Federal agencies' path to cloud computing remains unclear

Vendors disagree on how long it will take government to outsource apps and equipment, but agree concerns about security remains the primary obstacle.

Cloud computing services have matured and are ready for federal agencies to use, but incorporating them into everyday operations could take months or years, according to industry executives that offer the service.

Cloud computing refers to the practice of purchasing computer services that are stored and maintained by a third-party contractor, instead of housing all the equipment and software on-site. The Obama administration has made cloud computing a central piece of its technology agenda and has directed agencies to purchase information technology equipment and services with that in mind.

Representatives from some of the biggest cloud services vendors said on Tuesday that the technology is ready for agencies to adopt, but executives differed on how long it would take for government to make the transition.

Prasad Rampalli, vice president of Intel's architecture group, predicted it will take four to five years to develop a fully interoperable federation of clouds for the public sector. He said much of the time would be spent integrating existing government networks with remote storage facilities and ensuring the new arrangement would be secure.

"I have a jaded but practical view of what it will take, and it will be a longer journey," Rampalli said.

Werner Vogels, chief technology officer at Amazon.com, argued that some organizations already have begun integrating cloud services into enterprise frameworks.

Eran Feigenbaum, director of security at Google, said his company has experienced a high response to its Enterprise Gmail product, as more companies look to move their e-mail to the cloud.

Salesforce.com has seen clients start using cloud-hosted applications for fields such as case management, program management, grants management and economic development, said Dan Burton, senior vice president of global public policy at Salesforce. He said growth in the space is exploding not only with federal agencies, but also with state and local governments.

Burton said the federated cloud Rampalli described exists today because products managed by vendors such as Salesforce, Amazon and Google are interoperable. Rampalli said cloud interoperability is possible because vendors pay attention to other technology. It is imperative, however, to standardize and define a framework for open data centers so customers can move from one vendor to another rather than being trapped in the first platform they choose, he added.

Feigenbaum said the primary security issue for cloud computing is to send the message that cloud networks often are more secure than standard networks because they were built with security in mind from the start, rather than adding it on later.

Security remains the biggest barrier preventing agencies from adopting cloud services, said Dave McClure, associate administrator in the General Services Administration's Office of Citizen Services. He emphasized that compliance with information security laws is a basic step that vendors must take. Google is working on having its e-mail cloud program compliant with the 2002 Federal Information Security Management Act.

"There is no option to be either/or FISMA compliant," McClure said. "You must be."