recommended reading

Federal agencies' path to cloud computing remains unclear

Cloud computing services have matured and are ready for federal agencies to use, but incorporating them into everyday operations could take months or years, according to industry executives that offer the service.

Cloud computing refers to the practice of purchasing computer services that are stored and maintained by a third-party contractor, instead of housing all the equipment and software on-site. The Obama administration has made cloud computing a central piece of its technology agenda and has directed agencies to purchase information technology equipment and services with that in mind.

Representatives from some of the biggest cloud services vendors said on Tuesday that the technology is ready for agencies to adopt, but executives differed on how long it would take for government to make the transition.

Prasad Rampalli, vice president of Intel's architecture group, predicted it will take four to five years to develop a fully interoperable federation of clouds for the public sector. He said much of the time would be spent integrating existing government networks with remote storage facilities and ensuring the new arrangement would be secure.

"I have a jaded but practical view of what it will take, and it will be a longer journey," Rampalli said.

Werner Vogels, chief technology officer at, argued that some organizations already have begun integrating cloud services into enterprise frameworks.

Eran Feigenbaum, director of security at Google, said his company has experienced a high response to its Enterprise Gmail product, as more companies look to move their e-mail to the cloud. has seen clients start using cloud-hosted applications for fields such as case management, program management, grants management and economic development, said Dan Burton, senior vice president of global public policy at Salesforce. He said growth in the space is exploding not only with federal agencies, but also with state and local governments.

Burton said the federated cloud Rampalli described exists today because products managed by vendors such as Salesforce, Amazon and Google are interoperable. Rampalli said cloud interoperability is possible because vendors pay attention to other technology. It is imperative, however, to standardize and define a framework for open data centers so customers can move from one vendor to another rather than being trapped in the first platform they choose, he added.

Feigenbaum said the primary security issue for cloud computing is to send the message that cloud networks often are more secure than standard networks because they were built with security in mind from the start, rather than adding it on later.

Security remains the biggest barrier preventing agencies from adopting cloud services, said Dave McClure, associate administrator in the General Services Administration's Office of Citizen Services. He emphasized that compliance with information security laws is a basic step that vendors must take. Google is working on having its e-mail cloud program compliant with the 2002 Federal Information Security Management Act.

"There is no option to be either/or FISMA compliant," McClure said. "You must be."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.