Listen to the first part of our chat with Bruce Hart.
Hart is no stranger to the federal government, either. He served as Deputy CIO and then Deputy Director for Science and Technology for CIA before moving into the private sector.
Today we learn a bit about what he and his company are doing in the cloud for the government, as well as what your IT manager should know before making the move.
Helping the federal government
For GSA, we are hosting, on our enterprise cloud out of our network access point (NAP) . . . USA.gov and also Data.gov. Both are citizen-facing, federal public Web sites that provide more efficient access to federal information to citizens all over the country.
For the Library of Congress, what we do is a little different. We host what’s called myLOC.gov. It’s also a public-facing Web site, but we provide a higher level of services in a more traditional hosting sense. We provide for them something we call High V managed hosting. We do virtually everything end-to-end in a dedicated environment just for them.
Defining the cloud
one of the things about cloud is its ubiquity has created a circumstance where not everybody knows exactly what’s being talked about.
In Terremark’s terms, what we mean when we say cloud — our enterprise cloud is a service offering that basically is about compute power. It’s called infrastructure-as-a-service in federal terms.
There are also cloud definitions higher in the stack — platform-as-a-service, software-as-a-service. What we sell is computing power where a client buys the resource, rather than a server — a physical box — from us using virtualization technology across some transport layer — some kind of a network, often the Web.
They buy just the amount they need . . . And they can configure it within a matter of three to five minutes, create a virtual machine — a server that acts like a physical server; load their operating system on that; load their applications on the operating system; then they’re up and running.
What you should know and do before making the move
Federal IT decision makers tend to be, and I don’t mean for it to sound pejorative — server hoggers. (I used to be one myself). They like to have direct access to the hardware and the software upon which their mission is conveyed. It’s very important to them.
So, the first thing you have to do is give up that sense of immediate physical control and literally take advantage of the aspects of the cloud that are so powerful.
You also have to recognize that you’re working on virtual machines. While they actually feel like physical machines, they have their own inherent weaknesses which have to do with the fact that there are multiple [virtual systems] residing on a single physical box somewhere outside of your immediate control.
The controller for those virtual machines is essentially a piece of software in its own right — the hypervisor.
So, from a purely security point of view, if an attacker can get access to that physical machine and can control the hypervisor, there’s some prospect that he can control or work across all the virtual machines that exist on that physical box.
On Wednesday, we’ll learn more about how 21st century security could help mitigate such an attack and we’ll get perspective on why everyone in your office should learn about the cloud.