When federal Chief Information Officer Vivek Kundra unveiled the government’s fixes for federal IT in the form of a 25-point overhaul of management and acquisition, the new cloud-first policy was one of the bullet points that had many tongues wagging.
But, while cloud computing has inspired much talk, many are now asking how to go about implementing the plan’s provisions?
It’s not an entirely academic exercise. The IT overhaul plan requires federal agencies to identify three “must-move” services and actually do in a year’s time.
So, what’s an agency to do?
Government Computer News reports that industry and government observers believe agencies should start with email.
Bruce Hart, chief operating officer for cloud-services provider Terremark, told GCN agencies should focus on programs that are already web-enabled, which will help them move more efficiently from data centers and servers to infrastructure-as-a-service platforms.
However, there may be a few gray skies ahead in terms of the cloud forecast.
That’s because there is some confusion surrounding cloud-security guidelines. Earlier this fall, the Office of Management and Budget unveiled new security guidelines, the Federal Risk and Authorization Management Program, known as FedRAMP.
Some, such as SANS Institute research director Alan Paller, have questioned what they see as inherent security weaknesses of the program.
However, Tom Soderstrom, chief technology officer of NASA’s Jet Propulsion Laboratory, which has implemented a cloud computing, told GovInfoSecurity the platform offers a new take on security.
“I really believe the cloud can be more secure than what we do today,” he said, because of the uniformity of making security fixes.