The greatest hurdle to moving vital government data and programs into
the cloud is federal executives' confidence in outside security
systems, a panel of federal information technology leaders said
Wednesday.
One big component of producing that confidence level is getting the
Federal Risk and Authorization Management Program, or FedRAMP, up and
running, they said.
Agency technology executives spoke at a conference sponsored by
TechAmerica, an industry group.
FedRAMP is aimed at creating a standardized governmentwide review of
private sector information technology so individual companies'
offerings won't have to be reviewed and approved by dozens of
different departments and agencies.
The program was unveiled in November, but immediately ran into trouble
when technology companies complained the one-size-fits-all
requirements didn't jibe with the diversity of programs in the federal
government.
The Obama administration has said it will consider relaxing the
requirements and expects to get the program up and running this
summer.
"If you want to get it right, FedRAMP matters," said Mark Day, chief
technology officer at the Housing and Urban Development Department.
"We're looking to [the General Services Administration, which oversees
FedRAMP] to give us a lot of help in this area."
Even with the FedRAMP process in place, the panelists said, there's a
natural aversion to handing over sensitive data to an outside agency
whose security you can never guarantee as well as your own.
"The same things we're doing for ourselves, that's what we'd want as
we look at opportunities to move more than our public facing
[services, such as Web pages]," State Department Chief Information
Officer Susan Swart said. "We're just taking a very conservative look.
Until we feel comfortable that we can get that level of security,
[perhaps] by adding on to what FedRAMP provides, we won't be moving."
The panelists agreed, saying they'd prefer to move most services to a
federal-only cloud for security reasons, but even that requires a
change of culture.
"There's a comfort zone issue we have to address," Day said. "Private
and public might better be viewed as ours and shared. If you want to
talk about the culture issue, no matter where you sit, if I share with
someone else who's bigger than me, there's a discomfort there, because
I've lost some control."
The Obama administration's 25-point plan to reform federal IT
management, published in December 2010, calls on departments and
agencies to make the cloud their first storage option for new programs
and to identify several programs currently stored in data centers for
transition to the cloud.
Federal CIO Vivek Kundra has said transitioning large amounts of
federal data to the cloud could save the government millions of
dollars. Computing clouds are essentially large networks of servers.
Users can take as much space from them as they need and pay only for
what they use, which may vary from month to month.
The conference panelists also praised TechStat, a series of
face-to-face question-and-answer sessions Kundra launched in early
2010, during which IT project and program managers must either justify
cost overruns and missed deadlines or their projects will be canceled
or redesigned.
As a result of the rigors imposed by the TechStat process, HUD's IT
leaders have pared down the number of major projects they attempt at
one time from more than 30 to around seven, Day said.
Most agencies also have launched internal versions of the TechStat
process and the rigors of knowing they'll have to justify their
programs to senior management has imposed more discipline on project
managers, the panelists said.
One audience member, who said she was with the contractor MSB
Associates, asked whether the government would make TechStat
transcripts and other information available to industry so the private
sector could learn from government mistakes.
Agriculture Department CIO Chris Hill said some of that information is
available through the federal Chief Information Officers Council's
best practices information page. But that page, so far, includes only
a handful of project summaries, typically fewer than 10 pages in
length.
Stay up-to-date with federal technology news alerts and analysis -
sign up for Nextgov's email newsletters.
I completely agree with the statement that security is the major concern that companies have while moving to cloud.I have had read a survey on this and it was stated that many deny using this due to security concern.Nice blog.
ReplyDeleteelectronic signature Microsoft