Joint Authorization Board will relieve much of the pressure on agency IT managers in choosing technologies for cloud applications
Federal agency officials who want to embrace cloud computing but who worry about security risks will benefit from a new joint authorization board for cloud computing, said Peter Mell, who serves as vice chair of the federal government’s Interagency Cloud Computing Advisory Council.
The joint authorization board, announced in a speech April 7 by federal Chief Information Officer Vivek Kundra, creates an important new mechanism for granting government-wide approval for agency cloud computing applications that can then be adopted by other agencies, he said.
“The lack of government wide authority is one of the biggest hurdles to cloud computing” facing the government, said Mell, a senior computer scientist with the National Institute of Standards and Technology. He spoke at Input's MarketView conference, held today in Falls Church, Va.,
In addition, Mell said, a new security requirements authority has been created to focus on broad security hurdles that must be overcome if agencies are to move forward with cloud computing initiatives.
The new joint authorization board will consist of the agency sponsoring a system’s government wide authorization and senior executives from the Department of Defense, the Department of Homeland Security and the General Services Administration, supported by technical staffs from each agency.
“The intent of the board is not take away authority from agencies, but to enable them,” Mell said. It would do that by identifying and reviewing cloud computing processes and applications submitted by sponsoring agencies. Once they’ve been authorized, they can be used as building blocks for other agencies, letting them focus on incremental applications, Mell said. It would still be up to agencies to choose whether to use the approved applications.
The joint authorization board also represents an attempt to reduce the duplicative work and spending by agencies each of which must certify common computing processes, especially for security measures under the Federal Information Security Management Act.
Kundra recently cited the example of the Department of State, which spent $133 million amassing a total of 95,000 pages of security documentation for about 150 major information technology systems.
Cloud computing models are still evolving. But the promise of on-demand computing services delivering software, infrastructure and development platforms over the Internet, the way utilities provide electricity, has federal officials looking for ways to reduce the dependence on agencies building dedicated systems. But even if agencies share computing platforms, they are still required to prove they comply with a thicket of statutory requirements. The joint authorization board would help agencies reduce the need for duplicative work.
Peter Tseronis, senior technical advisor at the Department of Energy, who chairs the Federal Cloud Computing Council, also spoke at the INPUT conference. He emphasized that “There's no one size fits all approach to cloud. Savings vary greatly.”
He suggested that agencies may still need more of a push if cloud computing is to get the jump start many believe is needed if government officials expect to see savings anytime soon. “I don’t know if there needs to be a mandate,” he said. “But I’d like to know more about what other agencies are doing with the cloud.”
John Garing, director for strategic planning and information at the Defense Information Systems Agency, added during a panel discussion with Mell, Tseronis and the Department of Labor’s Hamid Ouyachi, that for DISA, the primary imperative for cloud computing was building better services first and achieving economies of scale and cost savings second.