Emma Garrison-Alexander is chief information officer at the Transportation Security Administration.
Today, she talks with Fed Cloud Blog about how her agency is looking at technologies like cloud computing and virtualization.
EGA: The Department — DHS — is looking at cloud computing, so as an individual CIO, I’m looking at cloud computing, but also, I’m collectively looking at cloud computing with the overall DHS CIO council.
When you start looking at some of the things that cloud computing can provide, like software-as-a-service or platform-as-a-service or infrastructure-as-a-service, those things are very important to me.
I believe we want to make very good use of all of our IT resources and we want to take advantage of technologies really to advance the mission.
These are the underpinnings — these are the types of technologies that really are not there for technology’s sake. We have technologies so we can enable missions.
I see virtualization — I see cloud computing — as key ingredients going forward in terms of advancing our network capabilities for the TSA mission.
FCB: We hear a lot about cloud computing around email and storage. Are you looking at specific areas . . . are you looking at cloud for the desktop or cloud for email or anywhere else?
EGA: We’re in the early stages, so what I’ll say is there are some specific efforts that I would say are in the very early stages. In my position right now, I am doing a lot of learning about cloud computing.
I’m looking at where we’ll fit in the near term, as well as looking at how we can better incorporate it in the long term.
I think cloud computing has come of age, as far as I’m concerned. I think that it’s a reality. It may not be implemented everywhere, but the possibilities are there and I think with some of the efforts that have been successful already across the federal government, I believe that we’re going to be able to take advantage of that.
We’re going to be able to learn from the work that’s being done by the Department of Energy. I think that’s extremely important. I think looking across the various efforts, I think that’s most applicable to the environment that I am in — the work that they’re actually doing.
I think the three big areas — IaaS, PaaS and SaaS — I have an interest in all of those. I think some of the efforts we see are the beginning stages. Email as a service, I think, is kind of a natural place to look. That is an area of interest to me here at TSA.
There are numerous definitions of cloud computing. So, just trying to get everybody on the same page and to mean the same thing when they talk about cloud is another issue that we’ll continue to address. I particularly like the NIST definition . . . because I believe [it] tells us what’s different about cloud computing and how we provide network services today.
FCB: The NIST definition [is] something that we hear a lot about. I think a lot of people are starting to [say] it’s pretty good, whether it’s a starting point or evolves over time. . . . Cybersecurity — there was a recent event where Treasury had some websites in the cloud and they got hacked. Does this cause you, as a CIO, any additional concern?
EGA: The cybersecurity aspect of cloud computing is very important, because when you start talking about cloud computing, you’re talking about private clouds, public clouds, community clouds and hybrids of all of those.
I believe in any scenario, cybersecurity and network security is a key ingredient. Those are areas that have to be addressed. Just like today, we have to address them with whatever architecture we’re using — we’ll have to do the same thing for cloud computing. [The Treasury incident] doesn’t cause me any more concern, because you can have breaches in any environment and with any technology that’s deployed.
I come from an environment where I have a very broad knowledge when it comes to cybersecurity and any time that there’s a breach in a government organization, it gets my attention . . . but with any architecture, you can have vulnerabilities and you can have security issues.
So, it’s not unique to cloud, it’s just one area that has to be addressed with cloud, just like we’ve had to address security issues as the Internet rolled out years ago and things became much more interconnected across the country and across the world.
I believe this goes along with any technology that you’re rolling out.
Hear more of Garrison-Alexander on Ask the CIO on Federal News Radio.