You Debate. We’ll Innovate.

Posted on March 26, 2012 by Tim Harder

Ok..You Debate…We’ll Innovate….

In his Government Computing News column, Mike Daconta http://bit.ly/GTcsVD , impassionedly argues that the NIST definition for Cloud Computing, with its complexity, is cause for government IT managers  to stay the course with business as usual; intonating that you should buy hardware, software, people, property, plant and repeat every 36 months.  Your budget cycles and key performance indicators are aligned with this legacy and entrenched model.  It worked for a few decades and is well cared for in +$80B worth of budget dollars but it is not without its own complex challenges. The legacy model provided us 2nd order derivatives like misplacing 1000 data centers http://bit.ly/bN3AU3  , a weakened cyber posture and application constructs designed to encourage vendor lock-in.  I agree it would be easy to stay the course but I strongly disagree that definition is a compelling enough cause not to innovate.

The good people at NIST, GSA, Leaf, McClure, et. al, have been leading the charge in this definition work and  driving innovation in their agencies and  the sector writ large. It is absolutely possible and absolutely needed to continue to refine definitions but not at the expense of deploying immediately needed innovation. These folks should be lauded. Not harassed.

Had they waited for debate society work to culminate – innovative projects like Army Private Cloud http://bit.ly/H60zNe   and Apps.Gov http://bit.ly/enikBl  never would have been started. APC is going to save millions in costs, improve the operating picture for warfighters and do it in a more secure fashion. Apps.gov offers untold levels of transparency and easier procurement models.

It is the promise of Cloud Computing which is being realized today by these innovators and projects.

Don’t we owe it to our constituencies:  warfighters, authorizers, civilian services, taxpayers … to refine and innovate?

Filed under: Uncategorized | Tagged: , , , , , , , , | Leave a Comment »

Who will supply your cloud?

Posted on June 29, 2011 by Tim Harder

1 pipe.  Many uses.  

One of the questions that CIO’s, IT leadership and Accreditation Authorities are dealing with is how to blend the economic benefits of cloud infrastructures with both the real and perceived security challenges presented by this new Service Delivery method.

When faced with inflection points like this I’ve often found that companies will reach out to their top two or three strategic technology suppliers to kick around ideas, learn from best practices and look for creative ways to fund Pilot projects.

If your Networking Service Provider, Hosting Partner and Wireline carrier are not on the list of initial partners you consult for advice…. It’s a position I think you may want to reconsider.

Heres why:

 As then, is now and forever shall be: Last Mile continues to matter. 

But not for the same reason you might suspect. I offer that the security implications for the last mile more than the contemporary performance arguments are a significant motivating factor for you to consider. And who better to help on your cloud journey than the service provider community you are already drawing on for network support.

You see for many of the large end user facing clouds, data is transported outside of your firewall and across the Public network. Depending upon your mission type – this transport method might be a complete non-starter.  Cleartext, Public Transport… these are not things your IA folks like to hear.

Enter: The power of Cross-Connect.

You’re networking service provider, hosting partner and wireline carriers who you already have a trusted relationship with for ping, power, pipe, can easily extend your private network into a cloud infrastructure in a low-friction – highly secure manner.

Leverage

It’s good for you because it can deliver results immediately, good for your organization because procurement can leverage the volume of many different contracting vehicles and good for the provider because it allows them to monetize additional traffic on their (very expensive to build) network plants.

I’ve shared this previously in a brief post last year http://bit.ly/a1HSmT  and helped to build a handy list providers you’ll want to consider speaking with here http://bit.ly/jUfNR8  .

Which of your networks would benefit from this approach?

Filed under: Uncategorized | Tagged: , , , | Leave a Comment »

Tell the federal government how it can fix cloud accreditation!

Posted on November 18, 2010 by Tim Harder

Okay, I know I’ve written about the accreditation process for cloud computing solutions quite frequently in the last few weeks. It’s just been a hot topic in light of the recent NIST event and all of the talk around streamlining cloud accreditation via FedRAMP. But this is the last time I’m going to write about it for a while….I swear.

According to an article on Federal News Radio’s Web site, the General Services Administration (GSA) and Federal CIO Council are looking for feedback from agencies, vendors and the public about process templates, guides, common security requirements and other program-related aspects of FedRAMP.

Although FedRAMP remains an amazing concept on paper, it’s still failing to meet its potential in reality. In addition to taking a very long time to materialize, it still isn’t completely inclusive of all government agencies.

FedRAMP establishes a baseline for security requirements, but still enables agencies the freedom to do additional testing for what they call “delta requirements.” In the case of defense and intelligence agencies where data is extremely sensitive, these “delta requirements” could essentially cause cloud solutions that have received accreditation through FedRAMP to undergo a whole additional set of tests and accreditation processes.

Also, steps toward continuous monitoring are welcome, but it’s unclear how the common operating picture for cloud gets rationalized with the common operating picture for cyber security. They can’t be brought together without a toolset or framework for governance, risk and compliance.

If you have additional comments on FedRAMP, they can be submitted using the FedRAMP online comment form until 11:59PM ET on Thursday, December 2, 2010. Comments will be reviewed by a joint team of representatives from across government for inclusion and updates in the final documents.

Now’s your chance to rise up and be heard. If we all chime in and help to shape FedRAMP, we can work towards making it the inclusive and effective accreditation process that we all hoped it would be when it was proposed.

Filed under: Uncategorized | Tagged: , , , , , , , , , , , , | 1 Comment »

NIST forum reviews government progress towards cloud adoption

Posted on November 5, 2010 by Tim Harder

In May, the National Institute of Standards and Technology (NIST) hosted the first Cloud Computing Forum & Workshop to respond to the Federal CIO’s request that it lead federal efforts on standards for data portability, cloud interoperability, and security. The workshop was intended to initiate engagement with industry to accelerate the development of cloud standards and discuss the potential uses for cloud computing in the government.

Yesterday, I continued my whirlwind trip around the country with a stop in Gaithersburg, MD, to attend the second Cloud Computing Forum & Workshop. This workshop is a bit different in that it’s designed to report on the status of the efforts initiated during the first workshop.

Unfortunately, the report card that they’re going to get is one I wouldn’t have wanted to bring home to my parents when I was a student.

The adoption of cloud computing and other innovative technologies in the federal government continues to crawl. What’s worse, the process for private enterprises to sell their technologies to the federal government is essentially stymieing innovation.

We’ve discussed this in previous posts, and General Clapper even went into detail about this during his speech at the GEOINT 2010 Symposium this week. Essentially, the time, expense and effort to get product accreditation to sell into the government is creating an incredibly high barrier to do so.

This barrier is precluding some of the most innovative technologies from being leveraged by the government. That’s because most of the innovative technology coming out today is from small companies or small divisions of big companies that simply can’t afford the cost and time for accreditation.

Luckily, the government recognized that there was a problem. They tasked NIST with creating a simple and lower cost certification and accreditation process for cloud-centric technology. NIST began the creation of FedRAMP, which offers one stop shopping for accreditation and authority to operate. FedRAMP would be recognized across multiple constituencies and multiple agencies in the government, essentially lowering the high barrier standing between these companies and selling into the government.

Although government agencies are talking about FedRAMP’s imminent launch, its implementation is going to take far longer than advertised. Right now, FedRAMP is in a consensus-building stage, trying to get influencers at government agencies on board. The technical details are there, but the agencies need to buy in. Unfortunately, that’s something that’s easier said than done.

But this isn’t FedRAMP’s only issue. The program is truly only applicable for civilian, non-combat and non-intelligence agencies. The Department of Defense (DoD) and intelligence agencies will always have higher hurdles for security than civilian agencies. And we completely understand. When national security and the lives of citizens or soldiers are on the line, the standards should be higher.

Unfortunately, this greatly reduces the impact of FedRAMP, since a large sector of the federal government will most likely want to continue doing its own accreditation. What may be needed is another, DoD and intelligence focused program similar to FedRAMP with even stricter accreditation standards.

During NIST’s next Cloud Computing Forum & Workshop, the news isn’t going to be all good. Granted, steps such as the GSA IaaS BPA have been taken, but when it comes to accreditation, feet are still being dragged and enough is not being done.

Filed under: Uncategorized | Tagged: , , , , , , , , , , , | 3 Comments »

Is GSA’s BPA for IaaS enough to spark federal cloud adoption?

Posted on October 26, 2010 by Tim Harder

In a recent post on GovCloudTalk, we discussed the federal accreditation process for IT services and solutions.

We took a look at the Federal Information Security Management Act (FISMA) and how it required vendors to get accredited by each individual government agency. This has effectively slowed down the adoption of cloud computing in the government while increasing the cost of products and services to the government.

We also looked at the Federal Risk and Authorization Management Program (FedRAMP) which was designed to fast track cloud computing acquisitions by enabling vendors to receive just one accreditation to do business with many government agencies. Despite FedRAMP’s potential to bring these money-saving technologies to the government, the implemention has been slow.

Last week, the General Services Administration (GSA) took a major positive step forward towards expediting the adoption of cloud computing. The GSA awarded 11 vendors spots on the first government-wide contract for cloud computing.

The GSA’s blanket purchase agreement (BPA) will make infrastructure-as-a-service (IaaS) solutions, including cloud storage, virtual machines and Web hosting, available through the Apps.gov portal, a GSA storefront for federal agencies to learn about and purchase cloud services.

The winning vendors were:

  • Apptis Inc. partnered with Amazon Web Services
  • AT&T
  • Autonomic Resources partnered with Carpathia, Enomaly and Dell
  • CGI Federal
  • Computer Literacy World partnered with Electrosoft, XO Communications and Secure Networks
  • Computer Technology Consultants partnered with Softlayer, Inc.
  • Eyak Tech LLC
  • General Dynamics Information Technology partnered with Carpathia
  • Insight Public Sector partnered with Microsoft
  • Savvis Federal Systems
  • Verizon Federal Inc.

These 11 vendors now have the ability to sell their IaaS services through the Apps.gov portal, but it’s just the first of many steps. The GSA is expected to pursue BPAs for software-as-a-service, email-as-a-service and platform-as-a-service in the future.

As I said, this is a positive step forward in the adoption of cloud computing in the federal government. And it’s definitely coming at the right time, when its cost-savings are sorely needed due to increasing national debt. Unfortunately, it’s still not enough.

These vendors still need to meet FISMA accreditation standards before they can be made completely available to federal agencies. This means that despite the BPA and addition of these solutions to the Apps.gov portal, they’re still not available for agencies to purchase and implement. These vendors still have to pursue GSA certification and accreditation.

Although the GSA is taking steps to bring the federal government into the cloud, there’s still much that needs to be done. FedRAMP needs to be implemented to help speed and simplify the accreditation process. PaaS, SaaS and other solutions need to be embraced as well.

Until cloud services are available via Apps.gov and accreditation is expedited, the government will continue to miss out on the efficiency and cost-savings that comes form a move to the cloud.

Filed under: Uncategorized | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment »

Follow

Get every new post delivered to your Inbox.