Digital Discourse / Software Events / All About the Cloud

What is Next for US Federal Cloud Implementation?

February 15, 2012 By SIIA Leave a Comment

By Andras Szakal, vice president and chief technology officer for IBM U.S. Federal

The government is making steady progress in executing the reforms outlined in its 25-Point Plan, delivering many ahead of schedule. At the core of this is the shift to cloud-oriented shared services, which hold great promise for government. Avoiding the redundancy of having each department’s IT shop develop its own software for managing personnel or dealing with public-information requests accounts for nearly half the $932 million in IT savings it has identified through its TechStat program for reviewing IT.

New Federal Risk and Authorization Management Program (FedRAMP) security standards are an important step to make it easy for agencies to purchase cloud and other services from approved vendors. They outline ways to standardize security requirements and contract language for implementing cloud-based IT applications. But they are just that — an outline — rather than a detailed roadmap to cloud implementation.

To be sure, cloud won’t be a one size fits all approach when it comes to government implementation. In most cases, a combination of different approaches — private clouds, hybrid clouds and public clouds — should all be examined to determine which approach makes the most sense for the specific need that is being met.

Applications like e-mail, content management, and back-up have been relatively easy to move to the cloud. But using cloud architectures to improve core functions and make development of processes quicker, while reducing duplication of effort will require careful analysis of each application to determine the best migration path.

Functions that are common to many agencies are natural fits for a traditional cloud model, while unique, dedicated functions are often better managed in dedicated systems that allow the flexibility to adapt to underlying business flows. Law enforcement case management and intelligence analysis systems, for example, require unique capabilities and security needs, which require greater agency control and dedicated systems support.

In cases like these, it often makes sense to use virtualization technologies inside government data centers. Many government programs have security needs that are easier to secure internally. Agencies can achieve some of the cost-cutting benefits of cloud technology by adopting “private clouds,” which are easier to secure because information never moves outside of a dedicated data center.

The coming year is an exciting time for Federal IT, as FedRAMP and the move to shared services — whether in the form of public or private clouds — provide the structure that will help new projects for cost cutting take root, ultimately saving taxpayers money by helping government become more efficient.

Andras Szakal is participating in a panel on the U.S. Government’s efforts to reform and improve the operational efficiency of its massive IT infrastructure tomorrow at CloudGov.

Andras Szakal is responsible for IBM’s industry solution technology strategy in support of the U.S. Federal customer.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Government, Policy, Policy - Cloud Computing, Software Tagged With: ,

Reply to Chertoff: Do Not Let the Perfect be the Enemy of the Good on Privacy and the Cloud

February 10, 2012 By Mark MacCarthy Leave a Comment

In his recent op-ed (Cloud computing and the looming global privacy battle, February 9, 2012), Michael Chertoff properly worries about privacy in the cloud. But he’s wrong to think that all problems are equally important or that they all must be solved at once.

We shouldn’t wait for harmonized privacy regimes before making progress on cross border data flows. The priority going forward should be a system of clear and simple procedures that allow global companies to comply with substantively different privacy regimes. In the absence of simple compliance procedures, millions of dollars will be spent on unnecessary bureaucratic paper shuffling instead of on productive investments that can generate economic growth and jobs. Eliminating this waste must be a priority, especially given the worldwide economic challenges.

One way forward is through international agreements that put streamlined compliance procedures in place. To accomplish this, countries have to be willing to approve data transfers across borders when companies demonstrate that they are in compliance with local rules. Mechanisms adopted by the Asia Pacific Economic Cooperation group move in this direction. Proposals tabled in the Trans Pacific Partnership trade discussions also contain this key idea. And the European Union’s proposed data protection regulation provides that compliance can be based on contracts, binding corporate rules or codes of conduct approved by single EU member regulator.

Deep integration of privacy regimes is a worthy, but distant goal. Fostering interoperability and cross border data flows are urgent immediate needs. We shouldn’t let the perfect be the enemy of the good.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Policy, Policy - Privacy, Software Tagged With: ,

SIIA All About the Cloud Video Preview

January 6, 2012 By Katie Carlson Leave a Comment

Check out this video preview of what’s to come at SIIA’s All About the Cloud 2012.

Katie CarlsonKatie Carlson is Program Manager for the SIIA Software Division.

Share|
Filed Under: All About Mobile, All About the Cloud, Software Events Tagged With: , ,

SIIA Issue Brief: Native App or Web Site?

August 8, 2011 By Nate Philip Leave a Comment

Native App or Web Site?
Deciding Your Next Step in Mobile

Authored by:
Paul Moceri, Deloitte
David Smud, Deloitte
Daniel Vitulich, Deloitte
Nolan Wright, Appcelerator

The next installment in SIIA’s Issue Brief series discusses the wide variety of options to publish a free mobile app. The following quick reference chart covers a number of factors you should consider when choosing your route.

Download the complete paper for an in-depth review of these factors, along with use cases and more!

 

Share|
Filed Under: All About Mobile, All About the Cloud, Cloud Computing, Mobility, Software, Software Events Tagged With: , , , , , , , , , , , , , , , , , ,

Rhianna Collier Announces 2012 CODiE Nominations Now Open

August 8, 2011 By Laura Greenback Leave a Comment

Nominations are now open for the 2012 CODiE Awards – until October 7th. Nominate today and check out the 2012 CODiE website for more information.

Share|
Filed Under: All About the Cloud, CODiEs, Software

SIIA releases guide to cloud computing for policy makers

July 26, 2011 By David LeDuc Leave a Comment

Today, SIIA released an authoritative guide to cloud computing for policymakers. The white paper provides a roadmap for fostering the development of the cloud and harnessing its full economic potential.

Cloud computing doesn’t require legislation or regulation in order to safely and rapidly grow. In fact, cloud-specific regulations could impede the industry from realizing its full potential as a key economic engine. Policymakers should join with industry to foster best practices and see that they are properly enforced.

Cloud computing already provides a favorable environment for applying many security measures, it provides a strong engine for growth across businesses and regions around the world, and it can lead to greater choice and lower prices for consumers. SIIA encourages policymakers to promote open standards for software and data interoperability and embrace a global approach that allows for the unrestricted transfer of data across borders.

In order to reap the full economic benefits of cloud computing, policymakers should:

1. Avoid cloud-specific rules and policies, in favor of policies that apply broadly to a wide range of technologies and services, and those that maintain a level playing field for cloud computing and all approaches to remote computing and data storage.

2. Promote open standards for software and data interoperability and avoid policies that would favor one particular business model or technology over another.

3. Promote policies that allow to the greatest extent possible, unrestricted transfer of data across borders.

4. Encourage rules governing data to travel with the data in order to adequately recognize varying jurisdictional requirements, and ensure data subjects do not lose protection when their data is stored and processed in the cloud, or in any remote computing environment.

5. Avoid localization mandates, or any policies that would give preference to data processors using only local facilities or operating locally.

6. Seek interoperable privacy regimes in which countries recognize each other’s privacy rules to the greatest extent possible.

7. Embrace a global approach to cybersecurity that recognizes the global nature of interconnected systems and provides for data to be protected regardless of where it is located, and that seeks international consensus standards that avoid fragmented, unpredictable national requirements.

View the full report, or get the highlights in the executive summary.

Check out coverage in Post Tech and PC World.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Policy, Policy - Cloud Computing, Software, Software Events Tagged With: , ,

Debunking the Myths of Cloud Computing: Cloud Computing Is not Secure

June 21, 2011 By Mark MacCarthy 1 Comment

Cloud computing myth #1: “It isn’t secure”

In fact, cloud computing can deliver greater security at lower cost. As the Obama Administration recently said, “Cloud computing can reduce costs, increase security, and help the government take advantage of the latest private-sector innovations.” So why does the myth persist?

In cloud computing, a provider houses and processes the data outside of the facilities and administrative control of the enterprise that owns it. Contractual arrangements and guarantees have to substitute for institutional security measures. This puts a premium on the proper selection of the cloud provider, and that can be scary.

But finding the right cloud provider doesn’t create inherently greater security risks. In fact, storing and processing data in the cloud can increase information security, reduce risks of unauthorized access, and save information security resources.

It is true that storing information in a central place creates a greater incentive for hackers–Willie Sutton robbed banks because that’s where the money was. The more money in the bank vault, the more interested Willie would be. The same is true of information gold: large concentrations of valuable information attract thieves.

But precisely for that reason providers of large data centers take extra precautions. For private clouds, there is really no difference between a large amount of data stored on premises and the same amount stored in a remote facility. They both have to be protected and the safeguards are largely the same. In a public cloud where data from several customers are combined in the same facility, special administrative and physical controls are used to provide adequate protection.

The advantage of centralized data storage is economies of scale, as Darrell West pointed out at a recent Brookings Institution event on cybersecurity. The combined nature of computing resources in the cloud enables providers to enhance such key security techniques as prediction and detection of threats, and to provide for quick remediation through streamlined installation of solutions. A small company cannot afford to hire the best security experts or keep up with the latest and most expensive control technology. But a large data center can. For this reason, cloud storage for smaller companies is more secure than local storage.

There’s no question that providers of multi-tenant cloud architectures must take special precautions. But that is true in many industries. To meet the special needs of the payment card industry, the card networks developed the Payment Card Industry Data Security Standard (PCI DSS), which put in place specific requirements for those who store process or transmit cardholder data. The same can take place in the cloud industry pursuant to a variety of information security initiatives.

Some have thought that special security needs for an industry should mean special security laws for that industry. But that is a mistake. The payment card industry developed PCI DSS autonomously – with no involvement of regulators or legislators. Moreover, regulators should not be mandating specific standards because it can freeze innovation where it is needed most–in developing new techniques to protect data. For this reason, special security laws applicable only to the cloud environment are not necessary.

Can the cloud be new and scary from the point of view of information security? Yes. But it is important to locate the true source of the fears. It is not an intrinsic riskiness of the cloud environment. The cloud is as safe as or safer than on-premises computing. The real concern should be finding the right provider who can deliver the increased security that the cloud makes possible. The industry needs to develop mechanisms that can help cloud customers make this decision with a greater sense of confidence.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Government, Policy, Policy - Cloud Computing, Software, Software Events Tagged With: , ,
« Older Posts
CmTr