Cloud, cloud, everywhere there’s cloud

January 30, 2011

Wow. So much news about cloud, so little time. Good thing we have this blog, right?

Federal News Radio was busy covering news about cloud computing this week. We’ve gathered all of those stories here for easy access.

  • Army weeks away from enterprise e-mail rollout
    The Army will begin migrating employees to its new cloud-based e-mail system starting February 15. Federal News Radio reporter Jared Serbu reports testing for the Army’s new e-mail is almost complete. The Army expects the change will mean a significant savings in software licensing.

  • Behind the USDA cloud
    The cloud services offered by the U.S. Department of Agriculture have become quite popular among other federal agencies. Federal Tech Talk host John Gilroy talks with Jim Stevens, Acting Deputy Chief Information Officer for Business, Finance and Security about what the agency offers and how your agency can compare security of the various cloud options out there.

  • Exclusive: OMB uses budget to set cyber guidelines
    The administration’s recently announced cloud-first policy was one of several governmentwide provisions specifically mentioned in the annual IT budget passback guidance. In his exclusive report, Federal News Radio reporter Jason Miller says the “guidance also instructs agencies to consider the technologies that have been approved under the FEDRamp process.”

  • Microsoft announces new cloud computing option
    Microsoft has made its customer-relationship management application available online. The cloud version will be available worldwide beginning Feb. 28, 2011.

  • What will the Google bid protest mean for cloud?
    Off the Shelf host Roger Waldron talks with David Dowd, partner at Mayer Brown, about the Google/Microsoft/Interior Department cloud decision recently handed down. The Interior Department had been ordered to stay an award to Microsoft after a judge ruled it violated the Competition in Contracting Act and rules in the Federal Acquisition Regulations. Waldron and Dowd discuss the potential implications for agency requirements development and acquisition planning.

Microsoft gets FISMA certification

December 15, 2010
Google will soon be fighting for room on the cloud with rival Microsoft.

Microsoft recently received Federal Information Security Management Act certification for cloud computing data centers — about five months after Google gained approval.

“Meeting the requirements of FISMA is an important security requirement for U.S. Federal agencies,” Microsoft’s Senior Director of Risk and Compliance Mark Estberg wrote in a Dec. 2 Global Foundation Services blog post.

However, Microsoft’s hosted Exchange and Online services are still in the process of getting approved for FISMA certification.

Microsoft recently reworked its cloud services and renamed it “Office 365.” Office 365 is currently in beta form and includes Microsoft Office, SharePoint, Exchange, Lync Online and other services. Office 365 will be available beginning in the first half of next year.

And while Microsoft was celebrating its approval, the General Services Administration announced plans to become the first federal agency to move its email and collaboration tools to Google’s cloud-based service, Google Apps.

Microsoft said it was “disappointed” with the GSA’s selection.

“While we are disappointed we will not have the opportunity to meet the GSA’s internal messaging needs, we will continue to serve its productivity needs through the familiar experience of Microsoft Office and we look forward to understanding more about GSA’s selection criteria – especially around security and architecture,” Micrsoft wrote on its Why Microsoft blog.

Cloud lovers converge at ‘Cloudstock’

December 7, 2010
What do you call hundreds of cloud developers stuck in a room together? Why, Cloudstock, of course.
A cloud computing technical conference – dubbed by some as “The Woodstock for Cloud Developers” took place in San Francisco this week.
Its mission was to “bring the top cloud developers and the top cloud technologies together under one roof, to learn from each other, collaborate, innovate, and drive the future of cloud computing,” according to the Cloudstock website.

The free conference sold out and featured 67 sessions, ranging from everything from understanding API activity to making money with Saas to the future of app deployment to business payments on the cloud.

Organizers live blogged throughout the day and had Tweets automatically filtering in on their site with the hashtag “cloudstock.” Cloudstock also had several demo stations, which highlighted some of the latest cloud technologies in action.

Another unique aspect of the conference was “The Cloudstock Hackathon,” which challenged developers to use their coding skills against one another and create solutions to bridge clouds.

The conference was hosted by and Cloudstock partners included Google, Amazon web services, eBay, Yahoo, LinkedIn, Adobe and Paypal. Microsoft and its cloud computing services were noticeably absent from the conference.

Google Files Suit Against Interior Department

November 23, 2010

Google has filed a lawsuit against the Interior Department in an attempt to prevent the agency from going ahead with bid requests to host a cloud-based electronic messaging system.

According to a lawsuit filed in U.S. Court of Federal Claims, Google says they met with Interior Department officials on several occasions asking them to consider them and their “cost saving benefits” and assure them that Google’s applications could care for the agency’s needs.

Google maintains that the Interior Department’s request for quotations was written to prevent the company from competing because it required the system to include the Microsoft Business Productivity Online Suite.

In April of 2010 – after a year of communicating with the Interior Department about competing for the contract – Google says they were informed by Interior Department Chief Technology Officer William Corrington that a “path forward had already been chosen” for the service, and that there was no opportunity for Google to compete because it did not comply with Interior Department security requirements, according to the lawsuit.

The contract is estimated to pay $59 million over five years.

Google filed the lawsuit with its partner Onix Networking on Oct. 29.

According to the Wall Street Journal, Google and Microsoft are also competing for a contract to consolidate and modernize email at the General Services Administration.

NOAA pilots cloud solutions

August 17, 2010

Today, the FCB hears from Joe Klimavicz, chief information officer and director of high performance computing and communications at NOAA.

He tells us about some pilot programs they’re running in order to see if cloud is the correct solution for them.

“It’s a great, flexible, open environment allowing access and interoperability between the different environments, and [could reduce the] complexity and maintenance of our environment. I think that we’re helping a lot of organizations go through the FISMA certification and accreditation. So, I think that cloud computing is coming into its own.

We’ve run pilots with Google Apps, and also Microsoft’s BPOS — their Business Productivity Online Suite. We also have a pilot with Everbridge, the emergency notification system — and [we are] trying to make sure that during an emergency we can reach all of our employees. As scattered about the country as we are [with] a lot of planes and ships and remote [locations], that’s a challenge, but we think that that’s the way to go there.

Also, we’ve been working with GSA on the certification and accreditation, so we’re following what’s going on there. That’s been a big hurdle, I think, [but] it’s coming about. We understand where we need to be from a security perspective.

I also think that service level agreements that include exit strategies — I think everyone understands that once you get into the cloud, you need to make sure that you can get out or change your business model if that is necessary.

So, to me this makes sense. The technology is there. . . . [Our work] is all characterized as pilots. We’ve got a lot of innovative and creative folks at NOAA that tend to want to use state of the art technologies, and I don’t try to discourage that at all.

I think what we need to do is take advantage of all this technology and look at [it], and then it’s my job to sort through all the emerging technologies [and decide] which ones are real, [and] which ones can be supported in the long term to best meet our mission requirements.”

Hear more of Joe Klimavicz’s interview on Ask the CIO.

Comparing cloud use in the U.S. and Europe

August 5, 2010

Who’s using cloud more — the U.S. or Europe? What are the biggest concerns when it comes to security on both sides of the Atlantic? Should you be developing a cloud strategy now, or should you wait until next year?

These are some of the questions that the Ponemon Institute and CA Technologies posed in a recent survey of IT professionals.

Today we talk with Larry Ponemon, chairman and founder of the Ponemon Institute, and Lena Leverti, vice president of products at CA Technologies, who explain their results for us.

LP: In our experience, there are a whole bunch of interesting security topics, but what seems to rise to the top of the security heap in terms of risk and potential problems is, in fact, the cloud computing environment, which is very quickly becoming the standard for organizations — not just small and medium sized companies — but much, much larger companies, as well.

LL: One of the key things is that, as companies start adopting cloud, they’re basically giving up some of the control that they have. When they technology is within their own organization, they control it directly, so one of the biggest hurdles that’s viewed around cloud adoption is definitely security.

FCB: Who did you survey and why did you pick that group or groups?

LP: Well, the appropriate groups for this study are folks in the IT community and, more specifically, people who know something about information security. When you do a study like this, you quickly find that people wear many hats, and so many of the respondents were IT practitioners, but every respondent at least touched some aspect of information security, including network security systems, and a whole bunch of other related areas of expertise. This study is not just the U.S. only; [it] was also conducted in tandem with a group of practitioners in Europe, as well. I think that actually generated some interesting differences between the two groups.

LL: There were about 600 folks that responded to the survey.

FCB: What were some of the key findings?

LP: Probably one of the most interesting and important findings is that the respondents — these IT practitioners in both the U.S. and Europe — basically don’t have confidence that their organization has the ability to secure data and applications that are presently deployed to the cloud. So, they basically see some very significant security risks that exist today and maybe loom large on the horizon. We also found that IT practitioners in the U.S. and Europe hold relatively similar views on the reasons why cloud computing is so fashionable and so popular and so important, because it’s really about cost savings, and it’s also about speed to deploying new applications. So, even though we may say, ‘gosh, there’s a huge security risk,’ the reality is that cost and speed to deployment are probably much more important to end users.

LL: And one of the biggest challenges that came out in the survey results was that half of the respondents basically said that they’re not aware of all of the computing resources deployed via the cloud in their organization today. So, if you’re not aware of it, you really can’t secure it.

FCB: One of the things that I noticed first and foremost is the fact that you define cloud computing. When you were talking to people in the U.S. and Europe, did you notice that there was maybe a difference in the definition of cloud computing?

LP: We expected that there would be differences, and, in fact, the perception of cloud computing and what a cloud computing environment is was pretty consistent — more consistent than our . . . expectation. But I will say that, in both the U.S. and Europe, there’s confusion about private clouds and what these really mean. Is a private cloud a more secure version of a public cloud? Or, is it just simply on-premise computing where you’re using extensive virtualization? So, if there is any confusion in the marketplace, it’s probably around the private cloud environment. But, public clouds are generally well understood and the definitions are generally agreed upon.

FCB: Speaking of differences across the pond, did you find any differences between who’s using cloud in the U.S. versus who’s using cloud in Europe, especially in terms of government entities?

LL: We did. Some of the [respondents] are, in fact from the public sector and public organizations, and it is clear that public sector organizations are using cloud computing resources, perhaps not to the same extent as commercial organizations, but definitely the trend is that the government is, in fact, a very large — and potentially larger — user of cloud computing resources, because obviously it’s about cost, and governments . . . are trying to control them. One way to do that is to make sure that [they are] using the most efficient technology. But, it does create that security risk. We did see some differences in the rates of deployment between the U.S. and Europe and, in fact, the rates of deployment in the U.S. are higher than Europe, generally speaking. That’s not just for software-as-a-service, but it’s also for platform services and infrastructure services.

FCB: Did you find any causation — why that might be — or did you just look at the numbers in terms of use.

LP: We tried to figure out why there were some differences between U.S. and European companies in terms of their deployment patterns. We think that, in the U.S., probably, cloud computing is just slightly more popular, and some of the providers — especially software-as-a-service — the big providers like Amazon, Google and — they probably have a larger base of customers in the U.S. But, I think that difference is small and will probably be non-existent within the next 18 to 24 months.

FCB: Let’s talk a little bit more about security, because I noticed that you not only talked about cloud security and public cloud versus private cloud, but the responsibility for security — did you find any differences between who’s responsible for IT security in a U.S. organization versus in Europe? Or, is it kind of the same?

LL: With regards to the study results, it’s definitely shared, and the reality is, it has to be shared. Basically, when you look at the responsibilities for this type of an environment, there’s the provider themselves that has some level of responsibility and accountability, [and] the owner of the information is going to be held accountable regardless of any SLA in any type of agreement with the provider. At the end of the day, if a credit card provider puts their data in the hands of a partner, they’re still going to be held accountable, and history shows that’s definitely happened. So, the shared responsibility with IT, with the security folks, as well as the business line owner, which I think was a definite key finding in the study itself. The business owner also has a stake in this — and then, of course, the cloud provider.

FCB: What’s next? Is a report coming coming out of this study? What should we take from all of this data that you’ve put together?

LL: The study that we did was two-fold: it was for the consumers of cloud services, as well as the providers of cloud services. So, the study that we released was the first portion of that — for the consumers. We’ll be releasing the results of the study from the providers’ perspective, and then identifying some of the contrasts and so forth between the two.

FCB: Any wrap-up comments?

LP: We actually do believe that this issue of cloud computing from a security perspective is certainly not going away. The good news is that there are security technologies that are being developed and deployed that do reduce risk pretty substantially, caused by the change from on premises to cloud computing environments. So, it’s not all that bleak. There may be solutions in the future that will make that risk really negligible.

LL: Cloud security is definitely one of the areas that is viewed as high priority and, today, is viewed as a high risk area. I believe that technologies over the next year or so will definitely close the gaps [and] reduce the risks. One of the key things that organizations can do today and agencies can do today is clearly define a cloud security policy, whether it’s part of the security policy, I think it’s very important to just specify, from a cloud perspective, whether this policy applies in full or — here are the additional requirements and mandates for cloud security. That will help close that gap faster and reduce the risk significantly — just by creating awareness.

Friday cloud news round up

June 18, 2010

This week on the Friday cloud news round up:

  • You don’t need a cloud strategy. Randy Heffner, vice president and principal analyst at Forrester Research blogs about this in PC World. He argues that cloud might be important in the future, but creating a “cloud strategy” might not be necessary. He says CIOs should focus on business strategy, not IT strategy, and cloud should be just one part of an overall model.
  • Cloud is making a difference, albeit a small one. The largest representation of mini-cloud computing is small- and mid-sized businesses using commercial versions of Google Mail, Google Apps and other ad hoc or low-cost cloud-based applications. That according to an interview in NetworldWorld, which says that cloud’s greatest impact so far has been in focused, often small projects.
  • And, should cloud computing be more regulated? reports that IT research firm Ovum recently wrote a report about why there needs to be rules that govern cloud. It says that, “the benefits of the cloud — lower costs, a smaller data-center footprint and immediate access to multiple applications for a distributed, international workforce with minimal fuss — are also some things that can expose companies to degrees of risk.”

    Check back next week when we talk with Terremark and much more!