Everywhere one turns these days, it seems we’re bumping into “the cloud.” Cloud computing, of course, has become one of the hottest trends around and shows no sign of abating. Hence it was no surprise that on September 15, Vivek Kundra, the Federal CIO, announced that the government was now also in a cloud. (No pun intended.) By unveiling www.apps.gov, run by the General Services Administration (GSA), the Federal government officially entered the space.
The pressure leading us to this point had been mounting. Some problems need the massive computing power and shared storage resources that only cloud computing can provide. In addition, we are well aware of the imperative for resources to be managed more efficiently in order to improve performance. These arrows pointing to the cloud led us to the realization long ago that it was not “whether” we would move but rather “when” it was going to happen. In government, of course, we have seen the Obama administration steadily advocating for modernization, openness and transparency, as well as pushing for enhanced performance. Hence, cloud computing has been a frequent topic of discussion within the federal IT community over the last few months.
We are most interested in seeing how business intelligence, analytics and knowledge management are starting to make their appearance in the cloud. For the public sector, especially the Federal government, there are a number of important considerations to take into account. First and foremost, there is still a major barrier for program executives to overcome: "fear of losing control of their infrastructure."
A few months ago I chaired a panel precisely on managing knowledge in the cloud with a focus on the public sector. Several experts joined me including: Susie Adams (CTO, Microsoft Federal), Jason R. Baron (Director of Litigation, National Archives and Records Administration), Teresa Bozzelli (Managing Director, IDC Government Insights) and Rod Fontecilla (Principal, Booz Allen Hamilton). It was very timely given the explosion of interest in the topic.
After introducing the panelists, positioning the issue and introducing the necessary definitions to create a common platform for discussion, we opened it up for questions from the audience. These started to flow in fast and furious.
At first, they dealt with the basics: What exactly is cloud computing? Why has it become such a big deal in IT these days? How does cloud computing relate to knowledge management?
But then they started to move to the more relevant: Why is it important to government? In order to land squarely in what everyone was there for: What are the challenges of knowledge management knowledge management (KM) in the cloud? If this is so important, why hasn’t it taken off yet in the Federal government? What foundational actions does the government need to take first for KM in the cloud to be adopted in government?
It got interesting very quickly, as you can imagine. But government being government, things are seldom easy. Let’s start with definitions. The National Institute of Standards and Technology (NIST) often serves as the definitive authority for technology definitions, procedures, guidelines and processes. So what is their official take for the cloud?
Cloud computing is a pay-per-use model for enabling convenient, on-demand network access to a shared pool of configurable and reliable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
This is followed by, “The cloud model is comprised of five key characteristics, three delivery models, and four deployment models.
” They then go on to elaborate for two more pages.
As with most other things, the government will often over-define a concept, frequently creating collateral difficulties as the words insert themselves into legislation and litigation.
Ultimately, the required attributes for a Federal computing cloud are fairly clear. It must be: secure, reliable, fair and transparent. Basically, it all boils down to trust. Can I trust to have my data in the cloud?
So now that www.apps.gov
is up and running, what’s going to happen? Will agencies do a mad rush to the cloud? Well, Kundra has made it clear that he wants action and fast. He has indicated that “Federal agencies should prepare to begin shifting their information technology systems by next year to the cloud,” and promised that the fiscal 2011 budget would “contain guidance for agencies about incorporating cloud solutions.”
He is nonetheless aware that it won’t be easy and has designed a plan to deploy cloud computing in three phases. The first focuses on simplifying purchases through www.apps.gov
. Second, the Federal budget process will be used to provide incentives. Last, and perhaps most important, there will be a focus on security by centralizing the security certification process. While I am not sure what the latter means, there are still several other security issues that will need to be dealt with at some point.
One of them is statutory. Jason Baron has pointed out – back to definitions and legislation – that the 1950 Federal Records Act defines a record and what that means with respect to storing it. He notes, “According to the law, the definition of a Federal record includes information created and received by government agencies that are in machine readable form, so anything electronic or digitally created and received in an agency is a record. The challenge is that whenever we are thinking about Web 2.0 and Cloud Computing, there is an institutional driver against parking these records beyond the traditional IT structure or using a web-based application to get at these records.”
Independently of centralization and certification, there are going to be significant tensions between public demands for transparency and what the law demands relative to secure archiving.
For example, what happens if ever an agency is involved with litigation and needs to comply with their e-discovery responsibilities? How does the cloud affect it then if these “records” are not under the agency’s direct control? Does the “archiving” agency – the cloud operator – have any direct liability or involvement? What would service level agreements have to look like to address it?
Another set of issues relate to whether a cloud service is totally compliant with privacy laws. And we’re not talking just of potential privacy violations through employee or customer data breaches as a result of online theft or negligence. Rather you have to consider that a private company only has to comply with a handful of statutes related to privacy protection, such as Sarbanes-Oxley (SOX) or the Health Insurance Portability and Accountability Act (HIPAA). Yet Federal agencies have to operate in a substantially more rigid environment and must comply with, at the very least, the Privacy Act of 1974, the E-Government Act of 2002, the Homeland Security Act of 2002 plus other applicable laws regarding privacy, civil rights, civil liberties and related Executive Orders. These statutes, for example, require every system operated in a Federal agency to have a Privacy Impact Statement (PIA) conducted and issued, as well as a system of record notice (SORN) published for any Federal system from which information is retrieved by the name of an individual or some other linked identifier.
In his White House blog, Federal CIO Kundra recognized the complexity and difficulty the government will face and admits, “We are just beginning this undertaking, and it will take time before we can realize the full potential of cloud computing…Along the way, we will need to address various issues related to security, privacy, information management and procurement to expand our cloud computing services.”
Right now if you go into Apps.gov
you will find four boxes that allow you to go into either: Business Apps, Productivity Apps, Cloud IT Services or Social Media Apps. Each one leads to a laundry list of packages to buy, including a very large number of them from Salesforce.com.
How about business intelligence
(BI)? Of course, there are several applications that are directly labeled as business intelligence. For example under the “Business Apps” category, there are business intelligence, dashboards and knowledge management offerings, among others. If you click on any one of those specific boxes, you will see a display of cloud software apps.
It will clearly assist in the purchasing process but not much else for the moment.
Well, at least the Federal cloud has been launched, and this is a good thing. We will monitor its progress and see how the cloud intersects with business intelligence in the federal space.
Recent articles by Dr. Ramon Barquin