Fed Cloud Roundup
There has been a lot of talk about the US government’s adoption of the cloud since the Administration changed a couple of years ago. Driven by the massive spend in the fed IT budget (> $70B a year!) and some key initiatives that clearly date the current federal IT platform … "its time for a change" … pardon the pun. But this isn't exactly new thinking. The UK has had the G-Cloud as part of the digital Britain initiative. In fact, the UK also has a pretty amazing IT budget of 15B pounds (24B dollars).
It’s interesting to watch the evolution of cloud thinking in the Administration, with several agencies taking on the challenge. DISA has been driving the adoption in the DoD with the Rapid Access Computing Environment (RACE), and more recently with initiatives like forge.mil. NASA, with Nebula which is in the process of transitioning from an internal IT project to a pre-release platform available agency-wide, and of course, the GSA's IaaS initiative, awarded to 11 teams just a couple of weeks ago. GSA IaaS will become the commercial platform to deliver cloud services to the government.
Carpathia Hosting is thrilled to be part of two of the eleven teams receiving the initial awards. The vision for GSA is government customers will simply be able to visit apps.gov and purchase cloud services in just the same way they would procure a mailbox or gain access to a SaaS application. The award has been split into three lots covering storage, webhosting and infrastructure. In fact, there is already a landing page -https://apps.gov/cloud/advantage/cloud/category_home.do?BV_UseBVCookie=Yes&c=IA
The award is just the start. The eleven teams must now meet the requirements of FedRAMP, focusing on a moderate impact system.
FedRAMP was also a big news story in the last couple of weeks. Today’s C&A process - be it DIACAP or FISMA - is very system-centric. Each system must complete a process resulting in an authority to operate (ATO) being issued. Every year a “lighter” version of the process is repeated to ensure continued compliance.
FedRAMP has two admirable goals at its core. The first is the idea that a platform - in this case an approved cloud - can gain accreditation. In theory, enabling a fast track approach to the systems deployed on the cloud can also receive accreditation (although specifics of this are still a little hazy). The second is to make compliance a continuous process vs. an annual event.
After spending some quality time with the FedRAMP draft issued this week, its pretty clear there is an ongoing struggle in defining between “old school” where it’s possible to wrap your arms around something cleanly, and “new school” consuming infrastructure on demand and disposing of it just as easily is commonplace. While there are several cases where the cloud “twitterrati” slam the standard, I'm looking at this in a different way. The glass is half full for me. NIST800.53 barely makes reference to virtualization, let alone shared delivery platforms. FedRAMP is a genuine step in the right direction.
As Vivek Kundra requests in his introduction, I'm very much looking forward to providing a "robust debate on the best path forward".
[ Authors ]
- Jon Greaves (44)
- Brian Winter (2)
- Carpathia Hosting (17)
- Paul Roberts (3)
- Teejay Riedl (5)
- Tim Burke (1)
- Rich Thompson (2)
[ Categories ]
[ Archives ]
Archives
- July 2012
- June 2012
- April 2012
- March 2012
- February 2012
- December 2011
- October 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- February 2010
- January 2010
- December 2009
- November 2009
- September 2009
- August 2009
- June 2009
- May 2009
- March 2009
- January 2009
- January 2008
Write a comment
Posts: 4
Reply #4 on : Tue September 11, 2012, 10:10:18
Posts: 4
Reply #3 on : Sun September 09, 2012, 23:12:03
Posts: 4
Reply #2 on : Sat September 08, 2012, 03:41:03
Posts: 4
Reply #1 on : Thu November 11, 2010, 10:13:48