Recovery.gov discusses cloud success

In 2009, Recovery.gov was created as a way to follow the money being handed out through the American Recovery and Reinvestment Act.

Michael Wood, director of Recovery.gov, told Federal News Radio using the cloud has been a major contributing factor to the website’s success, starting with the redesign of Recovery.gov.

Amazon’s Elastic Compute Cloud was chosen to host the site during the redesign process.

“The big challenge for the federal government was would it be run in the U.S.? Amazon gave us some assurances it would be. So the servers that they’re using are in the U.S. and we moved to the cloud.”

The transition happened in record time. It only took about 12 weeks to move into the cloud. Wood admits however that his agency didn’t have as many security concerns as other agencies might have moving into the cloud.

Steal my data. I’m all about transparency. There is an advantage there. There are a lot of federal people that there are security concerns. There are privacy concerns. We had less of that so we had an advantage of being able to move very rapidly. But that’s been very, very successful. It gives us tremendous flexibility. You can spin up servers very quickly…If we need to change or if there’s a problem we can actually spin up a new server in about five minutes so that’s worked out very, very well.

The success of Recovery.gov could mean more federal websites just like it in the future. In fact, one has already been created and is being run by the Recovery Accountability and Transparency Board – the same group that runs Recovery.gov.

It’s called FederalTransparency.gov and was created as a way to track federal spending. Currently the site is tracking the grants given out under the Education Jobs Fund.

Listen to Michael Wood on Federal Tech Talk.

Cloud lovers converge at ‘Cloudstock’

What do you call hundreds of cloud developers stuck in a room together? Why, Cloudstock, of course.

A cloud computing technical conference – dubbed by some as “The Woodstock for Cloud Developers” took place in San Francisco this week.

Its mission was to “bring the top cloud developers and the top cloud technologies together under one roof, to learn from each other, collaborate, innovate, and drive the future of cloud computing,” according to the Cloudstock website.

The free conference sold out and featured 67 sessions, ranging from everything from understanding API activity to making money with Saas to the future of app deployment to business payments on the cloud.

Organizers live blogged throughout the day and had Tweets automatically filtering in on their site with the hashtag “cloudstock.” Cloudstock also had several demo stations, which highlighted some of the latest cloud technologies in action.

Another unique aspect of the conference was “The Cloudstock Hackathon,” which challenged developers to use their coding skills against one another and create solutions to bridge clouds.

The conference was hosted by force.com and Cloudstock partners included Google, Amazon web services, eBay, Yahoo, LinkedIn, Adobe and Paypal. Microsoft and its cloud computing services were noticeably absent from the conference.

Comparing cloud use in the U.S. and Europe

Who’s using cloud more — the U.S. or Europe? What are the biggest concerns when it comes to security on both sides of the Atlantic? Should you be developing a cloud strategy now, or should you wait until next year?

These are some of the questions that the Ponemon Institute and CA Technologies posed in a recent survey of IT professionals.

Today we talk with Larry Ponemon, chairman and founder of the Ponemon Institute, and Lena Leverti, vice president of products at CA Technologies, who explain their results for us.

LP: In our experience, there are a whole bunch of interesting security topics, but what seems to rise to the top of the security heap in terms of risk and potential problems is, in fact, the cloud computing environment, which is very quickly becoming the standard for organizations — not just small and medium sized companies — but much, much larger companies, as well.

LL: One of the key things is that, as companies start adopting cloud, they’re basically giving up some of the control that they have. When they technology is within their own organization, they control it directly, so one of the biggest hurdles that’s viewed around cloud adoption is definitely security.

FCB: Who did you survey and why did you pick that group or groups?

LP: Well, the appropriate groups for this study are folks in the IT community and, more specifically, people who know something about information security. When you do a study like this, you quickly find that people wear many hats, and so many of the respondents were IT practitioners, but every respondent at least touched some aspect of information security, including network security systems, and a whole bunch of other related areas of expertise. This study is not just the U.S. only; [it] was also conducted in tandem with a group of practitioners in Europe, as well. I think that actually generated some interesting differences between the two groups.

LL: There were about 600 folks that responded to the survey.

FCB: What were some of the key findings?

LP: Probably one of the most interesting and important findings is that the respondents — these IT practitioners in both the U.S. and Europe — basically don’t have confidence that their organization has the ability to secure data and applications that are presently deployed to the cloud. So, they basically see some very significant security risks that exist today and maybe loom large on the horizon. We also found that IT practitioners in the U.S. and Europe hold relatively similar views on the reasons why cloud computing is so fashionable and so popular and so important, because it’s really about cost savings, and it’s also about speed to deploying new applications. So, even though we may say, ‘gosh, there’s a huge security risk,’ the reality is that cost and speed to deployment are probably much more important to end users.

LL: And one of the biggest challenges that came out in the survey results was that half of the respondents basically said that they’re not aware of all of the computing resources deployed via the cloud in their organization today. So, if you’re not aware of it, you really can’t secure it.

FCB: One of the things that I noticed first and foremost is the fact that you define cloud computing. When you were talking to people in the U.S. and Europe, did you notice that there was maybe a difference in the definition of cloud computing?

LP: We expected that there would be differences, and, in fact, the perception of cloud computing and what a cloud computing environment is was pretty consistent — more consistent than our . . . expectation. But I will say that, in both the U.S. and Europe, there’s confusion about private clouds and what these really mean. Is a private cloud a more secure version of a public cloud? Or, is it just simply on-premise computing where you’re using extensive virtualization? So, if there is any confusion in the marketplace, it’s probably around the private cloud environment. But, public clouds are generally well understood and the definitions are generally agreed upon.

FCB: Speaking of differences across the pond, did you find any differences between who’s using cloud in the U.S. versus who’s using cloud in Europe, especially in terms of government entities?

LL: We did. Some of the [respondents] are, in fact from the public sector and public organizations, and it is clear that public sector organizations are using cloud computing resources, perhaps not to the same extent as commercial organizations, but definitely the trend is that the government is, in fact, a very large — and potentially larger — user of cloud computing resources, because obviously it’s about cost, and governments . . . are trying to control them. One way to do that is to make sure that [they are] using the most efficient technology. But, it does create that security risk. We did see some differences in the rates of deployment between the U.S. and Europe and, in fact, the rates of deployment in the U.S. are higher than Europe, generally speaking. That’s not just for software-as-a-service, but it’s also for platform services and infrastructure services.

FCB: Did you find any causation — why that might be — or did you just look at the numbers in terms of use.

LP: We tried to figure out why there were some differences between U.S. and European companies in terms of their deployment patterns. We think that, in the U.S., probably, cloud computing is just slightly more popular, and some of the providers — especially software-as-a-service — the big providers like Amazon, Google and SalesForce.com — they probably have a larger base of customers in the U.S. But, I think that difference is small and will probably be non-existent within the next 18 to 24 months.

FCB: Let’s talk a little bit more about security, because I noticed that you not only talked about cloud security and public cloud versus private cloud, but the responsibility for security — did you find any differences between who’s responsible for IT security in a U.S. organization versus in Europe? Or, is it kind of the same?

LL: With regards to the study results, it’s definitely shared, and the reality is, it has to be shared. Basically, when you look at the responsibilities for this type of an environment, there’s the provider themselves that has some level of responsibility and accountability, [and] the owner of the information is going to be held accountable regardless of any SLA in any type of agreement with the provider. At the end of the day, if a credit card provider puts their data in the hands of a partner, they’re still going to be held accountable, and history shows that’s definitely happened. So, the shared responsibility with IT, with the security folks, as well as the business line owner, which I think was a definite key finding in the study itself. The business owner also has a stake in this — and then, of course, the cloud provider.

FCB: What’s next? Is a report coming coming out of this study? What should we take from all of this data that you’ve put together?

LL: The study that we did was two-fold: it was for the consumers of cloud services, as well as the providers of cloud services. So, the study that we released was the first portion of that — for the consumers. We’ll be releasing the results of the study from the providers’ perspective, and then identifying some of the contrasts and so forth between the two.

FCB: Any wrap-up comments?

LP: We actually do believe that this issue of cloud computing from a security perspective is certainly not going away. The good news is that there are security technologies that are being developed and deployed that do reduce risk pretty substantially, caused by the change from on premises to cloud computing environments. So, it’s not all that bleak. There may be solutions in the future that will make that risk really negligible.

LL: Cloud security is definitely one of the areas that is viewed as high priority and, today, is viewed as a high risk area. I believe that technologies over the next year or so will definitely close the gaps [and] reduce the risks. One of the key things that organizations can do today and agencies can do today is clearly define a cloud security policy, whether it’s part of the security policy, I think it’s very important to just specify, from a cloud perspective, whether this policy applies in full or — here are the additional requirements and mandates for cloud security. That will help close that gap faster and reduce the risk significantly — just by creating awareness.

Food and Nutrition Service uses cloud to help people eat healthier

Jonathan Alboum is the chief information officer of the Agriculture Department’s Food and Nutrition Service.

He’s played a big role in the Apps for Healthy Kids program.

Today he tells us about how they’re looking at cloud computing and other Web 2.0 technologies in order to better serve their customers.

FCB: How are you guys implementing [2.0] at the Food and Nutrition Service?

JA: If you want to think about something like cloud computing — I know it’s a buzz word and there’s going to be pros and there’s going to be cons and evangelists and whatnot, but I think it has a lot of potential. We can cut down on having to build these servers and create an infrastructure to run our applications if we can leverage something the department has or another organization has conceptually. It’s going to to make my job easier and it’s going to help me be less focused on operations, because we’re kind of outsourcing that factor.

We have actually a good story, I think, around a recent application in cloud computing. We recently added a cool function to our website where people that are interested can go to the FNS website and go to the SNAP page and then use a tool we’ve developed to find all the retailers in a particular zip code or near an address that takes those benefits.

It’s a pretty complicated GIS solution and there’s lots of data involved. Instead of building the infrastructure to run this, we’re running it in the Amazon cloud. We were able to put it up there very quickly. We didn’t have to procure the servers. We were just buying a service from Amazon and it seems to be working very well. I think it’s a good model that we might follow again or other agencies can follow to host a fairly complex solution in a pretty short order.

FCB: The interesting thing about this is it’s a public facing site. It has public data on it, so really your risk from a security standpoint is low.

JA: We would think that it would be pretty low, so it was a good candidate to be hosted in this cloud. We were very comfortable with that decision.

FCB: One of the biggest challenges for all agencies with cloud computing is that security. What do we put in the cloud? You saw, for instance, recovery.gov go to the cloud earlier this year, and there’s a lot to do, but it’s a public website. It’s all public data. . . . You don’t ever want to get hacked, but that plays into your decision, we imagine, to a certain extent.

JA: It certainly does. Again, the starts kind of have to align and I don’t think that cloud computing is going to solve every problem that every CIO has, but it’s a tool that I think we need to consider as we’re evaluating different solutions.

Hear more of this conversation on Ask the CIO on Federal News Radio.

Friday cloud news round up: Cloud becoming more popular globally

Today in your cloud news round up:

• Red Hat has released several new cloud computing tools in what it calls its Cloud Foundation: Edition One. The Inquirer reports that the company said its customers can build private clouds using Red Hat Enterprise Virtualization or VMware ESX Server. They can run and manage their own cloud datacentres or use Red Hat certified public cloud services like Amazon EC2. Customers can also use Red Hat’s open source interoperable cloud architecture so they won’t be tied to a single cloud computing service provider’s stack. Red Hat claims Edition One is the first of several cloud offerings that will give its customers everything they’ll need to build and manage a private cloud software infrastructure.
• Two men who led one element of Amazon.com’s successful cloud-computing services have launched their own a start-up called Nimbula to focus on a private version of the technology, Cnet News reports. Cloud computing takes several forms, but Amazon Web Services generally delivers building blocks available over the Internet that developers can use to construct their own higher-level services. Nimbula, in contrast, focuses more on a “private cloud” approach geared for companies building their own computing services based on a similar but in-house approach.
• Cloud computing is growing in popularity. According to Manufacturing Computing Solutions, worldwide cloud services revenues are being forecast to reach a staggering $68.3 billion this year, a 16.6% increase from 2009 revenues. That prediction comes from analyst Gartner, which believes the industry is poised for very strong growth right through to 2014, as cloud computing and cloud services increase in popularity.
• And Lew Tucker, the former VP of cloud computing at Sun Microsystems, has been named the chief technology officer of cloud at Cisco. SearchCloudComputing.com has the details.

NASA JPL develops own cloud ‘brokering’ system

And now we wrap up our conversation about NASA’s JPL moving toward cloud computing.

In our final segment with guests Tom Soderstrom, IT CTO at NASA JPL and Khawaja Shams, senior solution architect at NASA JPL, they give us their final thoughts on the benefits of cloud.

TS: I would say there’s a couple of [benefits]. One is, in our industry we look at something we call the technology readiness level. It starts very early with an abstract idea — level 1 — and then when it’s operational, it becomes level 9. Now . . . we’re thinking about the cloud readiness level, so we’re getting JPL up the curve on this cloud readiness level, and we [had] a JPL cloud day — the first in a series. . . . Our overall goal is to run an application and the storage and the computing wherever it’s most appropriate.

So, the cloud for us gives us a new avenue, a new tier of options.

We’ll have our internal data centers with private clouds, we’ll use [a] community cloud . . . and then the ultimate goal is to [use] a public cloud. We have data in Amazon and Microsoft. We also have data in Google’s cloud.

To do that, we need some kind of cloud brokering, and we went out to industry and tried to buy it, frankly, but it doesn’t exist yet, so we’re creating it. We call it the Cloud Application Suitability Matrix — CASM — and that’s the set of questions that gives a score and assesses in which cloud this particular application is the most suitable to run. We think that’s going to be a big trend — this cloud brokering, if you will.

The partnering part, I can’t stress enough, how important it is for all of us in government and the private sector to just get started — to try it — because you learn a lot.

One unanticipated consequence is, of course, there’s a lot of excitement about the cloud, so you’re making connections and you’re making partnerships that otherwise would have taken a lot longer. We have very good relationships with lots of vendors and agencies.

The last piece, I would say, is . . . the CIO at JPL came up with this idea of replacing the procurement screen with a provisioning screen. That kind of says it all. We’re trying to give self-service to the users of IT so that they can get the computing they need when they need it, and turn it off when they need it, so we can spend less money on IT and more money on science.

The whole effort is to keep it real, and we did that from the very beginning and it’s proven very effective. It’s not an IT benefit, it’s a business of the institution benefit.

KS: One thing I’d like to add is, I know that a lot of institutions are very wary of security.

At JPL, instead of stopping to use the cloud because of security problems, we are trying to address the security problems and trying to create best practices and secure ways ot use the cloud without actually compromising the privacy or integrity of our data.

Our admission developers are working very closely with our office of the CIO and the IT security teams to make sure that we can leverage the benfits of the cloud without compromising our security.

TS: We think that the cloud could be more secure than what we do today, because it becomes, in many ways, more uniform so you can react to threats much more quickly and you can segment off things like denial of service attacks and keep going in a different part of the cloud. We have worked very closely with key vendors and cloud security teams . . . and the biggest obstacle, I would say, is going to come from the auditing function.

The auditing function needs to figure out how an application that used to run on one server in one data center now could [run] on multiple servers in multiple data centers. How do you audit that to make sure it’s secure? Until we can do that, we probably can’t go live with anything substantial.

So we’re working very closely with vendors and the auditors to facilitate that, be an early explorer and help industry in that area.

NASA JPL crowdsources with cloud

We continue our conversation about NASA’s JPL moving into the cloud.

Today, we start off discussing how President Barack Obama’s Open Government Initiative is influencing cloud at agencies — and whether or not cloud is helping JPL to comply.

Tom Soderstrom, the IT CTO at NASA JPL and Khawaja Shams, senior solution architect at NASA JPL tell us more.

TS: Essentially you can divide what we do in two ways. One is, it’s good for the mission. It makes us do better science. The other one is about communicating that to the public and getting the public excited. Our stockholders are the public. If the public wants to know more about space and science . . . it will go through the budget.

We’re very pleased to see that it’s a cloud and we’re big supporters of data.gov. We think it’s a fantastic idea — [where] you can get the data out at less cost and much more easily to the scientists and the public. So, we came up with this term . . . of citizen scientists. If they could get access to the data much more easily and quicker, they could maybe even help turn the wheels of science.

We worked with Microsoft using their Azure cloud on [a project] called Be a Martian. Citizens are able to do anything from tagging images online to creating programs that tag the images online. It’s a contest and . . . it’s been very successful. It’s a way of crowdsourcing and we took the images — 250,000 images from the Mars rovers Spirit and Opportunity — put them in the Azure cloud and gave the citizens access to it. It’s been terrific. We did the same thing with at EclipseCon.

KS: EclipseCon is a developer conference. Roughly a thousand or so developers worldwide attend each year in Santa Clara, and we held a contest there called the e4 Rover contest where we allowed developers to drive a mini robot around a Martian landscape basically that we had put together. We used this as an opportunity for public outreach, as well as to get developers to build interfaces to command the robot and view the telemetry that is coming back from the robot.

In order to run this contest, we needed a lot of infrastructure that we didn’t want to just go buy for this one week contest. So, we ran the entire contest on the Amazon cloud and leveraged a lot of the services that are very common to companies like Amazon and Microsoft and Google and we were able to get these for free and very quickly — services like load balancing . . . [and] getting computers running in multiple data centers, and services like the delivery of images to the operators that were, in this case, the developers. This project was actually quite successful and it made venues like Slashdot and Digg.

We ended up getting a lot of open source code back that we can go ahead and directly use to make very useable interfaces.

TS: What surprised us a little bit was the quality of the code that these developers came up with during the conference. It was 24 by 7 and Khawaja was there manning it, and the ways of lighting the road that the developers came up with were quite ingenious, including one on an iPhone. So, the crowdsourcing works both ways and we are quite excited about it.

Recovery.gov moves into the cloud

Recovery.gov has moved into a public cloud.

In a press release on Thursday, officials say the Recovery Board plans to redirect more than $1 million in computer equipment and software to its accountability mission to help identify fraud, waste, and abuse.

The Board’s main contractor, Smartronix, has chosen the Amazon’s Elastic Compute Cloud (EC2) service offering.

Officials say this move to the cloud will further help recovery.gov users without concern for the underlying data center and computer equipment.

Read Federal CIO’s Vivek Kundra’s blog post about the move.

Stay tuned for more!

Red Hat works in Deltacloud for improved solutions

A lot of CIOs are looking at cloud computing right now, but what’s best for them?

Red Hat is one company working to answer this question. They’re currently working on an open source cloud project called Deltacloud.

Gunnar Hellekson is chief technology strategist for Red Hat’s U.S. Public Sector Group and explains why they’re doing what they’re doing.

“In talking about standards and standards that emerge from working code, one of the projects that Red Hat is working on, which I think is really interesting and will probably be really interesting to government customers is Deltacloud.

“This is a means of providing a single, common interface to multiple cloud providers. You can have a single pane of glass that will be able to work with VMware cloud products, that will work with Red Hat cloud products, that will work with Amazon, and so on. This . . . is kind of a first step towards providing the kind of interoperability that customers are asking for — and also that these standards bodies are seeking.

“I think that it’s significant that this Deltacloud Project, which is already very, very successful, is actually done as an open source project. So, rather than having a single company try and guess at or work with a bunch of these cloud providers as new cloud providers come online, they can simply plug in their own code to this open source project and have it automatically work with everybody else.

“So, Deltacloud is kind of an exciting catalyst for the cooperation that we’re going to need in order to make cloud computing work.”

Hear more from Hellekson next week — and learn about how you can use open source for your cloud project.

Platform Computing and the cloud

Although we’re dealing with blizzard conditions here in D.C., Fed Cloud Blog continues to bring you useful info about cloud computing.

Today we talk with Randy Clark, CMO of Platform Computing.

He explains how they’re working with the federal government, and how they themselves are using cloud.

RC: Platform Computing has been a leader in distributed computing for years, and we create management software to management to manage clusters, grids and now clouds.

For the federal government we’re heavily involved in many of their grid initiatives.

Now we’re getting involved in their private cloud initiative.

Grids have traditionally been for HPC — high performance applications — and supporting those with a shared infrastructure.

Cloud is taking that evolution of distributed computing to the next step in allowing all types of applications — enterprise applications — to be put on a shared pool of resources.

Cloud is also making that pool more dynamic in nature so that it can flex up and down as the resources demand.

FCB: When you’re talking about enterprise, are you talking about maybe the payroll system? Talk a little about that.

RC: The opportunity with cloud computing is two-fold.

One is to save costs and costs can be saved by pooling different IT silos together to a more efficient pool of resources to be shared across different departments or applications or owners of those services.

The second opportunity that cloud provides is responsiveness.

So, the ability to get an IT environment very quickly. An example of that would be going to Amazon and using your credit card to get a pool of compute power.

That allows the government to move out of being IT people and move into the businesses and the services and the applications that they actually provide. It allows them to focus on that more.

So, in both cases, these clouds that we’re talking about are either private or public.

They’re internal or external and, typically, in almost all cases, they’re a hybrid of each of those, but these clouds are built over a period of time to support the specific needs, the specific applications of those departments.

FCB: In terms of building a hybrid cloud, are there special security concerns you have to deal with, because you’re not just in the private cloud [but] you’re not just in a public cloud. Talk a little bit about the challenges there.

RC: I think one of the benefits, or opportunities, with cloud is to share resources.

So, create, in effect, a larger, more efficient pool of resources that supports multiple departments or businesses.

The flip side to that is that it becomes more accessible and therefore security in government issues become more important.

Most of the activity we’re seeing are what I would characterize as private clouds.

Those are being deployed in conjunction with service providers integrators and even with those private clouds, once you start sharing across departments, security in governance becomes an issue.

FCB: Are you guys using cloud advantages at your company?

RC: We are.

We’re a software company so we primarily develop software.

We use a private cloud internally to support our test and development group, which has about probably 50 plus testers and developers that work on servers at this point.

Some of those are virtual machines and some are a cluster, in effect.

So, our platform cluster management product is at use internally.

So those developers share those resources and provision their application environments on that private cloud.