recommended reading

Agencies must set rules around cloud vendors' access to data, report says

The federal government is behind many states and businesses in its adoption of cloud computing, but it is on track to be one of the largest purchasers of cloud storage and could have an outsized effect on what commerce looks like in the still developing industry, a primer on best practices for government cloud contracts argues.

Contracting officers should insist, for example, that agreements with cloud providers include specific penalties such as a fine or service credit if any terms of the agreement aren't met, according to the document, "Creating Effective Cloud Computing Contracts for the Federal Government," which was released Friday.

Cloud contracts should be a collaborative project among acquisition officers, chief information officers and general counsels, the report said. They also should clearly define how much access cloud vendors will have to government data and the standards they will be expected to meet when dealing with that data, the report said.

The report was a joint project of the federal Chief Information Officers Council and the Chief Acquisition Officers Council.

Computer clouds essentially are large banks of ultramodern off-site servers that can pack information more efficiently than traditional in-house servers. Government customers can buy space in private sector computer clouds run by Microsoft, Amazon and other companies, much as they purchase other services or utilities -- paying only for the space they use. They also have begun storing data and programs in private government-only clouds, which can pack data more efficiently than traditional data centers.

The government initiated a cloud-first policy for new IT purchases in late 2010 and plans to move one-fourth of its $80 billion annual IT budget to the cloud by 2015, which officials say will save about $5 billion annually.

Officials have been slow to migrate sensitive government programs to the cloud, partly because of delays in implementing cloud security standards outlined in the Federal Risk and Authorization Management Program, or FedRAMP, which is slated to go live in June.

Agencies have moved several large programs, such as email, calendars and public-facing websites to the cloud.

They have been slower, though, to open up standard IT requests for proposals to cloud providers, Teresa Carlson, vice president of the global public sector at Amazon, a major public cloud provider, told Nextgov on Wednesday. Often, for instance, RFPs will require specific hardware, which typically puts cloud providers out of the running, she said.

As the cloud becomes more prevalent in government, Carlson said she expects RFPs will focus less on how new IT systems should look and more on what an agency expects it to accomplish.

"It's not that they're not making them cloud-friendly," she said. "It's just automatic. It's how they've always done things. Part of this really is educating the acquisition officials jointly with the people who have applications that run in the cloud."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.