- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - It's no secret that agencies core to the U.S. government have a central plan -- known as Cloud First -- to move most operations toward a cloud computing service. In the process of course is a never-ending evaluation by other agencies to talk about how those cloud implementations are doing.
The Office of Management and Budget (OMB) issued the Cloud First policy in December 2010 which requires federal agencies to implement cloud services whenever a secure, reliable and cost-effective cloud option exists; and to have migrated three technology services to the cloud by June.
This week the Government Accountability Office issued a report on the overall progress of that plan and in the process found seven common challenges that the GAO said may end up impeding their ability to realize the expected benefits of cloud-based implementations.
From the GAO report, those seven common challenges include:
• Meeting federal security requirements: Cloud vendors may not be familiar with security requirements that are unique to government agencies, such as continuous monitoring and maintaining an inventory of systems. For example, State Department officials described their ability to monitor their systems in real time, which they said cloud service providers were unable to match. U.S. Treasury officials also explained that the Federal Information Security Management Act's requirement of maintaining a physical inventory is challenging in a cloud environment because the agency does not have insight into the provider's infrastructure and assets.
• Obtaining guidance: Existing federal guidance for using cloud services may be insufficient or incomplete. Agencies cited a number of areas where additional guidance is needed such as purchasing commodity IT and assessing Federal Information Security Management Act security levels.
• Acquiring knowledge and expertise: Agencies may not have the necessary tools or resources, such as expertise among staff, to implement cloud solutions. DHS officials explained that delivering cloud services without direct knowledge of the technologies has been difficult. Similarly, a Department of Health and Human Services official stated that teaching their staff an entirely new set of processes and tools — such as monitoring performance in a cloud environment — has been a challenge. For example, an HHS official noted that the 25-Point Plan required agencies to move to cloud-based solutions before guidance on how to implement it was available. As a result, some HHS operating divisions were reluctant to move to a cloud environment. In addition, Treasury officials noted confusion over National Institute of Standards and Technology definitions of the cloud deployment models, but noted that recent NIST guidance has been more stable.
• Certifying and accrediting vendors: Agencies may not have a mechanism for certifying that vendors meet standards for security, in part because the Federal Risk and Authorization Management Program had not yet reached initial operational capabilities.