He said NIST’s definition is a good starting point, but CIOs have to understand that the world of cloud computing is constantly evolving.
“[NIST] recognizes that it’s an evolving paradigm and there’s some spirited debate around it. Individual agencies are looking at it a little bit differently from each other, and in some cases, that’s not such a bad thing because we don’t think the definition needs to be all that rigid to get some value out of it.”
The overall goal is to find new and flexible ways for IT managers to move their software and platforms forward in order to meet the agency mission, while getting greater control over costs, said Isman.
“That’s where we see it tying in very closely to the shared services models across government, and how shared service providers can actually provide services in a way that’s, in some ways, based on the economics. ‘As I need services, I can provision those services quickly and I can get those up and running, and I actually pay for what services I’m using.’ That’s really one of the big powers of cloud computing.”
Moving to the cloud doesn’t mean the more traditional models of doing business will necessarily go away, either. Isman said one can benefit most from examining the cloud if he or she looks at it as one more tool in the arsenal.
“It’s an enabler of mission and capability, just like any technology. It’s another way for a federal agency to get their infrastructure services, get their software services, or get their platform services, and they can actually put themselves in a position where . . . now they’re actually hosting some of their services [and], in those hosting environments, do you want to spend a set amount of money every year, or do you want to pay for only the services that you use? ”
Money isn’t the only concern, however. Some have raised the question of security, and whether or not cloud is up to the task of protecting sensitive information. Isman said agencies do have to think long and hard about this, and not only in terms of attacks from the outside. Access to the data from within should also be considered.
“Will they be able to get at the data and get at the information when they need it, as opposed to leveraging someone else for downtime and those types of things. Federal agencies have been using hosting services and have been outsourcing some services for quite some time. This is another way to do that. I think that the proof on the security side is going to come from the individual vendors to prove that their platforms are secure.”
Therefore, Isman said, tying cloud to other subjects such as data consolidation and better environment usage should also be kept in mind.
“It’s not only about cost reduction. It is also about making sure that you know where everything is and you know it’s got a garage. One of the things we’re talking with agencies [about] is the analysis on how you transition and what you transition to a cloud environment. [That] needs to incorporate how secure that information will be. What information do you want out there in a cloud environment? The concepts of tenancy — who else is on those cloud platforms and how am I separated from [others]?”
What one shouldn’t do, however, is move into the cloud just because it seems trendy. Isman said every agency should look at the possibilities that cloud can offer, but this doesn’t necessarily mean cloud will be for them.
“What pieces and parts would make sense being out in a cloud environment? What pieces and parts would not? Make some decisions — and some of those are going to be based on the personalities within those agencies, but hopefully they’re also based on the need of actually providing support to their mission. One thing that’s getting lost is thinking of cloud computing as only a cost-savings, and not as a value proposition to the mission or business of an agency.”
In addition, Isman noted, agency heads should look at their overall goals — what they’re really trying to accomplish — while making a decision about cloud.
Read more about cloud computing in the federal space at the Fed Cloud Blog.