You Debate. We’ll Innovate.

Posted on March 26, 2012 by Tim Harder

Ok..You Debate…We’ll Innovate….

In his Government Computing News column, Mike Daconta http://bit.ly/GTcsVD , impassionedly argues that the NIST definition for Cloud Computing, with its complexity, is cause for government IT managers  to stay the course with business as usual; intonating that you should buy hardware, software, people, property, plant and repeat every 36 months.  Your budget cycles and key performance indicators are aligned with this legacy and entrenched model.  It worked for a few decades and is well cared for in +$80B worth of budget dollars but it is not without its own complex challenges. The legacy model provided us 2nd order derivatives like misplacing 1000 data centers http://bit.ly/bN3AU3  , a weakened cyber posture and application constructs designed to encourage vendor lock-in.  I agree it would be easy to stay the course but I strongly disagree that definition is a compelling enough cause not to innovate.

The good people at NIST, GSA, Leaf, McClure, et. al, have been leading the charge in this definition work and  driving innovation in their agencies and  the sector writ large. It is absolutely possible and absolutely needed to continue to refine definitions but not at the expense of deploying immediately needed innovation. These folks should be lauded. Not harassed.

Had they waited for debate society work to culminate – innovative projects like Army Private Cloud http://bit.ly/H60zNe   and Apps.Gov http://bit.ly/enikBl  never would have been started. APC is going to save millions in costs, improve the operating picture for warfighters and do it in a more secure fashion. Apps.gov offers untold levels of transparency and easier procurement models.

It is the promise of Cloud Computing which is being realized today by these innovators and projects.

Don’t we owe it to our constituencies:  warfighters, authorizers, civilian services, taxpayers … to refine and innovate?

Filed under: Uncategorized | Tagged: , , , , , , , , | Leave a Comment »

Tell the federal government how it can fix cloud accreditation!

Posted on November 18, 2010 by Tim Harder

Okay, I know I’ve written about the accreditation process for cloud computing solutions quite frequently in the last few weeks. It’s just been a hot topic in light of the recent NIST event and all of the talk around streamlining cloud accreditation via FedRAMP. But this is the last time I’m going to write about it for a while….I swear.

According to an article on Federal News Radio’s Web site, the General Services Administration (GSA) and Federal CIO Council are looking for feedback from agencies, vendors and the public about process templates, guides, common security requirements and other program-related aspects of FedRAMP.

Although FedRAMP remains an amazing concept on paper, it’s still failing to meet its potential in reality. In addition to taking a very long time to materialize, it still isn’t completely inclusive of all government agencies.

FedRAMP establishes a baseline for security requirements, but still enables agencies the freedom to do additional testing for what they call “delta requirements.” In the case of defense and intelligence agencies where data is extremely sensitive, these “delta requirements” could essentially cause cloud solutions that have received accreditation through FedRAMP to undergo a whole additional set of tests and accreditation processes.

Also, steps toward continuous monitoring are welcome, but it’s unclear how the common operating picture for cloud gets rationalized with the common operating picture for cyber security. They can’t be brought together without a toolset or framework for governance, risk and compliance.

If you have additional comments on FedRAMP, they can be submitted using the FedRAMP online comment form until 11:59PM ET on Thursday, December 2, 2010. Comments will be reviewed by a joint team of representatives from across government for inclusion and updates in the final documents.

Now’s your chance to rise up and be heard. If we all chime in and help to shape FedRAMP, we can work towards making it the inclusive and effective accreditation process that we all hoped it would be when it was proposed.

Filed under: Uncategorized | Tagged: , , , , , , , , , , , , | 1 Comment »

Missing datacenters a symbol of inefficiency and poor security

Posted on October 19, 2010 by Tim Harder

Last week I attended the Cyber Solutions Conference, a one-day conference and exposition held by the Federal Business Council, Inc. in collaboration with the National Cyber Security Alliance. The event was up in Baltimore and functioned to bring together government, industry and academia to concentrate on the collective responsibility of cyber solutions and security.

One of the things that many of the experts agreed upon was that the cloud was going to help improve cybersecurity for the federal government.

Why? Because the adoption of cloud computing means less datacenters, which means that the government could invest more resources into the security of each individual datacenter. Instead of using limited resources to build multiple “fences,” each around a different datacenter, they can instead use those resources to build a much higher fence around fewer datacenters.

Ironically, the day before the conference began, the actual number of federal datacenters increased almost two-fold. They didn’t actually build more overnight, they simply had managed to lose track of over 1,000 of them. According to an article published in Data Center Knowledge just hours before the conference began, an updated inventory by federal agencies showed that the federal government has 2,094 datacenters, nearly 1,000 more than previously estimated.

First off…how do you lose a datacenter? We’re talking about a room larger than 500 square feet dedicated to data processing…not your car keys! But regardless of how the datacenters were lost (or misplaced, if you will) they further exasperate the security situation. 1,000 more datacenters is 1,000 more fences that need to be built. The resources of which to build those fences just got spread even thinner.

And security is just one problem facing the federal government and their 2,094 datacenters.

As we’ve discussed previously, datacenters are extraordinarily expensive to run. They require large amounts of power. They take up a lot of room. They need to be cooled. New technologies require upgrades. They also need to be maintained and repaired. These recurring costs, multiplied 2,094 times, are a huge expense that the federal government simply can’t afford in the current economic climate and in light of our crushing national debt.

The presence of these previously “lost” datacenters brings increased urgency to the adoption of cloud computing in the federal government. By consolidating these datacenters and embracing cloud solutions, the government could reduce the number of datacenters they have. The result would less datacenters to secure with their limited cybersecurity resources, resulting in higher fences around each individual datacenter. They would also save significant amounts of taxpayer dollars.

Now that these datacenters have been found…let’s get rid of them. Can the federal government really afford not to?

Filed under: Uncategorized | Tagged: , , , , , , , , | 1 Comment »

The eight largest data center headaches facing the federal government today

Posted on September 30, 2010 by Tim Harder

In my work with EMC, I spend a lot of time traveling around the country meeting with government technology decision makers. Although all of this travel takes me far from home for long stretches time, I do get to have some great conversations with these individuals.

Some of the things that we talk about, more often than not, are the challenges that these CIOs and IT professionals are having. Interestingly enough, these challenges are often not exclusive to any one agency, but are experienced in federal data centers and IT departments across the government.

Here are the challenges that I personally hear about the most. A virtual “top ten” list of the biggest headaches plaguing IT professionals today…but there’s only eight:

Perpetually growing data: Organizations are being tasked to manage increased amounts of unstructured content. This data is coming in from an almost limitless amount of endpoints, including many mobile devices and sensors. Storing, searching and otherwise managing this epic amount of data has become an increasingly large problem for federal agencies.

Globally distributed operations: Today’s federal agencies are being run in a truly distributed fashion. An agency with headquarters in Washington, DC, could have offices, operations and employees in Huntsville, AL, or a myriad of other locations across the globe. The challenge for these agencies is to create a system that manages data across multiple geographies, securely.

The rise of Meta-Data: It’s not enough to actually have to store data. Now, many government agencies have to store meta-data…which is data about data. Meta-data has become just as important as the actual data elements themselves, which is adding to the first entry on our list…perpetually growing data.

Increasing government transparency: As part of the Obama Administration’s campaign promise to increase transparency in the federal government, entities are being tasked to provide more information to the general public and offer more electronically enabled constituent services. This is driving demand for Web technologies. Unfortunately, in light of ongoing economic issues, capital budgets are staying flat and, in many instances, declining. This is making it difficult to invest in infrastructure purchases, especially ones that will require additional operating and maintenance costs in the future.

Cybersecurity: This shouldn’t be a shock to anyone, since cybersecurity is one of the hottest IT topics and remains a concern to all organizations, both private and public sector. The federal government is concerned about both defensive and offensive cybersecurity capabilities. This, in turn, is driving discussions around governance, risk and compliance and arguments around what data should reside on what network.

The SaaS Revolution: As agencies move from traditional, large scale ERP applications towards web enabled SaaS applications and mobile device “apps,” web-scale systems that can easily flex to meet capacity workloads are becoming increasingly important.

The evolution of applications: The Application “stacks,” or set of applications that are typically required by an organization, are giving way to Infrastructure and Platform services. These services demand common libraries and lifecycle management.

Interagency share: Many organizations have been tasked with sharing data elements across projects, programs, end users and mission scenarios. This is especially true between agencies responsible for defense and homeland security. As a result, institutional archives and heritage assets on older, fixed media are being converted in massive quantities to sharable, retaskable digital formats.

Not surprisingly, many of these challenges can be addressed through adoption of cloud computing. In later posts we’ll be analyzing some of these challenges closer, and discussing ways in which cloud computing can help to overcome them.

Filed under: Uncategorized | Tagged: , , , , , , , , , , , , | Leave a Comment »

Follow

Get every new post delivered to your Inbox.