Don’t fear the cloud, Kundra says

Fears about the security of cloud computing are exaggerated, Federal Chief Information Officer Vivek Kundra said at a forum on Capitol Hill last week.

“A lot of people are sort of driving this notion of fear around security,” Kundra said, according to Computer World. “And the reason I think that’s been amplified, frankly, is because it preserves the status quo.”

The conference was organized by Kundra and Sen. Tom Carper (D-Del.) to address the future of cloud computing in the federal government.

While security remains a major concern and, in some cases, a roadblock to public cloud adoption, agencies like the Department of Homeland Security are bucking the trend. DHS announced in May plans to move its public websites to the public cloud.

“I am a believer that we are going to, over the next few years, really solve a lot of the cybersecurity concerns that we have with cloud-based services,” DHS CIO Richard Spires said at the forum, according to Computer World.

Kundra also believes the shift to cloud computing will mean stiffer competition among government contractors. According to Federal Times, “Kundra said the administration wants to ‘introduce Darwinian pressure’ into the market to ensure that companies win government IT contracts because they provide greater efficiencies, not because they’ve mastered the procurement process.”

Saving money has been a major topic of conversation on Capitol Hill in recent weeks as lawmakers sparred over raising the debt ceiling.

During the forum, Sen. Carper said the use of cloud computing and smarter IT overall is one of the biggest ways to save money in government.

“We need to look into every nook and cranny of the federal government and find better results for less money . . . One of the great ways you can provide better service for less money is to do IT well and to do it smart,” Carper said, according to NextGov.

DHS sites headed to the public cloud

Some news coming out of the Management of Change Conference this week.

The Department of Homeland Security plans to issue the first task order under GSA’s infrastructure-as-a-service blanket purchase agreement.

Under the contract, DHS will move its public websites to a public cloud, according to Federal News Radio reporter Jason Miller, who attended the conference. It will start with the websites for FEMA and the Citizen and Immigration Service (CIS).

According to the draft RFQ, “The primary purpose of this acquisition is to establish the consolidated and integrated web service delivery capability for development/test, staging/pre-production and production platform that will streamline the migration, implementation and support of current and future DHS public-facing websites to the public cloud…In addition, this includes all work associated with Web hosting, virtual machines, storage and migration as well as application services to support DHS public websites.”

The agency expects bids to be due by May 26.

Read Jason’s story for more on what Richard Spires, CIO at DHS, had to say about his agency’s future use of the public cloud.

Navy, DHS, State make strides in the cloud

When it comes to reducing costs and wasteful spending at agencies, IT managers are being leaned on heavily to get the job done.

The Navy is moving ahead with its technology efficiency and consolidation initiative by putting the brakes on spending for new servers, server upgrades and data centers.

“We are reevaluating what all of our organizations want to do and why they want to do it, and is it consistent with our overall IT efficiency,” said Janice Haith, director of assessment and compliance for the Navy’s Information Dominance Directorate.

“Server purchases up to date may not have been efficient. They may not have bought servers that were sufficiently robust to handle virtualization. We need to do that. That may mean we have to buy some additional servers that can be virtualized, and some of our servers today are not in that state.”

Federal News Radio’s Jared Serbu reports, the Navy set some targets for virtualization as well. It directs each of the Navy’s 23 Echelon II organizations – the commands in the organizational chart directly below the office of the Chief of Naval Operations – to develop plans to increase virtualization by 40 to 80 percent, and server utilization by 50 to 80 percent.

Various civilian agencies are also making strides. At a recent AFCEA-Bethesda breakfast panel, the State Department said its goal is to reduce the number of data centers in the United States from 11 to 2 over the next few years.

Cindy Cassil, the agency’s director of systems integration in the CIO office, says part of the way her agency will do that is by getting buy-in from business owners by offering services on a private cloud.

“Right now we are offering infrastructure-as-a-service,” Cassil said. “We are trying to work around the political issue about people still wanting to maintain their applications. The IT staffs are very powerful. They really advise the business they need to be involved. Right now, I would say we have 99.9 percent cooperation with our business side because they really like our model at this point. We offer the platform and the storage, and it’s free to them if they come in and virtualize.”

DHS’s Deputy CIO Margie Graves also spoke at the event. Graves said her agency is creating a test and development environment similar to one developed by the Defense Information Systems Agency.

Federal News Radio’s Jason Miller reports, her office wants to make it easier for DHS components to do rapid application development in a cloud environment. DHS also is working on two other cloud test and development environments using IBM’s Websphere and one for open source.

TSA looks up at the cloud

Emma Garrison-Alexander is chief information officer at the Transportation Security Administration.

Today, she talks with Fed Cloud Blog about how her agency is looking at technologies like cloud computing and virtualization.

EGA: The Department — DHS — is looking at cloud computing, so as an individual CIO, I’m looking at cloud computing, but also, I’m collectively looking at cloud computing with the overall DHS CIO council.

When you start looking at some of the things that cloud computing can provide, like software-as-a-service or platform-as-a-service or infrastructure-as-a-service, those things are very important to me.

I believe we want to make very good use of all of our IT resources and we want to take advantage of technologies really to advance the mission.

These are the underpinnings — these are the types of technologies that really are not there for technology’s sake. We have technologies so we can enable missions.

I see virtualization — I see cloud computing — as key ingredients going forward in terms of advancing our network capabilities for the TSA mission.

FCB: We hear a lot about cloud computing around email and storage. Are you looking at specific areas . . . are you looking at cloud for the desktop or cloud for email or anywhere else?

EGA: We’re in the early stages, so what I’ll say is there are some specific efforts that I would say are in the very early stages. In my position right now, I am doing a lot of learning about cloud computing.

I’m looking at where we’ll fit in the near term, as well as looking at how we can better incorporate it in the long term.

I think cloud computing has come of age, as far as I’m concerned. I think that it’s a reality. It may not be implemented everywhere, but the possibilities are there and I think with some of the efforts that have been successful already across the federal government, I believe that we’re going to be able to take advantage of that.

We’re going to be able to learn from the work that’s being done by the Department of Energy. I think that’s extremely important. I think looking across the various efforts, I think that’s most applicable to the environment that I am in — the work that they’re actually doing.

I think the three big areas — IaaS, PaaS and SaaS — I have an interest in all of those. I think some of the efforts we see are the beginning stages. Email as a service, I think, is kind of a natural place to look. That is an area of interest to me here at TSA.

There are numerous definitions of cloud computing. So, just trying to get everybody on the same page and to mean the same thing when they talk about cloud is another issue that we’ll continue to address. I particularly like the NIST definition . . . because I believe [it] tells us what’s different about cloud computing and how we provide network services today.

FCB: The NIST definition [is] something that we hear a lot about. I think a lot of people are starting to [say] it’s pretty good, whether it’s a starting point or evolves over time. . . . Cybersecurity — there was a recent event where Treasury had some websites in the cloud and they got hacked. Does this cause you, as a CIO, any additional concern?

EGA: The cybersecurity aspect of cloud computing is very important, because when you start talking about cloud computing, you’re talking about private clouds, public clouds, community clouds and hybrids of all of those.

I believe in any scenario, cybersecurity and network security is a key ingredient. Those are areas that have to be addressed. Just like today, we have to address them with whatever architecture we’re using — we’ll have to do the same thing for cloud computing. [The Treasury incident] doesn’t cause me any more concern, because you can have breaches in any environment and with any technology that’s deployed.

I come from an environment where I have a very broad knowledge when it comes to cybersecurity and any time that there’s a breach in a government organization, it gets my attention . . . but with any architecture, you can have vulnerabilities and you can have security issues.

So, it’s not unique to cloud, it’s just one area that has to be addressed with cloud, just like we’ve had to address security issues as the Internet rolled out years ago and things became much more interconnected across the country and across the world.

I believe this goes along with any technology that you’re rolling out.

Hear more of Garrison-Alexander on Ask the CIO on Federal News Radio.

DHS using Networx to transition to private cloud

Listen to Michael C. Brown talking with moderator Chris Dorobek

---

The Department of Homeland Security is moving its managed service offerings under Networx to a private cloud.

In order to do this, DHS took its cues from the Social Security Administration, which is using a similar model.

At a recent lunch hosted by AFFIRM, Michael C. Brown, Executive Director of the IT Services Office at the Department of Homeland Security talked about how his office is accomplishing this and why they decided to make the move.

“We wanted both carrier and geographic redundancy for all the reasons that that might make sense and we did not have that pervasively throughout the department under the status quo, so this really was, again, a transformative opportunity in terms of capability.”

DHS has branded its WAN [wide area network] as OneNet, which is currently composed of 151,000 service elements and 5,000 sites.

In terms of design, Brown said that the way that telecommunications services are offered through Networx (and, previously, FTS2001) were very advantageous.

“There’s both an ability to centralize services. So, for example, we’ve centralized the fair opportunity across the department for [WAN] services and we’ve centralized the provisioning capability. At the same time, there are the very positive tools of distributed management. So, the designated agency representative capabilities — those ordering officials that are spread throughout the department and every other agency in the federal government, allow us then to execute the fair opportunity decision in a distributive way. It really brings a force multiplier to the game and allows each of our components to have a significant stake in a centralized solution.”

This, he noted, has many benefits including cost savings.

“The fair opportunity decision which we completed in May of 2008 was about $971 million in total value over the life — so very significant fair opportunity decision. I think that the work we undertook in the SOW [statement of work] arena was perhaps the most meaningful. We achieved a number of capabilities that we hadn’t had in the department before — but most challenging, perhaps, in developing an SOW of that size is bringing together the subject matter experts and sequestering them for a long enough period of time to create a real requirements package.”

He added that DHS is using Networx — and the private cloud — as an opportunity to transform the enterprise.

“As a young department, you can imagine that we’re working through a number of the consolidation kinds of activities that you might expect when you pull 22 agencies together. WANs are not the least of those. We’re having to roll those up into a single enterprise of wide area network. Networx presents exactly the right opportunity to cause that to happen.”

Listen to more of the presentation by clicking on the audio link at the top of the page.