Monday, April 30, 2012

Secure Environment for Federal Government Cloud Pilot

How is the Federal government hoping to achieve the $12 Billion in projected annual savings?  This projection was quoted by the MeriTalk Cloud Computing Exchange and published today by Forbes.com, and it doesn't seem too optimistic given that the Federal government is already saving approximately $5.5 Billion per year.

These savings have been achieved by individual agencies adopting cloud solutions, but such organic growth will only go so far.  In order to expand this in a generic and scalable manner, the Federal government would need a secure environment to test the cloud and run pilot programs.

A Fire-fort?

Key features of such an environment:


1. Multi-provider provisioning and compliance
Agencies should be able to provision resources across cloud providers without having to worry about vendor lock-in.  This would require the use of a brokerage platform that enables auto provisioning across providers.  Monitoring would also be necessary to ensure the providers maintain SLA compliance, failing which they would be quarantined.

2. Fed certified cloud providers
The list of cloud providers should include those that are FedRAMP certified, or at least FISMA compliant.  Agencies should be able to compare providers side by side and pick the best-fit provider.  This requires standardization of cloud offerings and pricing models.

3. Integration with existing data centers private / hybrid clouds
Agencies should be able to interoperate between the cloud and their existing data centers and private clouds.  This provides a backup plan in case the cloud solution does not succeed.  For this feature, the test environment would need to be agnostic across VMware, Xen, Hyper-V, vCloud Director, etc.

4. Connectivity to existing security frameworks
The test environment should be integrated with the security frameworks currently used by the Federal government.  In this way, valuable resources need not be wasted in re-designing a security framework that is already very efficient.  Instead, resources can be assigned to enhance the existing framework with intrusion detection and intrusion prevention features.

5. Complete cost transparency
First of all, agencies should not be required to sign multi-year contracts with cloud providers.  Secondly, the cost of cloud services should be visible at the highest level so that budgets may be allocated based on resource requirement.  This allows complete auditability as well.

6. Recalibration based on historical data
Cloud usage data should be constantly correlated with cost to ensure that cost is minimized without impacting mission goals.  This requires the test environment to be powered by advanced analytics engines for continuous recalibration through command and control.

All the above features would need to be tested by the Federal government through a pilot program before executing any major cloud migration initiatives.  If successful, the test environment can then be established as the official government cloud portal which is bound to be successful because it has been built on NIST standards and governed through strict monitoring and compliance.