Cloud services coming to

November 16, 2010, the GSA’s cloud-based storefront, will soon offer storage, virtualization and Web hosting applications to government agencies.

Vendors with an infrastructure-as-a-service contract will provide their services on the website. will alleviate the federal IT strain on storage, computing power and website hosting. The new cloud infrastructure will also eliminate the need for agencies to allocate money toward those services. Instead, the agencies will be able to use the money they saved to improve efficiency and modernization. will have an on-demand, self-service that will allow agencies to use or stop using the features according to their needs on any given day.

Vendors must complete the certification and accreditation process at the Federal Information Security Management Act Moderate Impact Data security level before their products can be offered on

Once they are approved, agencies can purchase their services through the website’s storefront.

“Cloud computing services help to deliver on this administration’s commitment to provide better value for the American taxpayer by making government more efficient,” Federal CIO Vivek Kundra said in a written statement.

Kundra says cloud computing helps to reduce the cost of government operations and also drives innovation across the federal government.


The potential of the community cloud

August 11, 2010

Today we bring you the second part of our three part discussion with Mark White, principal with Deloitte Consulting LLP who works with both the firm’s Federal and Technology practices and CIO of Deloitte Consulting.

We continue our discussion about security in the cloud.

Public v. Private: Not always all that different

“If the conversation is about the use of public cloud, then the issues of security and privacy are potentially different from just internal or on premise IT. The point that we would make is that they are really mostly different in scale, not in kind. That is to say, they’re the same sorts of security issues or privacy issues that I would face with an internal system, I’m just facing them in a slightly different — in fact, potentially profoundly different — scale that is the public cloud. If that’s the case, then the same disciplines and techniques and tools that I’m using to solve those problems in my internal system are the same sorts that I’ll use to solve them in public cloud implementations. We are underway now to prove those at cloud scale.

The claim would be that the difference between public cloud and a private cloud, or just a plain old in-house IT, is one more of scale than of kind with regards to security and privacy. There is one caveat to that that I would raise as a particular exception, which is the cardinality of the connection. By that I mean, how many different people can add information and access information? For those public cloud services . . . that are essentially retail in nature — so I’m reaching out to the constituency . . . [and] have a lot of consumer users — there’s an interesting difference. It is unusual for me to have an internal system with a lot of consumer users that is not already a demilitarized zone or a more secured part of my infrastructure.

So, that is one difference in kind that does require some thinking — what are our clients doing? The first thing is that we’re seeing very cautious adoption of public cloud by the federal user. Obviously, is a great start on that. You’ll note that the majority of those [apps] are at the edge of the mission, so they’re a little bit safer because they’re not at the core of a mission, though I would argue that email or messaging technologies might be a little more core than we otherwise might think. . . . The adoption of public cloud by the federal user is relatively cautious and, for the most part, at the edge of the back office, not the core ERP, not the core mission information technology. There are exceptions that can be found in multiple cases but, for the most part, that’s true.

I believe that our federal clients are much more interested in private cloud possibilities. That is to say, to use the disciplines of virtualization, automation, IT services management to drive efficiency and effectiveness in their internal capabilities — so internal cloud, private cloud. That’s actually well and good, because that literally is taking the disciplines and the good stewardship that have been going on [with] data center consolidation, server virtualization, storage optimization, operations automation — that’s just taking that to the next level and presenting it to the mission user as a service catalogue that can be subscribed effectively.

That’s great. It gets you good efficiency. It gets you good effectiveness, because it changes you to an IT services management shop. It avoids the security and privacy risks issues, because it keeps everything inside the trust zone. . . . What it doesn’t get is the economies of scale that public cloud offers. There are very few enterprises in the world that run enough machine images to get to the cost per machine image that an Amazon web service can get to, just as an example. But that may not be the important thing. The efficiency and the effectiveness may be valuable, and, in fact, they are. We’re seeing that close look at private cloud as a way that they are moving forward.

The potential of community clouds

So, now I’m speculating. Now I’ve moved from the realm of things that we can actually point to examples of and [see] momentum around, to things that I believe there is momentum toward. And this is the idea of the community cloud.

Again, as originally described by the GSA in the request for information they sent out, [which was] easily 18 months ago, if not two years ago. The way I characterize that is, a set of people with private cloud capabilities, discover others — other entities, other missions, other agencies — that have a sharable trust. So, we don’t have exactly the same trust zone, but we have a sharable trust — something that’s a common basis of a trust — that would allow us to club together, to assemble ourselves together. There are two or three reasons that might occur: one is in pursuit of a common mission. [For example], the federal, state, local and tribal mission around law enforcement.

A second reason that could happen is — if you think about it — if I am a private service provider of private cloud SaaS, there must be a subscriber of cloud services that is also in the enterprise. So, I have this service catalogue that I’ve created and my users are subscribing these services and doing good things, and what we find out is that some of their counterparts in the mission . . . they are connecting operationally with others outside of my department or agency, and those others come back and say, ‘hey, could I subscribe those same services?’ So, an example of that is alerts and warnings. This idea of developing an alerts and warnings system for, for example, a natural disaster or other security event. A particular department or agency mission could have created one [and] by definition it’s subscribable by outside parties, so why wouldn’t we allow our partners in another department to subscribe that same service.

That goes on all the time now, it’s just done under inter-agency agreements. What we believe is, as agency ‘A’ — who has the alerts and warnings solution — and agency ‘B’ — with whom they work regularly and would like to subscribe it — as those two agencies themselves are offering private clouds, when they begin to do those exchanges, they’ll do them as cloud services. So, you’ll discover that I have services you’d like to subscribe, I’ll discover you have services I’d like to subscribe [and] suddenly we’re in community cloud.”

Next: Advice about letting go of all the control.

GSA’s McClure describes new cloud RFQ

May 24, 2010

As Federal News Radio told you on Friday, the General Services Administration released a request for quote (RFQ) in order to put together a contract for infrastructure-as-a-service.

Fed Cloud Blog sat down with GSA’s Associate Administrator
of Citizen Services and Communications, Dave McClure, who talked with members of industry about the RFQ and the new contract at an ACT/IAC event at the end of April.

“I personally feel like we have to make sure we do solid outreach with industry to make sure that our instruments that we’re putting out for cloud services are in line with the way that they think we should be offering them. That was the purpose of the dialogue with industry. We did talk a little bit about the reasons for canceling the prior infrastructure-as-a-service RFQ. I just wanted to emphasize with them that we felt like the market had changed quite a bit since the initial offering, which had started up almost 12 months ago. Vendor engagement, vendor market offerings and vendor understanding of cloud has certainly matured quite a bit in the last 12 months, and the same thing has occurred on the agency side.”

As you probably remember, GSA first issued an RFQ for IaaS in July 2009, but canceled in this past February.

“The infrastructure-as-a-service offering was put out previously [and] was done in very close approximation to the software-as-a-service announcement, and the whole launching of the website. We knew this after the launch, but a valuable lesson that we learned was that there was great confusion in industry about which announcement covered what. There was confusion as to what they needed to reply to to get on schedule for the infrastructure, what they needed to do to get on schedule and get up on the storefront for software. We don’t have that problem [now]. The website is up, people understand the processes, so I think we’ve eliminated what was then a very confusing period for just announcing the storefront and announcing an infrastructure BPA all very, very much at the same time.”

This time around, McClure says several things will be different.

“We’re raising the security level to the moderate level. I think that’s where the public sector in general is headed — greater security in these cloud provisioning agreements. So, we’ve raised this up to the moderate level. I think that’s a significant improvement and difference from the prior RFQ. We also are making it much easier and clearer to map the industry offerings to the contract line items in this BPA instrument that we’re using. There was some confusion about whether specific services and prices for some of the industry offerings — how they’ve mapped to the contract line items in this BPA. We’ve gone back and actually cleaned that up and had conversations with industry on how that mapping process can work very effectively. So I think that will also create a much better instrument than what we had before. The third big difference is that things that are awarded off of this instrument will be candidates that will go into the FedRAMP centralized CNA approval process. I think that will make a difference, as well — knowing that your product or service will actually go through one CNA and then be usable across the entire government.”

Combination of private, public cloud could allay security concerns

April 29, 2010

Today we continue our conversation with Andrew Greenway, the Global Program Lead for Cloud Computing at Accenture, about their recent white paper regarding the six questions you should be asking if you’re looking at the cloud.

Greenway begins by talking about one of the biggest concerns — and potential pitfalls: security.

AG: I think probably if you talk to anyone in government, or in any organization, to be honest, about cloud, one of the first concerns or risks that comes up is around data security and data privacy. There’s a feeling that — the data’s out there, I’m not quite sure where it is — and that makes people feel uncomfortable, naturally.

Our view is, the way that that’s going to be addressed within government in particular is that, for the foreseeable future, they will use a combination of a private cloud . . . [one] created just for the government and existing within their firewall within the country, and then they’ll also have access to the public cloud. I think they’ll be very careful in thinking through which applications and which data they’re comfortable running inside the private cloud, and which they feel they really can put out into the public cloud.

I think managing that interface and how those two types of clouds work together will be key into delivering the benefits that I think are there, while maintaining confidence around data security and data privacy.

A lot of the technology really is not new. It’s there. It’s been around for awhile. I think it’s just a case of pulling that together now and organizing it in a way that meets all of those requirements.

FCB: What are some first steps [to take] if one is interested in trying to move . . . to the cloud?

AG: The first thing that I think the organization or government needs to do is to think about what it wants to achieve — if there are any new processes or new applications of computing which they would like to do and which, in the past they haven’t been able to afford. [Those] are probably very good candidates to think about cloud straight away as a potential way to do that in a cost-effective fashion.

I would encourage organizations to think about that and start piloting things. We know, for example, that the U.S. Government has launched, which is starting to do exactly that. They have a number of applications now up on that site which government departments can now tap into. . . . The idea is that, over time, more and more applications will be added. I see that growing and continuing to develop.

I think each government department needs to look at its requirements, the systems it has and the applications it needs, figure out which ones are suitable for the cloud, whether there’s a good cost benefit for moving or building something new in the cloud, and then taking a step by step approach to doing that.

I think in order to be successful, they really need to think through how they’re going to organize, whether it makes sense to have the cloud program done at the federal level, or at the local government level, or a combination of the two. I think it’s important that those decisions are made early on — and that once you’ve made those decisions, you make sure that everyone keeps to the rules. . . .

You could start to get more customer-centric processes building up where, for example, when [someone] has to change his address, he would just change it in one place, and then that would automatically be replicated across all government departments. Cloud computing, over time, I think is going to start making those sorts of processes much more feasible than they have been in the past.

I think also there are going to be some opportunities to use cloud computing for very data-intensive processes. A good example that we’re seeing in a number of industries is around analyzing data. You’ve got banks and banks of data [and] it’s not cost-effective today to go through and analyze and look for disparity in the data or whatever. But cloud computing makes that cost-effective.

So, for governments, looking for cases of fraud or claiming benefits more than once or those sorts of things, it could be a very cost-effective, powerful tool that may well prove applicable for things like that.

GSA: Expect changes to soon

March 25, 2010

Today in our weekly cloud news gathering:

  • Interior’s National Business Center is moving into the cloud. On Federal News Radio’s Ask the CIO this week, host Jason Miller talks with June Hartley, NBC’s chief information officer, who explains why her office is moving into the cloud and what challenges they have faced so far. Click on the audio at the top of the page to listen to the show.
  • The General Services Administration is updating Information Week reports that a number of changes are on the way, including a new information section, a revamped request for quotations for IaaS and a redesign of some of the user interface portions. The agency didn’t give a specific date, but said you can expect changes “soon”.
  • Also, NASA’s Nebula is growing and growing, and is being considered a cloud computing model. On Federal News Radio’s Federal Drive, hosts Tom Temin and Jane Norris talked with Chris Kemp, the Chief Information Officer of NASA Ames, who says the project is continuing to expand.

SpringCM, enterprise content management & the cloud

February 17, 2010

Today, Fed Cloud Blog brings you the first of a three part series with SpringCM, a company that specalizes in document management and workflow by providing SaaS enterprise content management.

FCB talked with Roger Bottum, vice president of marketing for SpringCM, and Steve Maier, vice president and general manager of the government solutions division at the company.

Bottum began by explaining that his company delivers what they call “high impact cloud solutions for documents in motion”.

We are a cloud solution for enterprise content management applications.

Our customers are typically implementing applications that involve content and document management applications, like case management, claims processing, bids and proposals — and some applications like correspondence management in the government, freedom of information act requests, those kinds of things.

Typically, [our customers] use what we do to help streamline inefficient document processes. . . . It’s really all about creating efficiency, driving down costs, increasing productivity and, in particular, what the cloud solution does is allow us to deliver, in days, what otherwise might take months or years to do at a fraction of the cost of traditional, on premise solutions.

Maier said what he finds interesting is that the federal government has really jumped on the bandwagon in terms of cloud over the past year or so.

With Vivek Kundra’s launch at FOSE last year and the introduction of the cloud storefront — all of those things are moving in the right direction, in my mind, for the government to do more in adopting cloud.

They do have a lot of work to do and we’re working to try to line up our product offering with what the government needs going forward.

I’ve been dealing with the government for 30 years. . . . The government is interesting because, given the size of their procurements and the things that they do, they’re a little hamstrung by the procurement process.

I don’t think there’s a shortfall in desire, but the procurement process is very much tuned to the status quo.

So, they have a hard time being nimble on the procurement side being able to switch gears and move to something like cloud.

For example, they’re very good at buying hard software packages and negotiating very large software purchases that they’re going to deploy internally.

Doing something similar with SaaS, which is not necessarily an asset purchase anymore, but is now a subscription service, requires that they reprogram their procurement process so it works more like FTS2000 than it does GSA Schedule 70.

That’s going to take them some time, because all of the things that they buy around telecomunication service has, bundled in it, all of those service level agreements [and] everything else.

So, I think that’s going to be their challenge over the next 12 to 24 months in trying to meet the government’s objectives in steering the IT organizations towards cloud.

Come back next week for more with SpringCM! Also, check back Friday when we bring you a cloud news roundup!

Federal government has leadership role in migration to cloud

January 26, 2010

Is the federal government out in front when it comes to moving to cloud computing?


Jeffrey M. Kaplan is Managing Director of THINKstrategies, Inc. and recently wrote an article about the adoption of cloud.

He told Fed Cloud Blog that he thinks cloud is going to become increasingly important in 2010 — and that the federal government has already taken a leadership role in this sphere.

Fed Cloud Blog: We read your article discussing cloud computing and one of the more interesting things was that you said, “Those who don’t make the move in 2010, will not only be left behind, but risk losing their jobs, as well.”

Talk a little bit about how this applies to the private sector — and do you think this is going to apply to the federal government, too?

Jeffrey Kaplan: It absolutely is.

So, let’s start with the overall thought behind this, and that is that, first of all, the cloud computing marketplace is evolving quite rapidly.

These Internet or Web-based alternatives are becoming truly viable alternatives or options for IT organizations to consider, as well as the business end-users that they may be supporting.

What we’ve seen is the evolution of this marketplace that began with the success of software-as-a-service, or alternatives to on-premise applications.

That effort was led by companies like in the CRM space, as well as Google with its Google Apps alternatives to Microsoft Office.

With the success of those applications has come a new generation of computing services and those have been driven by companies like Amazon with their Amazon Web services, which allow organizations to basically acquire computing power by the MIP or even by the hour.

That has become a very popular alternative to going out and actually purchasing more computing power that basically sits around in a data center someplace whether its being used or not.

So, in today’s tough economic times, it’s nice to have a more flexible option than the old way of having to go out and buy more and more product.

FCB: So, how will this effect employment?

JK: Well, it effects it in a number of ways.

There was actually an interesting article in The Boston Globe [recently] talking about the fundamental change in employment in the workplace, where more and more people are finding themselves working as freelancers rather than full time employees — and that the structure of the workplace is changing where more and more organizations prefer these kinds of freelancers, as opposed to making a commitment to a full time person.

The Web permits more people to take advantage of applications that were not at their disposal in the past.

They can now use, for their own personal purposes, as well as within more dispersed workplaces, to share information, to collaborate around business processes, and even to communicate more effectively between organizations.

FCB: [So] the stereotype is that the federal government is often behind when it comes to these sorts of IT developments. That’s not always the case . . . but there are some federal agencies that are really wary when it comes to doing this kind of stuff.

JK: Well, certainly there are, but the Obama administration has stated even before it came to office that it’s a firm proponent of cloud computing alternatives and it’s new CIO has really been driving that effort.

In fact, the federal government launched a Web site in the fall of 2009 — — which is a terrific site that includes an assortment of Web-based applications that various federal and government agencies — state and local, as well — can take advantage of.

But, it also has a tremendous amount of best practice information about cloud computing: what it means, how it can be deployed to meet organizational requirements, and, not only the benefits, but risks that have to be overcome in order to ensure that it’s properly secured and is reliable and is meeting organizational business objectives.

They also have, through [NIST], helped to define the meaning of cloud computing, which is one of those terms that means many things to many people.

So, in those regards, the federal government is actually playing a leadership role in the overall migration to cloud computing.

Look for part 2 of our chat with Kaplan coming later this week.