recommended reading

FCC: Agencies need common cloud computing vision

Cloud computing can improve government efficiency, but federal agencies need coordinated guidance to address potential security pitfalls, according to a proposal from the Federal Communications Commission.

FCC's national broadband plan, presented to Congress on March 16, recommends the Office of Management and Budget supplement existing cloud-based projects -- in which shared software, applications and information are accessed through the Internet -- with a governmentwide strategy that takes into account security and privacy concerns.

"The federal government has pretty significant efforts going on, but one of the things we realized is that there were multiple flowers blooming and not a lot of guidance," said Eugene Huang, government operations director for the National Broadband Task Force, a panel of FCC officials, consultants and technology experts.

"We're not interested in shutting down innovative programs, but instead in saying, 'Look, these things represent some of the cutting edge of what is possible in terms of computing and data centers,' " he said. "At a minimum, OMB and [the General Services Administration] should continue accelerating efforts."

The plan cites GSA's, a central portal that allows agencies to purchase cloud-based information technology services from social media tools to virtual meeting software, and the Defense Department's internal Rapid Access Computing Environment as examples of successful cloud computing initiatives. Agencies that move to the cloud can reach savings between 50 percent and 67 percent, the plan says.

"Across the board, there's a general agreement that cloud computing has tremendous potential to drive down cost and improve delivery of government services," Huang said. "But there's a flip side -- before that potential is met, [we] have to deal with concerns like security that are still out there. If you are the federal government, do you want personal identifying information on cloud services operated by the private sector?"

The Federal Trade Commission and Microsoft Corp. were among respondents to a Nov. 18, 2009, FCC request for comments on broadband and government interoperability. Both raised concerns about the potential for security breaches when data is relocated from internal servers to a remote, centralized location. FTC also highlighted the importance of strong individual authentication processes to protect personal identifiable information.

The cloud computing recommendations have significant potential, Huang said. But, he added, though the task force consulted with agency and Obama administration officials, they did not write the plan. Administration officials said they will take ideas FCC's ideas into consideration as they move forward with a cloud computing strategy, according to Huang.

"We're not telling the executive branch 'You should embrace cloud computing 110 percent,' " he said, adding it was important to evaluate best practices and stakeholder input when considering the recommendations.

Federal Chief Information Officer Vivek Kundra presented the administration's cloud computing strategy in September 2009.

"Cloud computing will help to lower the cost of government operations while driving innovation within government by pooling IT resources and making government more efficient long term," said Jean Weinberg, OMB's deputy press secretary. "OMB has been working closely with the CIO Council, GSA and [National Institute of Standards and Technology] to advance cloud computing across the federal government while addressing key issues around security, data portability and interoperability. This undertaking is still in the early stages, and it will take time before the full potential of cloud computing can be realized."

Correction: The original version of this story mischaracterized GSA's response to a request for comment.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.