FCC: Agencies need common cloud computing vision

Security concerns must be addressed as new technologies are adopted, broadband plan says.

Cloud computing can improve government efficiency, but federal agencies need coordinated guidance to address potential security pitfalls, according to a proposal from the Federal Communications Commission.

FCC's national broadband plan, presented to Congress on March 16, recommends the Office of Management and Budget supplement existing cloud-based projects -- in which shared software, applications and information are accessed through the Internet -- with a governmentwide strategy that takes into account security and privacy concerns.

"The federal government has pretty significant efforts going on, but one of the things we realized is that there were multiple flowers blooming and not a lot of guidance," said Eugene Huang, government operations director for the National Broadband Task Force, a panel of FCC officials, consultants and technology experts.

"We're not interested in shutting down innovative programs, but instead in saying, 'Look, these things represent some of the cutting edge of what is possible in terms of computing and data centers,' " he said. "At a minimum, OMB and [the General Services Administration] should continue accelerating efforts."

The plan cites GSA's Apps.gov, a central portal that allows agencies to purchase cloud-based information technology services from social media tools to virtual meeting software, and the Defense Department's internal Rapid Access Computing Environment as examples of successful cloud computing initiatives. Agencies that move to the cloud can reach savings between 50 percent and 67 percent, the plan says.

"Across the board, there's a general agreement that cloud computing has tremendous potential to drive down cost and improve delivery of government services," Huang said. "But there's a flip side -- before that potential is met, [we] have to deal with concerns like security that are still out there. If you are the federal government, do you want personal identifying information on cloud services operated by the private sector?"

The Federal Trade Commission and Microsoft Corp. were among respondents to a Nov. 18, 2009, FCC request for comments on broadband and government interoperability. Both raised concerns about the potential for security breaches when data is relocated from internal servers to a remote, centralized location. FTC also highlighted the importance of strong individual authentication processes to protect personal identifiable information.

The cloud computing recommendations have significant potential, Huang said. But, he added, though the task force consulted with agency and Obama administration officials, they did not write the plan. Administration officials said they will take ideas FCC's ideas into consideration as they move forward with a cloud computing strategy, according to Huang.

"We're not telling the executive branch 'You should embrace cloud computing 110 percent,' " he said, adding it was important to evaluate best practices and stakeholder input when considering the recommendations.

Federal Chief Information Officer Vivek Kundra presented the administration's cloud computing strategy in September 2009.

"Cloud computing will help to lower the cost of government operations while driving innovation within government by pooling IT resources and making government more efficient long term," said Jean Weinberg, OMB's deputy press secretary. "OMB has been working closely with the CIO Council, GSA and [National Institute of Standards and Technology] to advance cloud computing across the federal government while addressing key issues around security, data portability and interoperability. This undertaking is still in the early stages, and it will take time before the full potential of cloud computing can be realized."

Correction: The original version of this story mischaracterized GSA's response to a request for comment.