in a head-on, balanced manner:

"The Federal Government will create a transparent security environment between cloud providers and cloud consumers. The environment will move us to a level where the Federal Government’s understanding and ability to assess its security posture will be superior to what is provided within agencies today."

"The first step in this process was the 2010 Federal Risk and Authorization Management Program (FedRAMP). FedRAMP defined requirements for cloud computing security controls, including vulnerability scanning, and incident monitoring, logging and reporting. Implementing these controls will improve confidence and encourage trust in the cloud computing environment."

"To strengthen security from an operational perspective, DHS will prioritize a list of top security threats every 6 months or as needed, and work with a government-wide team of security experts to ensure that proper security controls and measures are implemented to mitigate these threats."

"NIST will issue technical security guidance, such as that focused on continuous monitoring for cloud computing solutions, consistent with the six step Risk Management Framework (Special Publication 800-37, Revision 1)."

image

Cross-posted from Cloud Musings

Possibly Related Articles:
8344
Cloud Security
NIST Cloud Security Government Vivek Kundra Federal Cloud Computing Strategy FedRAMP
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.