Posted by Teresa Carlson
Vice President, Microsoft Federal
(Cross-posted from the Microsoft FutureFed blog)
The National Institute of Standards and Technology (NIST) held an event last week that brought stakeholders in the federal IT community together to discuss cloud standards for data portability, interoperability, and security. It was called the Cloud Computing Forum & Workshop, and members of the Microsoft Federal team attended to brainstorm ideas on how we can best facilitate cloud adoption in the federal government.
Below is a great recap from Susie Adams, Microsoft’s Federal Civilian and IGO Chief Technology Officer.
Last week I attended the National Institute for Standards & Technology (NIST) Cloud Computing Forum and Workshop, and it was clearly a serious effort to kick off collaboration between government and industry to accelerate the use of cloud technology. Dr. Pat Gallagher, Director of NIST, believes that cloud computing can make the U.S. government “more effective, more efficient, and we believe more secure.” However, Dr. Gallagher indicated that the government is falling behind the private sector in adopting cloud services, and that he shares the concern of Vivek Kundra, Federal Chief Information Officer, that government does not offer citizens and employees online services as robust as the commercial services of Facebook, for example.
Vivek Kundra pointed out (and followed up in his blog) that the U.S. government spends $76 billion on over 10,000 systems that serve 300 million people, including 1.9 million federal employees. He was clear that he wanted that money to be spent efficiently, and those citizens and employees to be better served. While he applauded the success of a number of U.S. government and state cloud efforts, he was also clear that he wanted to move faster, and that standards were in his mind a key part of the acceleration.
An industry panel got a chance to tell the forum what it thought would accelerate government use of cloud computing—and the answer was clear: “Act like a big customer!” In other words, eliminating agency-to-agency differences would lead to rapid adoption and cheaper cloud use. NIST’s Chief Cyber-Security Advisor, Curt Barker, summarized the feedback from the industry panel.
What I heard was:
- Keep going with FedRamp (more on that later)
- Work for global norms on cloud security and privacy
- Keep a close coordination between industry and government
- Use cases that will drive a fact-based discussion of interoperability
- Focus on frameworks over specific standards
- Clarify the trust boundary in the cloud with special support for security
- Physical boundaries don’t work
- You need a new security environment that supports distributed Identity Authentication and Access
- Recognize that, if cryptographic key management is hard now, it will become really hard in the cloud (and it will be with us for a while).
- Don’t dumb-down security (and privacy) to promote the cloud
- Remember that it’s all about metrics and measure—another good area for standards
The rest of the day had the same tone: focused on finding and fixing the actual impediments to cloud computing for the government, with a genuine sense of inter-agency cooperation, led from the top.