One of President Obama’s major initiatives is to promote the efficient use of information technology. He supports the paperless office ideal that hasn’t been fully realized in the Paperwork Reduction act of 1995.
Specifically mentioned is Federal use of cloud computing. So good, bad or indifferent, the government is now moving into the world of cloud computing – despite the fact that it is a new way of doing business that still has many unaddressed problems with security and the general form that it is going to take.
The Federal CIO Council (Federal Chief Information Officers Council codified in law in E-Government act of 2002) CTO of Federal Cloud is Patrick Stingley. At the Cloud Computing Summit in April 29 2009, it was announced that the government is going to use cloud for email, portals, remote hosting and other apps that will grow in complexity as they learn about security in the cloud. They are going to use a tiered approach to cloud computing.
Here are seven problematic areas of cloud computing for which solutions need to be found:
- Vendor lock-in – Most service providers use proprietary software, so an app built for one cloud cannot be ported to another. Once people are locked into the infrastructure, what is to keep providers from upping the price?
- Lack of standards – National Institute of Standards and Technology (NIST) is getting involved and is still in development. This feeds the vendor lock-in problem since every provider uses a proprietary set of access protocols and programming interfaces for their cloud services. Think of the effect of this on security!
- Security and compliance – Limited security offerings for data at rest and in motion have not agreed on compliance methods for provider certification. (i.e., FISMA or common criteria. Data must be protected while at rest, while in motion, while being processed and while awaiting or during disposal.
- Trust – Cloud providers offer limited visibility of their methods, which limits the opportunity to build trust. Complete transparency is needed, especially for government.
- Service Level Agreements – Enterprise class SLAs will be needed (99.99% availability). How is the data encrypted? What level of account access is present and how is access controlled?
- Personnel – Many of these companies span the globe – how can we trust sensitive data to those in other countries? There are legal concerns such as a limited ability to audit or prosecute.
- Integration – Much work is needed on integrating the cloud provider’s services with enterprise services and make them work together.
Opportunities abound for those who desire to guide cloud computing. Those concerned with keeping cloud computing an open system drafted an Open Cloud Manifesto, asking that a straightforward conversation needs to occur in order to avoid potential pitfalls. Keep alert as the standards develop and contribute, if possible.