Federal CIO says cloud security concerns are overblown.
The federal transition to cloud computing is an overlooked source of savings as the government battles over trillions of dollars in spending reductions, the leader of a Senate oversight subcommittee said this week.
A visibly weary Sen. Tom Carper, D-Del., was addressing a conference Wednesday on the future of government cloud computing and the consolidation of federal data centers amid tense negotiations over raising the limit on federal borrowing.
Carper, who is chairman of the Homeland Security and Governmental Affairs Federal Financial Management Subcommittee, listed cost savings from cloud computing as one of several initiatives that could save the government hundreds of billions of dollars annually but that had gotten lost in the acrimonious standoff over whether the deficit should be trimmed by cutting programs alone or by a combination of program cutting and revenue hikes.
He also cited efforts to cut Medicare overpayments and to dispose of unnecessary federal property in that list.
"There are four ways to reduce deficits or balance budgets," Carper said. "The first of those is to cut spending; that works. The second is to raise revenues; that works. The third is to grow the hell out of the economy; that works."
The last piece is the piece we don't often pay a lot of attention to," he continued. "My bumper sticker here is better results for less money. We need to look into every nook and cranny of the federal government and find better results for less money . . . One of the great ways you can provide better service for less money is to do IT well and to do it smart."
Federal Chief Information Officer Vivek Kundra has estimated the government can save about $5 billion annually by moving about one-fourth of its $80 billion annual IT portfolio into public, private or hybrid computer clouds.
Computer clouds are essentially large server farms that pack information together more tightly and nimbly than traditional data centers and that sell storage space like a utility with customers only paying for what they actually use.
Critics have worried that government information might be more vulnerable to hackers and other bad actors when it's in a public cloud or mushed together with other agencies' data in a private government cloud.
A report released Tuesday by the industry group TechAmerica Foundation found that trust was one of the major barriers to wider adoption of cloud computing in the government. The report recommended creating a set of internationally recognized standards and best practices for cloud computing.
A beginning point for those standards should be the Federal Risk and Authorization Management Program or FedRAMP, a standard authorization for government cloud vendors due out from the General Services Administration this fall, the report said.
Speaking at Wednesday's conference, Kundra said he thinks security concerns about the cloud transition have been exaggerated and that critics have paid too little heed to agency IT executives' common sense about what belongs in a private or public cloud and what doesn't.
"The reason, I think, that's been amplified, frankly, is because it preserves the status quo," Kundra said. "Look, the disruptions are real. We're saving a fortune."
"The question for us is what is the risk tolerance and does it make sense," he continued. "The problem before has been the federal government for some crazy reason tried to treat every IT system like it's a national security system and it's not . . . Recovery.gov [for instance] moved to the Amazon EC2 cloud. That's public data. There's no reason to build a fortress around that and treat it like it's a CIA or [National Security Agency] IT system."
Moving federal IT systems to the cloud is unlikely to mean a significant cut in jobs, Homeland Security Department CIO Richard Spires said during Wednesday's conference, because IT workers now managing legacy systems would be asked to develop programs that are more vital to agencies' operations.
"We want people working on supporting the agency's mission," he said, "on creating the functionality [agency] customers need."