Federal agencies are modifying their information technology portfolios to align with strategies released by the White House for government-wide adoption of cloud solutions.
The Federal Cloud Computing Strategy, released Friday on cio.gov, provides a framework for migrating to the cloud, redefining contracts with cloud vendors and addressing security and governance concerns. There are also case studies highlighting the agencies’ cloud adoption process.
When selecting services to move to the cloud, agencies should consider the benefits (efficiency, agility and need for improvements through innovation) and how soon the service can move to the cloud (near-term, medium-term and long-term movers), according to the White House document.
Key security considerations include the need to:
•carefully define security and privacy requirements during the initial planning stage at the start of the systems development life cycle
•determine the extent to which negotiated service agreements are required to satisfy security requirements; and the alternatives of using negotiated service agreements or cloud computing deployment models which offer greater oversight and control over security and privacy
•assess the extent to which the server and client-side computing environment meets organizational security and privacy requirements
•continue maintaining security management practices, controls, and accountability over the privacy and security of data and applications
The National Institute of Standards and Technology will offer guidance for continuously monitoring the security of cloud computing, and the Department of Homeland Security will create a list of top security threats for agencies every six months or as needed.
The cloud strategy instructs agencies to ” include explicit service level agreements (SLAs) for security, continuity of operations, and service quality that meet their individual needs.” Contracts should also include a clause that allows third parties to assess security controls of cloud providers and points-of-contacts and procedures for agencies should the services fail.
“Consistent with the Cloud First policy, agencies will modify their IT portfolios to fully take advantage of the benefits of cloud computing in order to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost,” federal chief information officer Vivek Kundra said in the document.
The cloud first policy requires agencies to consider cloud solutions as a first option when procuring new technology.
Of the government’s $80 billion IT budget, agencies are targeting $20 billion in information technology investments to migrate to the cloud, according to agency estimates reported to the Office of Management and Budget. Agencies expect to reduce their IT spending on data center infrastructure by about 30 percent as part of the targeted investments.
There are even instructions for closing at least 800 data centers by 2015.
Agencies should look to shut down legacy hardware and software, and “where possible, staff supporting these systems should be trained and re-deployed to higher-value activities,” the strategy said.
Potential spending on cloud computing by agency includes:
1. Department of Homeland Security, more than $2.4 billion
2. Treasury Department, more than $2.4 billion
3. Defense Department, $2 billion to $2.2 billion
4. Veteran Affairs Department, $2 billion to $2.2 billion
*Source: White House “Federal Cloud Computing Strategy”
