Beginning with remarks from Federal CIO Vivek Kundra, there was much emphasis on the progress and opportunities of Federal Government use of cloud computing at the third National Institute of Standards and Technology (NIST) Cloud Computing Workshop on April 7-8 in Washington, DC. Kundra highlighted that there is no longer a question of “if” the U.S. Government will adopt the cloud, but “when,” suggesting that any critics of the cloud-first initiative begin to embrace this and help work to address the challenges.
NIST Director Dr. Pat Gallagher echoed this sentiment, highlighting that “the promise is real, excitement by agencies is high.” However, they are struggling with how to do it under other requirements they have. Dr. Gallagher articulated that NIST, as coordinator of Federal Government use of technology and standards, is at the center of helping the Government identify the barriers and also the key standards and enablers to overcome these challenges, and to realize the tremendous opportunities of cloud computing.
He noted that the cloud is indeed disruptive, breaking traditional models (at times both IT practice and policy). Therefore there is a critical role for NIST, as a choreographer, to lead this discussion between cloud users (particularly the USG) and the cloud industry-there is not an automatic communication because the “cloud” is such a broad set of architectures and possibilities.
Long term, Gallagher noted, we need to redefine the approach, admitting that this will take a considerable redesign from a policy and performance perspective–but that these ongoing discussions about reference architecture and standards are critical to ensuring that we don’t get left with a short term approach in the long term. Perhaps the term that best described the process was the concept offered by Dr. Gallagher that “we’re building the plane while we’re flying it, dealing with solutions on multiple time scales and stretching existing policy approaches into new areas.” Of course, he also went on to emphatically state that it’s worth the effort!
And he’s right. The Obama Administration and NIST have correctly identified that standards that support interoperability, portability, and security-developed with input from stakeholders, and in an open and transparent process–can help movement to the cloud. And they’re making solid progress down this road through their ongoing efforts leading up to this workshop.
Sure, it’s going to be a long journey, but as Director Gallagher said, it IS well worth the effort. Following are some additional key points that I made on the lead-off panel on “Adopter’s Long Term View,” and which were echoed by several speakers over the course of the Workshop:
* Cloud computing is not some new, untested technology. The private sector has been adopting it wholesale for years, and the Government is following quickly. The benefits are real, and they’re clear.
* In some ways, such as the “cloud first policy,” the Government is ahead of industry. In years to come, “cloud first” will be the norm, not the exception.
* Cloud computing provides great promise for ending the era of lock-in. Movement towards cloud and vertical stacks increases the need for openness. The collaborative government-industry effort to accelerate the standards and reference architecture development process could be very helpful in advancing the rapid adoption, and effectiveness, of cloud computing in the long term.
* The cloud provides an opportunity for built-in, not bolted on. Cloud computing is increasing recognition that as an industry, we cannot afford to view customer privacy and security as an exercise in compliance–they must be part of the value proposition. Particularly with respect to security, although it’s not widely recognized, cloud computing presents inherent security benefits:
1. Detection – the cloud creates the ability to link together millions of security nodes on the net. By working together, these nodes can better detect new threats.
2. Remediation – Quick remediation is vital to the game of cyber security – the less time the malware is in your system, the better protected you are. The cloud provides for a solutions provider to implement the solution much more rapidly than the older model of having to load the solution onto multiple machines.
3. Prediction – The trend in cyber security is very much focused on limiting the ability of bad actors to act at all. The cloud allows solutions providers to build reputation scores of machines that are bad actors, creators and disseminators of malware. The cloud solution can enable the provider to thus build reputation scores, much like credit scores, and block the ability of bad actors, bad machines, to infect customer systems.
4. Protection against lost or stolen laptops. One of the greatest threats to security is breach of data form lost or stolen laptops. Cloud provides for centrally stored data with continuous and automated network analysis and protection.