Security, acquisition remain barriers for cloud computing

Centralized certification and expanded online purchasing would encourage agencies to embrace mobile platforms, analyst says.

Developing standards for buying and certifying cloud computing platforms will help agencies shift to the practice of purchasing network services that are stored and maintained by contractors, according to an analyst from a leading think tank in Washington.

In a report released on Wednesday, Darrell West, vice president and director of governance studies at the Brookings Institution, wrote centralizing the process for certifying cloud computing products and services, as well as expanding the General Services Administration's Apps.gov procurement tool, will push government to adopt mobile computing platforms.

The Obama administration is considering the cloud for "lots of reasons that basically boil down to cheaper, faster, greener," said David McClure, associate administrator of GSA's Office of Citizen Services and Innovative Technologies, during a panel discussion following the report's release.

Nearly $20 billion of the government's $76 billion information technology spending is devoted to hardware, software and storage, according to West. "The best accelerator may be the $1.4 trillion budget deficit," he said. "Everyone has to figure out ways to do more with less."

According to McClure, Apps.gov, a cloud computing storefront where agencies can purchase software as a service , a practice in which an agency buys the use of a software package over the Internet instead of purchasing and loading the software onto its own systems, will be updated in the next few months to include cloud infrastructure offerings. The additions will create more interest in cloud computing from agencies because it simplifies the acquisition process, he said.

Governmentwide contracts that leverage the federal government's vast buying power and a uniform security certification and accreditation process that applies similar standards to products across agencies will increase efficiency in rolling out cloud services, West said. The Federal Risk and Authorization Management Program, a multiagency initiative, announced this year offers services to certify that information systems used in cloud environments meet federal security guidelines, including continuous network monitoring. Such a clearinghouse could speed the certification and accreditation processes, he wrote.

Security in government is "terribly inefficient," said McClure, adding the certification process can cost an individual agency $150,000 per system or more. A strict centralized process should provide agencies the confidence they need to buy the products, he added.

The legislative and judicial branches fall behind when it comes to using cloud technologies, West said. For example, relaxing digital communications policies to allow the use of Skype and other collaboration tools, particularly in congressional offices, as well as modernizing the technology available in the judicial system to include cloud-based e-mail and online feedback forms, could increase the use of cloud services, he wrote.