Enable breadcrumbs token at /includes/pageheader.html.twig

Hitting the Hard Spots on the Road to Cloud

The U.S. government has released a road map to cloud computing that is designed to tackle some key issues, establish priorities and provide a clear path for government agencies and industry. The draft publication defines high-priority requirements for standards, official guidance and technology developments that need to be met for agencies to accelerate their migration of existing information technology systems to the cloud computing model.
By George I. Seffers, SIGNAL Magazine


U.S. Chief Information Officer Steve VanRoekel discusses cloud computing at a forum where the government road map was released.

A draft plan maps cloud computing priorities.

The U.S. government has released a road map to cloud computing that is designed to tackle some key issues, establish priorities and provide a clear path for government agencies and industry. The draft publication defines high-priority requirements for standards, official guidance and technology developments that need to be met for agencies to accelerate their migration of existing information technology systems to the cloud computing model.

Cloud computing represents a fundamental shift in information technology. It negates the need for federal agencies to own their own data infrastructure, eliminates the need to determine computing resource requirements upfront and offers a number of other benefits. On the other hand, it raises questions and presents challenges.

The National Institute of Standards and Technology (NIST) in November released for public comment a draft of two volumes of what will be a three-volume road map. The road map is designed to foster federal agencies’ adoption of cloud computing, support the private sector, improve the information available to decision makers and facilitate the continued development of the cloud computing model. The comment period ended in December, and the feedback will be incorporated into revisions, planning and additional guidance from NIST to be released this year.

“The goal is to figure out what the highest priority requirements are,” says Dawn Leaf, NIST senior executive for cloud computing. “There are many questions about cloud, and any time there’s an evolving or new technology, there’s a tendency to explore the same types of issues—interoperability, portability, security, maintainability and reliability. The primary question is: What are the hard spots for the U.S. government in cloud?”

Leaf cites security as one of the most challenging hard spots. With traditional computing, she explains, security largely is based on the logical and physical boundaries of the system, but that does not necessarily apply to a cloud environment. “The first thing we’ve done, traditionally, when we’ve started a certification and assessment process, is to look for the physical boundaries of the computer system. And many of the security tools, such as firewalls, intrusion detection systems, vulnerability scans and monitoring, all rely on these defined boundaries.” But, she says, in cloud computing, the same characteristics that give it its strengths—the capability to reduce costs, rapidly respond to service requirements, connect to cloud services from common devices, provide anytime, anywhere access and rapidly respond to capacity changes—also push against traditional system boundaries.

High-priority requirements for U.S. government
cloud computing adoption

International voluntary consensus-based interoperability, portability and security standards

Solutions for high-priority security requirements

Technical specifications to enable development of consistent, high-quality service-level agreements

Clearly and consistently categorized cloud services

Frameworks to support seamless implementation of federated community cloud environments

Technical security solutions, which are de-coupled from organizational policy decisions

Defined unique government regulatory requirements, technology gaps and solutions

Collaborative parallel strategic
"future cloud" development initiatives

Defined and implemented reliability design goals

Defined and implemented cloud service metrics


Federal agencies are not required by formal policy to follow the road map, but Leaf indicates that agencies are hungry for guidance. “If you attend cloud seminars and conferences, what you tend to see over and over is that  we talk about the subjects a lot, but we go round and round in circles. What we needed was to specifically identify what has to happen for the agencies to move forward so that we have something tangible to talk about,” she says. “The agencies are the ones using cloud computing to support the mission, so we’re not seeing a reluctance at all. To them, the road map is a tool.”

Volume I, High-Priority Requirements to Further USG Agency Cloud Computing Adoption, provides a general understanding and overview of the road map initiative, including: prioritized interoperability, portability and security requirements for advancing government cloud adoption; standards, guidelines and technology to satisfy those requirements; and a list of recommended priority action plans. “The road map gives government agencies a way to explicitly define what they need and to communicate that to industry. That’s volume one, which is the priority requirements for cloud computing,” Leaf elaborates.

Volume II, Useful Information for Cloud Adopters, is described by NIST officials as the nuts and bolts publication. It is a technical reference for those working on strategic and tactical cloud computing initiatives—whether they work in government agencies or not. The second volume integrates and summarizes the work completed to date and explains the assessment findings based on that work. “The second volume has some very practical technical help for cloud,” Leaf says. For example, the second volume asks industry to map its cloud services to the previously released reference architecture, making it easier for agencies to contrast and compare services from different vendors, she adds.

The road map receives high marks from some in industry. “It certainly is relevant to today’s market in that it sparks the requirements and areas of concern that cloud adopters need to focus on,” says Jeff Bergeron, chief technologist of the U.S. public sector for Hewlett-Packard (HP) Enterprise Services. “It categorizes each functional area that needs to be addressed. One of the most important, from an HP perspective, is the management of the federated cloud environment.”

Doug Chabot, vice president, principal solutions architect, QinetiQ North America, says the road map will allow government agencies to write more consistent requests for proposals (RFPs). “It helps agencies become smarter about how to issue RFPs for cloud services. That’s a big deal. In my opinion, there are some RFPs that have come out for cloud services that are very inconsistent in how they express the requirements. Having a standard for requesting those requirements is a good thing,” Chabot says.

The third volume, Technical Considerations for USG Cloud Computing Deployment Decisions, is under development as part of an interagency and public working group collaborative effort. It is intended as a guide for decision makers who are planning and implementing cloud computing solutions.

Much of the work that forms the basis for the road map has been completed through public working groups, which are open to industry, academia and government. Hundreds of people are registered in the five NIST Cloud Computing Working Groups established in November 2010.

Bergeron adds that the road map will help to keep the U.S. government and industry at the forefront of cloud computing in the international arena. “It sets the foundation for the framework that needs to be addressed in the global market. It helps the United States compete in the cloud global landscape,” Bergeron says.

The European Union, Japan, China and India all are investing heavily in cloud computing, which helps drive the economics of the cloud computing market, Leaf says. But she emphasizes cooperation more than competition. The United States already has been collaborating with other countries and will continue to do so, she reports. “Our most productive achievement in 2012 will be figuring out how these global cloud efforts fit with our road map so that we can avoid duplicative effort and move forward,” Leaf asserts. “Cloud computing is going to go forward, whether the U.S. government goes there or not.”

Still, the road map contains some shortfalls, and more guidance is needed, according to the QinetiQ executive. As one example, he explains that the government has yet to issue guidance on the business side of cloud computing—the cost model. “The road map doesn’t address the business case, the financial side of cloud computing, and that is something that needs to be addressed,” Chabot observes.

NIST does intend to issue further guidance sometime in 2012, including volume three of the road map and a special publication on the challenges and security deployments of cloud computing.

According to cliché, every cloud has a silver lining, and that is true of disagreement as well, Leaf points out. “Even if someone reads the road map and disagrees, that’s a positive thing because at least we know what we’re disagreeing about,” she says.

U.S. Federal Cloud Computing Strategy: http://bit.ly/uezysM
Cloud Computing Draft Road Map, Volume 1: http://1.usa.gov/tnUNo2
Cloud Computing Draft Road Map, Volume 2: http://1.usa.gov/sT9M4Q