'Cloud' might be a tired buzzword, but in the federal technology space, the specifics of how cloud actually gets done aren't talked up enough, government cloud gurus say.
(Jozsef Bagota / Shutterstock)
When it comes to cloud and the federal government, talk isn’t cheap; it’s invaluable.
“Share what’s important about cloud,” the General Services Administration’s FedRAMP director Matt Goodrich urged his fellow feds. “Share what’s working for you.”
Knowledge is power, Goodrich said, “but it’s only powerful if you actually do something with it.”
But how?
The topic took center stage at the Advanced Technology Academic Research Center’s (ATARC) July 23 Federal Cloud Computing Summit.
“It’s sad that we still kind of do word of mouth” for cloud service provider recommendations, noted Leo Wong, CISO for the USDA’s Food and Nutrition Service. An informal, inefficient network of feds shares their experiences with specific cloud vendors – though the process remains rather hushed.
“There are agencies coming to me saying, ‘What is NIST using [for cloud]?’” said Michaela Iorga, cloud computing technical lead at NIST. She can’t give out cloud providers’ names, however, for fear that her name-dropping would be perceived as an official endorsement of certain providers.
Iorga said NIST has tried in the past to wrangle working groups to talk frankly about specific cloud vendors and the particular challenges and solutions agencies worked through with them. The working group “dissolved,” however, because of “a lack of dynamic conversation.”
Now, years into the widespread federal adoption of cloud, Iorga said NIST is hoping to resurrect the working groups to provide those who are still considering the leap to cloud an opportunity to learn from those who have already made the jump.
“Not everything needs to be protected,” advised USDA’s Wong. “Start small.”
He and Goodrich both advised pushing non-critical data to the cloud while keeping highly sensitive material close at hand (Goodrich repeated his garden-hose-versus-tennis-bracelet analogy).
Others were more expansive.
“We believe that cloud service providers can provide better economies of scale for security than we can with our limited staff,” said FCC Deputy CIO John Skudlarek, wholeheartedly endorsing entrusting the right cloud providers with agency data.
Goodrich echoed Skudlarek’s trust in cloud (touting FedRAMP as the vehicle to achieve that level of trust), advised agencies not to consider themselves too “special” (and learn to work, whenever possible, within the standard offerings of a cloud provider), and reminded everyone that the cloud change is necessary and inevitable.
“He who rejects change is the architect of decay,” Goodrich said, quoting Harold Wilson. “When I look around federal IT, I see a lot of decay.”
NEXT STORY: Pictures from the stars, powered by cloud