- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Federal agencies must be assured priority and uninterrupted access to public cloud resources before fully embracing the technology for national security and emergency response IT functions, a recent report finds.
The government's "Cloud First" policy mandates that as many applications and workloads be moved to the cloud as possible, but a report from the President's National Security Telecommunications Advisory Committee finds that cloud technologies related to service uptime, interoperability and security are largely not yet mature enough to handle some of the government's most sensitive workloads.
LESSONS LEARNED: The 7 most common challenges to cloud computing
SCIENCE CLOUD: Higgs boson researchers consider move to cloud computing
Will the federal government eventually move those national security and emergency preparedness (NS/EP) functions to the cloud? "If and when cloud computing can demonstrate a regime of policy, legal authority, security and oversight that is comparably rigorous, complete and trustworthy relative to those currently in place for NS/EP activities via legacy means, then the response is 'yes,'" the report states. But first, the cloud market needs to mature a little bit more.
No doubt there are benefits to embracing the cloud, the report states. Outsourcing IT functions to commercial cloud providers can reduce IT capital expenditures and the ability to scale up workloads creates more agility. But for NS/EP IT functions, cost savings are secondary. The priority is improved mission performance and being assured those resources are available during a national emergency. Downtime is unacceptable. "Fundamental requirements of NS/EP include a high degree of assured availability under any condition of stress; high measures of system and content integrity; confidentiality as required by specific missions; and mechanisms for priority access to resources in the performance of NS/EP functions," the report states.
The report's findings resonate as outages from major cloud providers have impacted customers in recent weeks. Amazon Web Services, for example, experienced a power outage during an electrical storm, knocking out service to some customers in late June. Salesforce.com, the major software-as-a-service (SaaS) provider, has had two outages in as many weeks.
The report lists some qualities of service level agreements (SLAs) that should be addressed for NS/EP functions to be moved to the public cloud. These include continuous monitoring of the cloud infrastructure by the provider, third-party audits, data encryption and various certifications and accreditations, including continuously evolving accreditation requirements from the Federal Risk and Authorization Management Program (FedRAMP).
Jamie Dos Santos, president of Terremark Federal Cloud and a member of the NSTAC, runs an infrastructure-as-a-service (IaaS) offering aimed specifically at public agencies and she says the government is in a unique position to push public cloud providers to meet the security standards needed to host NS/EP functions. She says it's a constant work in progress.