“It’s clear to me that security and privacy are real concerns,” Towns said in his opening statement. “Our natural impulse is to hold the things we value close to us, but cloud computing requires entrusting data to others.”
Towns acknowledges that in the long run, the government could also save money by using cloud computing. But the ranking Republican on the panel, Darrell Issa of California, says he doesn’t believe cost savings will be the only factor in moving federal government IT into the cloud.
“I’m interested in seeing how companies believe they can provide guaranteed security in a cloud environment,” he said.
White House Federal CIO Vivek Kundra came to offer an update on the effort to move federal agencies into the cloud, offering a somewhat dramatic graphic to underscore the urgency and the need for the change:
Unfortunately, the number of data centers in the United States Government has gone from 482 to over 1,100 in over a decade. While in the private sector, IBM went from 282 data centers to 12. That’s not sustainable in the long term.
The Government Accountability Office released a study at yesterday’s hearing that, on the one hand, talked up the potential benefits of cloud computing, but warned that a viable game plan for its implementation is still needed.
Greg Wilshusen, who directs Information Security Issues for the GAO, testified, “22 of 24 major federal agencies reported that they are either concerned or very concerned about the potential information security risks associated with cloud computing.”
Kundra says federal agencies face an end-of-year deadline to map out their strategies for migrating their computing needs to the cloud.
“By this December, agencies have been directed by OMB to come up with roadmaps and plans on how they are going to consolidate” to cloud computing, he told the committee.
One of the challenges of developing that guidance on cloud computing is trying to meet the individual, and sometimes differing, security needs of the agencies. To that end, Dave McClure, Associate Administrator in the Office of Citizen Services and Innovative Technologies at the General Services Administration talked about an inter-agency effort to develop a common set of security standards.
The Federal CIO, our cloud PMO (project management office), the CIO council, which has a security working group, and NIST have come together… We have come up with a process and corresponding security controls that have been agreed to by multiple agencies. We’re calling this program FEDRAMP. It provides a government-wide risk management approach for enterprise-level IT systems. It will enable agencies to either use or leverage existing security authorizatitons.
Some of companies who will very likely be competing for contracts to provide cloud computing services to the federal government, such as Microsoft, Google, EMC Federal, and Salesforce.com, also testified at yesterday’s first oversight hearing into cloud computing by the House Oversight Committee.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)