FCB has gained some insight into what, exactly, is on Apps.gov and how you might be able to use the tools at your agency.
Dave McClure, Associate Administrator for Citizen Services and Administration at the General Services Administration, gave us some tips — and a lot of explanation — about the site.
On why Apps.gov is important
I think Apps.gov represents the beginning of the federal strategy of moving into the cloud computing environment. It is a beginning step. It’s not the complete solution. The idea is to put largely already available cloud software services up in an organized way on a portal that agencies can get quick access to, and cut through a difficult — and, instead, go through an easy — procurement process to bring those kinds of capabilities on board.
So, it’s largely focused right now on simple applications and we do have our terms of service posted for our social media apps that have gone through some vetting with government requirements for social media tools. Those are shown on the Web site, as well. Those are absolutely free products, as long as the agencies have come to a terms of agreement with the provider.
On some of the barriers of cloud computing
Well, it’s a relatively new area for the government. It actually is for everyone — not just government. There’s still, of course, concerns about security and protection of information in a cloud environment. There are, certainly, concerns about reconstitution of data — if I want to pick it up and move it somewhere else. The biggest issues beyond those technical things are cultural. Letting go of control of equipment and resources, and, instead, buying IT capability as a service. That’s a big culture shift for government.
I think a lot of it’s just control revolving around uncertainty of how this actually operates. One of the biggest issues is, honestly, what is cloud computing? It’s almost like getting economists together and asking what’s the state of the economy? You’re going to get different answers because there are different models, there are different ways of approaching cloud just within government, a hybrid between government and private sector, or pure public clouds. So, some of it stems from the confusion of what this really means and what it is. The other is just fear of the unknown. We’ve never been in this environment — what does it really mean to operate data that I’m accountable for and results that I’m being monitored for in an environment that I don’t have day to day control over.
On who’s responsible for security in the cloud
The short answer is, the assurances are still lie with the purchaser — with the agency. They have to make sure that FISMA requirements are being met. That NIST requirements are being met. The same certification processes have been adhered to by their provider. So you’re not letting go of security, you’re turning it into an exercise where you’re sure your provider is providing that level of security that’s necessary for the type of data that you’re processing and disseminating.
So, the onus doesn’t go away for the agency, but what it does mean is — how do I look inside a visualized data center to make sure that it’s being done? Who audits — who controls whether that certification is real? I think that’s some of the issues that we’re dealing with — is making sure that the standards are being met and that there’s concrete evidence that the data’s actually being protected.
On how cloud computing can save money
I think that’s an area of great interest — is the infrastructure space. We know that the greatest percentage of IT money in the government is spent on operations and maintenance of applications, particularly the hardware in the telecom and infrastructure side.
So, if we’re going to save significantly, we’ve got to reduce costs in those areas. That’s an area where cloud computing has already demonstrated that it can make a difference. Here at GSA, for example, USA.gov is being operated in a cloud environment and has been since May of this year. Already, we can point to tremendous cost savings and much more efficiency in terms of updating the site, flexibility if we need more computing capacity from spikes in user demand — a much more simplified setup from an operational perspective.
We still have a role to play.
We do still monitor what happens with the information. We still do have control over the content management systems, per se, in the application space. Not everything’s been completely turned over to a cloud provider, but the fact that we’re not running servers, we’re not actually doing the operations and maintenance on hardware frees up our developer and engineering time for thinking about next generation applications that we need to be doing to make that site cutting edge.
On how Apps.gov works with vendors
Each of the media providers have what they normally would call terms of service agreements. It’s what you’re clicking on when you’re at home on your own computer and you pull up a nice piece of interesting software. You say, hey I’d like to run that! But before you’re allowed access to it, or if it’s being run off of their server, or, alternatively, if you even downloaded it, you notice you always get that agreement that comes up. You’re asked to say, I accept this.
That’s essentially what a term of service agreement is. You’re agreeing to the terms and conditions on the use and placement of that software in your computer. So, what we’ve done with the terms of service agreements with media providers is to say, there’s certain things that we want you to adhere to if these products are used in the government space.
One, we don’t want your site loading up with advertising.
Two, we don’t want you collecting cookies that devolves personal identification information to you so that you can track someone. We want any legal matters — if there’s ever a dispute involving this software — done in a federal court, not a state court or a court that you the provider chooses because this is a federal application.
So that’s what the terms of service have carefully done — is to negotiate with the new media providers and say these are the special conditions that we want the application to abide by if it’s going to be used in a government environment. It’s basically a minimal set of agreements. Now, each agency — we suggest they take that and implement it as is, or to add to that other conditions they want. That’s what’s up on the Web site.
There are approximately 26 social media tools that have gone through that vetting process that we and agencies have vetted that meet the conditions for government use. There’s another 20 or 30 or so in the queue that we’re going through now and doing the same thing.
On what the future holds
Well, hopefully, you will find very fast more applications loading up for the software-as-a-service area in the business apps, productivity apps side, where those icons are. You should see a growing list of social media tools as more of these agreements are negotiated. The more new and exciting thing that you’ll see coming in the future is, we’re moving into the infrastructure-as-a-service space, where servers, hosting services and even hardware — infrastructure for processing — can be bought as a service through the storefront. So, that’s where we’re moving. Into the infrastructure provisioning, and eventually into platform provisioning after that.
To learn more about this interview, click here.
Is your agency working in the cloud? Or are you still waiting to make the move? Either way, the Federal Cloud Blog wants to hear from you!
Email Dorothy Ramienski: firstname.lastname@example.org.