Governments Embracing Cloud Models

By Paula Klein, TechWeb, published February 15, 2011

The U.S. space program’s computational research agency, NASA Ames, and the state of Utah appear to have little in common at first glance. But when it comes to cloud computing, the two government organizations are in sync.

Both strongly support the federal government’s call for cloud usage for new IT implementations. NASA has worked with several public-cloud providers to move applications out of the data center, as well as developing its own cloud infrastructure, the Nebula project, which it’s using in-house to supplement local computing resources. Utah, like many other states, is pursuing cloud options to save money at a time when budgets are especially tight.

NASA’s Cloud Mission

Chris C. Kemp, chief technology officer for IT at NASA in Mountain View, Calif., says he’d like to move even faster — especially into the public cloud — but several issues stymie his efforts. Chief among these are security and long-held mindsets and processes. For example, he says, “We support nearly 100,000 e-mail accounts on our internally hosted Exchange environment,” but e-mail is not NASA’s core focus. Kemp would like to offer “commodity services like e-mail on a public cloud to yield more efficiency.”

It’s part of Kemp’s job to get buy-in for such ideas despite a “large bureaucracy that operates by consensus. In addition to the internal politics, we have a responsibility to demonstrate application portability, security and interoperability with existing systems,” he says. While he expects this to happen over the next few years, the cloud industry overall is still the early stages, according to Kemp.

Utah CIO Steve Fletcher, who is also the immediate past president of the National Association of State CIOs (NASCIO), says many states — like federal agencies — face the challenge of pushing ahead with cloud hosting in spite of internal agency concerns.

In Utah, a Win-Win

Utah has been aggressively consolidating and virtualizing servers and data centers, and it has saved $4 million in hardware alone. It now operates two data centers instead of the previous 35, and offers services to state agencies, counties and cities on a shared-services, or internal-cloud, basis. “It’s a win-win,” he says. The state offsets its up-front capital expenses by charging local agencies for the IT services they receive but can’t afford to provide on their own. The state has also saved about 30 percent in software, personnel and energy savings.

Fletcher says that nearly 90 percent of the states are pursuing or considering cloud options, according to a NASCIO survey. Smaller states are more likely to adopt public hosting including data storage, e-mail or sales applications. Agencies most concerned about security — such as those dealing with health, safety or other sensitive data — are proceeding more slowly, he says.

At NASA, CTO Kemp is very mindful of regulatory requirements and the need for service providers and IT vendors to comply with government specifications. “Taxpayers expect NASA to keep copies and backup so we don’t lose data. It’s all about reducing risk,” he says.

Ramped-up Regulations

Currently, all government agencies have to comply with the Federal Information Security Management Act (FISMA), a national security standard for IT products and solutions deployed in the federal government. More recently, a newer standard, specifically aimed at cloud compliance, has been introduced. The Federal Risk and Authorization Management Program (FedRAMP) is designed to create security standards for the federal government’s use of the cloud; it may be deployed by the summer.

Utah’s Fletcher says states also adhere to federal standards, even though some vendors view these regulations as too specific and restrictive. “If they want to do business with us, they will learn how to play the game,” he says. And given the potential amount of business federal and state governments represent for service providers, the stakes seem too high to ignore.