DHS Releases Continuous Monitoring RFQ:  In cybersecurity news, DHS, working through GSA, released a final RFQ this week seeking bids to meet requirements  of the new Continuous Diagnostic and Mitigation program and for continuous monitoring as-a-service.  The BPA includes 15 tools and 11 task areas aimed at improving DHS’s IT security.  The BPA has an estimated value of $6 billion and responses are due January 28, 2013. Federal News Radio has the details.

PSIG Members Featured in 10^th Anniversary of the E-Gov Act Event:  This week marked the 10^th anniversary of the E-Gov Act and SIIA PSIG Members Doug Bourgeois of VMware, Mark Forman of Government Transaction Services and David Mihalchik of Google all were featured prominently in the event marking the anniversary.  Other SIIA members were included as well, including Dan Chenok of IBM and former Congressman Tom Davis, now of Deloitte.  C Span covered the event, which focused on the advances made in government technology since passage of the E-Gov Act.  See the video here.

 Appian Receives FISMA Moderate Certification from GSA:  Appian announced this week that it had received FISMA moderate certification from the General Services Administration for a major business process management application, built on Appian Cloud.  Appian Cloud is built on Amazon Web Services.  See the press release for more information.

Federal News Radio to host live chat with CBP CIO:  Our friends at Federal News Radio are hosting a live chat on January 3^rd at 11am with DHS Customs and Border Protection CIO Charlie Armstrong and are encouraging interested parties to submit questions in advance.  See the link for more details.

Michael Hettinger is VP for the Public Sector Innovation Group (PSIG) at SIIA. Follow his PSIG tweets at @SIIAPSIG.

His intervention is a welcome attempt to set the record straight before these erroneous beliefs become widespread and entrenched.  It was accompanied the release of State Department white paper that dispels the misconceptions about the U.S. legal system and government access to information.

The fact is that the U.S. has a well-developed and established system to protect individual liberties from government intrusion.  We have a general distrust of a powerful government and are suspicious of anything that advances the growth of government power.  Our bias is in favor of a limited government that lets people chose their own good in their own way.  As a result we are far less tolerant of government intrusion into our private lives than other countries, and have set up a system whereby the U.S. extends privacy protections to non-U.S. citizens as well.

At the same time, the U.S. is more tolerant of the use of information for innovative and productive use by businesses than other countries, to our great advantage in the race for economic growth, business development and job creation.  Our system of protecting the individual privacy in the business context shows that this can be done while maintaining strong and effective protections for consumer privacy. This system also respects the rights of non-U.S. consumers established in other privacy regimes.

None of this means that the U.S. system is perfect.  We think that steps can be taken to improve the consumer privacy system for mobile app notifications and are actively working with the U.S. Commerce Department and other stakeholders on a voluntary code of conduct and an effective system of screen notices.  We have joined with others in the Digital Due Process Coalition to modernize the 1986 U.S. Electronic Communications Privacy Act, which needs updating to fit the realities of email and document storage in the cloud.

But the need for these reforms does not suggest that the current U.S. system is a threat to privacy or justifies a move away from cloud computing as a way to avoid government scrutiny.  Ambassador Kennard is to be commended for his strong defense of the U.S. approach to privacy in the cloud.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

GSA pulls the plug on Apps.gov: The federal government pulled the plug on Apps.gov this week. The cloud application storefront, which was the brainchild of former Federal CIO, Vivek Kundra, was intended to provide a one-stop-shop for cloud apps for the federal government and make it easier for federal IT personnel to acquire cloud services. The initiative never took off as intended. GSA didn’t give a reason for decommissioning the initiative, but noted that everything that was available through Apps.gov, would still be available through Schedule 70. Information Week has a story.

NextGov Prime highlights procurement reform, big data: NextGov held its first-ever Prime Conference at the Ronald Reagan Building this week. The event included a keynote panel featuring Rep. Darrell Issa (R-CA) chairman of the House Oversight and Government Reform Committee and Rep. Gerry Connelly (D-VA), ranking member of the panel’s Technology Subcommittee, two leaders pushing an update to the 1996 Clinger-Cohen Act. The intent of the legislation, which SIIA has been tracking closely and which is expected to be introduced early in the next Congress, is to improve the speed and efficiency of federal IT purchasing. FCW has the wrap up. The event also had a heavy focus on big data and how data analytics can make the government more effective. FCW covers that angle as well.

Michael Hettinger is VP for the Public Sector Innovation Group (PSIG) at SIIA. Follow his PSIG tweets at @SIIAPSIG.

“SIIA supports Chairman Leahy’s proposed Electronic Communications Privacy Act (ECPA) reform in order to address the tremendous technological advances in communications and computing technology since 1986, when the statute was passed. The legislation proposed by Sen. Leahy would create a warrant requirement for law enforcement access to remotely stored electronic content. This legislation presents a big step toward making sure that the information Americans store in the cloud receives the same level of protection as the information stored in their homes.

“SIIA commends Sen. Leahy’s Leadership on this very important issue, and we urge members of the Judiciary Committee to support the substitute manager’s amendment while opposing any amendments that would weaken the warrant requirement.”

Ken Wasch is President of SIIA.

1. Large data centers are more efficient than small and medium-sized data centers, so regardless of this looking negative at first blush, the electricity/unit of computing is less.
2. Devices themselves are using less energy especially as  desk tops and laptops give way to tablets and smartphones,
3. Cloud data centers can and will drive to renewable energy, as detailed in this report. Companies like Oracle, Adobe, and  IBM are devoting their considerable resources to sustainable computing practices, and this trend will only increase as they continue to work to make data centers more efficient and clean.

A number of voices have come out in support of cloud computing’s environmental benefits for these very reasons. The New York Times hosted quite a few on their Room for Debate page. Here is a short sampling.

Urs Hölzle, Senior Vice President for Technical Infrastructure at Google, knows from personal experience how data centers work, operating Google’s servers, networks, and data centers. He writes on the New York Times website:

“Because of our obsession with efficiency, we’re able to help others be more efficient as well. Small and medium data centers use two-thirds of the total energy because it’s much harder to run them efficiently, so the trend of replacing on-premise servers with efficient cloud services will reduce the amount of energy used to run the same workload.”

Similarly, Jonathan Koomey, research fellow at the Steyer-Taylor Center for Energy Policy and Finance at Stanford University refutes Mr. Glanz:

“Modern cloud-based data centers are much more efficient and have much higher utilization levels than standard data centers, giving them substantial economic and energy-related advantages. And the shift to mobile computing promises big efficiency gains for users as well. For example, laptop computers, which typically use a third to a fifth of the power of desktops, outsold desktops for the first time in 2009 (according to IDC data). Sales of tablets, which are even more efficient, are growing much faster than those for laptops.”

Gary Cook, the senior I.T. sector analyst for Greenpeace International’s Cool IT campaign,  also provides cautious optimism, writing:

Customers need companies to be more transparent about their energy choices so that they can understand the true environmental performance of their Internet and cloud use and make more informed choices. If given the information, people will choose a company that chooses clean energy. We can – and should – be able to feel good about our likes, tweets, photos and music, but it’s up to these companies to take the bold steps to make that possible.

Charles Babcock of Information Week summarizes the other side thusly:

“Everyone is doing a lot more computing, as the story notes. But as we do so, the amount of electricity consumed per unit of computing is going down, which the story somehow misses. Nowhere does the Times address this salient point. Instead, it concludes we are doing a lot more computing and, therefore, we are all guilty of driving environmental degradation. If you’re going to reform the world, you need to build a better soapbox than this.”

Tracy Carlin is a Communications and Public Policy Intern at SIIA. She is also a first year graduate student at Georgetown University’s Communication, Culture and Technology program where she focuses on intersections in education, video games and gender.

SIIA particularly welcomes the Commission’s focus on the use of cloud computing in government. The Commission’s encouragement of the use of cloud computing is the counterpart of the US government’s Cloud First approach.

Unfortunately, some parts of the Commission’s communication go in a direction SIIA warned against in its report to policy makers last year. In places, the communication treats cloud computing as a discrete entity that is potentially subject to specific government regulation. In reality, cloud computing is a variety of evolving business and technical developments that share only a rough similarity. NIST has described three different service models for cloud computing (Software as a Service, Platform as a Service, and Infrastructure as a Service); and four different deployment models (private, community, public and hybrid). There is also the enormous difference between consumer uses of cloud computing and its business uses, and within the latter, still further important differences between uses by large organizations and by small and medium sized businesses. Cloud computing is used in industries ranging from financial services, to energy to telecommunications.

The European Commission’s cloud strategy document recognizes this issue, noting that cloud computing has a “range of defining features (which make a general definition elusive)…” Despite this it goes on to propose a series of government regulations that can be effectively implemented only if there is a reasonably precise legal definition of cloud computing.

Privacy rules, security rules, intellectual property, and consumer protection rules apply when cloud computing is used, but there is no need for special privacy, security, intellectual property or consumer protection rules that apply just to cloud computing. Generalized rules, indeed, globally interoperable rules, are best suited to the global, borderless nature of cloud computing.

Some of the specific suggestions in the report are good in themselves. This is the case for example in the idea that security guidelines should be developed that take into account the special characteristics of cloud computing. But again there is no need for European regulations that mandate specific security requirements just for cloud computing. Security standards should be market-driven and global, not just European, in character

Another concern is the possible development of privacy rules just for the cloud. The Commission and the Parliament are working on a new data protection regulation that would apply across the board, but the cloud strategy suggests the development of alternative or competing privacy rules just for cloud computing.

The Commission also seems to be interested in mandating specific consumer protections such as data portability, interoperability and reversibility in standardized service level agreements. But it is a leap to jump from a concern for consumer protection to the conclusion that specific European consumer protection rules need to be incorporated into standardized terms of service. Industry groups, not European-wide regulators, are best situated to fill any perceived need for optional model contracts.

SIIA welcomes the Commission’s strategy and intends to engage in the process of working with the Commission to see that the benefits of cloud computing are fully realized in the European single market and throughout the world.

On a related note, SIIA submitted comments today to the General Services Administration (GSA) in response to the Cloud Brokerage RFI, an area that is addressed in the bill, and we encourage those comments to be considered by the Committee on Oversight and Government Reform as they look at that area of the legislation. We look forward to working with Chairman Issa and the Committee as they move forward to craft a final bill that serves to improve IT acquisition practices to the benefit of vendors and the federal government.

Michael Hettinger is VP for the Public Sector Innovation Group (PSIG) at SIIA. Follow his PSIG tweets at @SIIAPSIG.

Cloud computing has become a key priority for the federal government, and we’re pleased to see the cloud-first vision reflected in the OMB’s budget guidelines. The new guidance is a big step toward making cloud computing a reality for the federal government. It ensures that agencies are able to plan investments in cloud technologies that can reduce costs and more effectively serve citizens. SIIA looks forward to continuing to work with the Administration to bring transformational cloud technologies to the federal marketplace.

In a June whitepaper, the SIIA Public Sector Innovation Group, which launched in March to help technology firms take advantage of the evolving federal investment in cloud-related technologies, asked the Obama Administration to review the current OMB Exhibit 300 process to ensure its relevancy in today’s world of on-demand computing. The advice was one of five key recommendations aimed at helping federal CIOs and IT companies work together to effectively transition to a new cloud-based environment.

The OMB new guidance calls for agencies to complete an agency cloud computing portfolio as part of the Exhibit 53 process (Exhibit 53C). This section requires agencies to conduct a cloud computing alternatives evaluation, as well as report at the agency level any costs directly attributable to cloud computing implementations, operations or services. Under the guidance, cloud investments are to be reported for prior year, current year and budget year both by deployment model (Public, Private, Community, Hybrid) and service model (PaaS, SaaS and IaaS).

1) Create a comprehensive federal information technology road map

Currently, the Office of Management and Buddy Strategy fails to prioritize agency IT initiatives within its strategy documents. This needs to change to avoid confusion. Writes Hettinger:

Today, agencies must interpret myriad Office of Management and Budget strategy documents involving cloud computing, shared services and data center consolidation — supplemented by the recent digital government strategy. The result is confusion around prioritization of agency IT initiatives, as evidenced by public comment from the cloud computing industry.

2) Modernize acquisition practices to discard the on-site IT model and embrace the off-site, on-demand nature of cloud computing

The current acquisition process is outdated, and in desperate need of a re-haul in the modern IT world.

Current IT acquisition regulations, mainly those espoused in the 1996 Clinger-Cohen Act and modified along the way, were written for a different time — one in which agencies sought to make capital investments in IT systems, servers and other durable IT. In today’s world of cloud computing, agencies should no longer look to make capital investments in IT but rather should invest in acquiring IT on demand and in purchasing services and capabilities.

3) Improve FedRAMP

In June, the Federal Risk and Authorization Management Program (FedRAMP) reached its initial operating capabilities to certify businesses that meet federal cloud services standards. But cloud service providers (CSPs) are concerned the program will create extra red tape for CSPs and give an unfair advantage to the first companies through the gate.

Many CSPs are concerned that FedRAMP, while well-intended, could become a bottleneck because of the limited capacity of the FedRAMP-certified third-party assessors who will evaluate applicants, and because of the approval schedule, which projects to have only three companies certified under the program by the end of 2012. Those three appear to have a leg up on the competition as we head into 2013… Clearly, there is merit in providing CSPs with a Joint Authorization Board-approved provisional authorization that can be employed agency-to-agency, showing that their cloud environment meets minimum security requirements. In theory, this should reduce some of the administrative burden on providers and the government alike.

The government has the building blocks in place to transform its IT infrastructure, but as Mike explains, some core issues must be addressed for federal IT reform to reach its full potential.

Tracy Carlin is a Communications and Public Policy Intern at SIIA. She is also a first year graduate student at Georgetown University’s Communication, Culture and Technology program where she focuses on intersections in education, video games and gender.

1. Meeting Federal Security Requirements
2. Obtaining guidance
3. Acquiring knowledge and expertise
4. Certifying and accrediting vendors
5. Ensuring data portability and interoperability
6. Overcoming cultural barriers
7. Procuring services on a consumption (on-demand) basis

Addressing these issues is key to effectively implementing cloud computing broadly across the federal government, a goal SIIA fully supports. In fact, the recommendations track very closely with the recommendations made by SIIA in its whitepaper, Beyond the 25 Point Plan:  A Roadmap to Implementing Cloud Computing and Reforming Federal IT, released last month in conjunction with the 18-month anniversary of the 25 Plan and NIST Cloud Workshop V.

SIIA is pleased to see the continued focus of the Obama Administration on promoting IT as an enabler to reduce the cost of government and improve services to citizens.  We are also pleased that the GAO report found the same common issues facing federal agencies as were highlighted in our whitepaper.

SIIA’s whitepaper called for the consolidation of the guidance implementing Cloud First, Shared First/Shared Services and the Data Center Consolidation Initiative along with any future IT initiatives into a comprehensive IT roadmap.  If accomplished, this would go a long way to ensuring that agencies had clear guidance as they move forward with implementing cloud solutions.

The whitepaper also called for a continued focus on developing the IT acquisition workforce, breaking down cultural barriers that might hinder cloud adoption, making changes to the capital planning and IT acquisition regulations to allow acquisition to keep pace with technology and making sure the FedRAMP is open and functions effectively for all market participants.

The good news here is that the hardest part of solving a problem is identifying what it is.  Now that we have clear consensus on the challenges, we can continue to work together towards the solution. With this collective strength, federal IT leaders and leading IT companies can work together to comprehensively evolve the federal IT environment to catalyze government operations for the 21st Century.