recommended reading

Agencies must set rules around cloud vendors' access to data, report says

The federal government is behind many states and businesses in its adoption of cloud computing, but it is on track to be one of the largest purchasers of cloud storage and could have an outsized effect on what commerce looks like in the still developing industry, a primer on best practices for government cloud contracts argues.

Contracting officers should insist, for example, that agreements with cloud providers include specific penalties such as a fine or service credit if any terms of the agreement aren't met, according to the document, "Creating Effective Cloud Computing Contracts for the Federal Government," which was released Friday.

Cloud contracts should be a collaborative project among acquisition officers, chief information officers and general counsels, the report said. They also should clearly define how much access cloud vendors will have to government data and the standards they will be expected to meet when dealing with that data, the report said.

The report was a joint project of the federal Chief Information Officers Council and the Chief Acquisition Officers Council.

Computer clouds essentially are large banks of ultramodern off-site servers that can pack information more efficiently than traditional in-house servers. Government customers can buy space in private sector computer clouds run by Microsoft, Amazon and other companies, much as they purchase other services or utilities -- paying only for the space they use. They also have begun storing data and programs in private government-only clouds, which can pack data more efficiently than traditional data centers.

The government initiated a cloud-first policy for new IT purchases in late 2010 and plans to move one-fourth of its $80 billion annual IT budget to the cloud by 2015, which officials say will save about $5 billion annually.

Officials have been slow to migrate sensitive government programs to the cloud, partly because of delays in implementing cloud security standards outlined in the Federal Risk and Authorization Management Program, or FedRAMP, which is slated to go live in June.

Agencies have moved several large programs, such as email, calendars and public-facing websites to the cloud.

They have been slower, though, to open up standard IT requests for proposals to cloud providers, Teresa Carlson, vice president of the global public sector at Amazon, a major public cloud provider, told Nextgov on Wednesday. Often, for instance, RFPs will require specific hardware, which typically puts cloud providers out of the running, she said.

As the cloud becomes more prevalent in government, Carlson said she expects RFPs will focus less on how new IT systems should look and more on what an agency expects it to accomplish.

"It's not that they're not making them cloud-friendly," she said. "It's just automatic. It's how they've always done things. Part of this really is educating the acquisition officials jointly with the people who have applications that run in the cloud."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.