The Department of the Navy has issued two requests for information on data storage and cloud-based collaboration systems, including email. Navy, like so many other agencies, is looking for ways to cut its expenses through its IT spending.
According to Federal News Radio reporter Jared Serbu, the Navy’s Space and Naval Warfare Systems Command is contemplating “a public-private data center model to consolidate the dozens of facilities operated by the Navy and Marine Corps into a more rational footprint, as well as a commercial solution to cloud-based email and collaboration.”
It wants to explore software-as-a-service offerings that include email, word processing, spreadsheets, presentations and groupware, as well as audio and video chat, instant messaging, and calendaring.
Interested parties are asked to respond to the announcement by Aug. 29.
Anyone attending the recent ACT-IAC Executive Leadership Conference in Williamsburg, Va., can tell you there was some great information on the future of cloud computing in government being announced and discussed at the event.
This includes the news that the General Services Administration has issued a notice on FedBizOpps.gov for e-mail-as-a-service under the software-as-a-service platform.
Katie Lewin, director of GSA’s Cloud Computing Program, told those in attendance at the event the agency is also considering a platform-as-a-service offering. Lewin said the agency is working with the U.S. Geological Survey among others to create a geospatial information platform in the cloud.
“It is the natural candidate for cloud computing because you have massive amounts of geospatial data stored all over government,” Dave McClure told Federal News Radio’s Jason Miller. McClure is GSA’s associate administrator for Citizen Services and Innovative Technologies and will also be speaking at Monday’s industry day. “If we can create a platform that would allow it to be stored securely and for common use, and leverage that across the entire government, I think we could see some unbelievable cost savings in the geospatial areas.”
Lewin said a RFP for geospatial could come out later in 2011.
Federal Chief Information Officer Vivek Kundra also had news about the draft FedRAMP specifications and requirements. The requirements document will be out soon and can be found on both FedBizOpps.gov and the CIO Council website when it’s released.
FedRAMP is a voluntary government-wide approach for agencies to submit cloud-based services to get certified and accredited (C&A) for cybersecurity once and trusted and used many times.
Fed Cloud Blog sat down with GSA’s Associate Administrator
of Citizen Services and Communications, Dave McClure, who talked with members of industry about the RFQ and the new contract at an ACT/IAC event at the end of April.
“I personally feel like we have to make sure we do solid outreach with industry to make sure that our instruments that we’re putting out for cloud services are in line with the way that they think we should be offering them. That was the purpose of the dialogue with industry. We did talk a little bit about the reasons for canceling the prior infrastructure-as-a-service RFQ. I just wanted to emphasize with them that we felt like the market had changed quite a bit since the initial offering, which had started up almost 12 months ago. Vendor engagement, vendor market offerings and vendor understanding of cloud has certainly matured quite a bit in the last 12 months, and the same thing has occurred on the agency side.”
“The infrastructure-as-a-service offering was put out previously [and] was done in very close approximation to the software-as-a-service announcement, and the whole launching of the Apps.gov website. We knew this after the launch, but a valuable lesson that we learned was that there was great confusion in industry about which announcement covered what. There was confusion as to what they needed to reply to to get on schedule for the infrastructure, what they needed to do to get on schedule and get up on the apps.gov storefront for software. We don’t have that problem [now]. The website is up, people understand the processes, so I think we’ve eliminated what was then a very confusing period for just announcing the storefront and announcing an infrastructure BPA all very, very much at the same time.”
This time around, McClure says several things will be different.
“We’re raising the security level to the moderate level. I think that’s where the public sector in general is headed — greater security in these cloud provisioning agreements. So, we’ve raised this up to the moderate level. I think that’s a significant improvement and difference from the prior RFQ. We also are making it much easier and clearer to map the industry offerings to the contract line items in this BPA instrument that we’re using. There was some confusion about whether specific services and prices for some of the industry offerings — how they’ve mapped to the contract line items in this BPA. We’ve gone back and actually cleaned that up and had conversations with industry on how that mapping process can work very effectively. So I think that will also create a much better instrument than what we had before. The third big difference is that things that are awarded off of this instrument will be candidates that will go into the FedRAMP centralized CNA approval process. I think that will make a difference, as well — knowing that your product or service will actually go through one CNA and then be usable across the entire government.”
He told Fed Cloud Blog that he thinks cloud is going to become increasingly important in 2010 — and that the federal government has already taken a leadership role in this sphere.
Fed Cloud Blog: We read your article discussing cloud computing and one of the more interesting things was that you said, “Those who don’t make the move in 2010, will not only be left behind, but risk losing their jobs, as well.”
Talk a little bit about how this applies to the private sector — and do you think this is going to apply to the federal government, too?
Jeffrey Kaplan: It absolutely is.
So, let’s start with the overall thought behind this, and that is that, first of all, the cloud computing marketplace is evolving quite rapidly.
These Internet or Web-based alternatives are becoming truly viable alternatives or options for IT organizations to consider, as well as the business end-users that they may be supporting.
What we’ve seen is the evolution of this marketplace that began with the success of software-as-a-service, or alternatives to on-premise applications.
That effort was led by companies like SalesForce.com in the CRM space, as well as Google with its Google Apps alternatives to Microsoft Office.
With the success of those applications has come a new generation of computing services and those have been driven by companies like Amazon with their Amazon Web services, which allow organizations to basically acquire computing power by the MIP or even by the hour.
That has become a very popular alternative to going out and actually purchasing more computing power that basically sits around in a data center someplace whether its being used or not.
So, in today’s tough economic times, it’s nice to have a more flexible option than the old way of having to go out and buy more and more product.
FCB: So, how will this effect employment?
JK: Well, it effects it in a number of ways.
There was actually an interesting article in The Boston Globe [recently] talking about the fundamental change in employment in the workplace, where more and more people are finding themselves working as freelancers rather than full time employees — and that the structure of the workplace is changing where more and more organizations prefer these kinds of freelancers, as opposed to making a commitment to a full time person.
The Web permits more people to take advantage of applications that were not at their disposal in the past.
They can now use, for their own personal purposes, as well as within more dispersed workplaces, to share information, to collaborate around business processes, and even to communicate more effectively between organizations.
FCB: [So] the stereotype is that the federal government is often behind when it comes to these sorts of IT developments. That’s not always the case . . . but there are some federal agencies that are really wary when it comes to doing this kind of stuff.
JK: Well, certainly there are, but the Obama administration has stated even before it came to office that it’s a firm proponent of cloud computing alternatives and it’s new CIO has really been driving that effort.
In fact, the federal government launched a Web site in the fall of 2009 — Apps.gov — which is a terrific site that includes an assortment of Web-based applications that various federal and government agencies — state and local, as well — can take advantage of.
But, it also has a tremendous amount of best practice information about cloud computing: what it means, how it can be deployed to meet organizational requirements, and, not only the benefits, but risks that have to be overcome in order to ensure that it’s properly secured and is reliable and is meeting organizational business objectives.
They also have, through [NIST], helped to define the meaning of cloud computing, which is one of those terms that means many things to many people.
So, in those regards, the federal government is actually playing a leadership role in the overall migration to cloud computing.
Look for part 2 of our chat with Kaplan coming later this week.
Listen to the first half of our interview with VeriSign’s Adam Geller and Nick Piazzola.
Fed Cloud Blog has been bringing you interviews with various companies that are helping federal agencies move into the cloud.
Today and tomorrow we’ll talk with two representatives of VeriSign, a company that specializes in protecting data.
Adam Geller is their vice president of Enterprise & Government Authentication and Nick Piazzola is their vice president of Government Programs.
The two sit down with FCB and discuss more about the cloud.
On the definition of cloud computing
Nick Piazzola: I think our definition of cloud computing fits in the generalized definition that NIST has put forth about a shared set of digital computing resources — but, for us, it’s more specific in that we provide applications for specific shared computing services.
Adam Geller: And I would just add, from a cloud computing perspective, I think that it’s sort of a combination of a lot of different initiatives — or projects — that have caught on in the past: great computing, utility computing, software-as-a-service. They sort of all bundle up, but the characteristic that I would apply to cloud computing are terms, like on demand that’s going to be scalable; virtualized, leverage-existing service infrastructure — and generally it’s going to take something, package it up and offer it as an Internet-facing surface.
On why cloud has seemingly taken off in the past year
NP: I would say that, from VeriSign’s perspective of what we’ve been providing, we’ve been doing cloud computing for many years.
Actually, all of the services that we provide for the federal government today are some form of network-based, shared application services.
So, from our perspective, we’ve been doing cloud computing in that definition since our inception.
I think it’s in vogue now today for a variety of reasons, including the fact the feds themselves now have that part of the President’s initiative for common services . . . [and] shared services and they’ve labeled that cloud computing.
AG: Certainly at VeriSign we’ve been doing it since our inception, but I think what’s changed about it is that VeriSign and other people who’ve done cloud or service-based offerings in the past, I think they’ve been a little bit more point-solution based. We’re a cloud authentication solution, which is good, but it’s narrow and it’s for a specific use case.
I think what’s fundamentally changed the attitude around cloud computing is that there were a couple of killer apps, like SalesForce and some other solutions out there that were full on applications, or, really, full solutions to be provided for somebody, not just a point component of it, [but] being fully provided as a service. I think that’s what’s sort of changed people’s perspective.
Not only can you [now] get a point service, like an alarm monitoring service or a managed security service or authentication, like what we’re doing, you can all of a sudden take a full on application from start to finish and offer it as a service. That’s being commonly accepted now.
I think that’s what’s gotten everybody to push and realize there are lots of things that can be provided for in the cloud, but, of course, this also opens up lots of interesting security questions, which is where we focus.
What the CIO should consider before moving to the cloud
NP: I think the obvious things are that the kinds of security concerns that you would have about a service in the cloud are at least the same as what they are if you would provide that service on your own when hosting your own application. So, you need all the kinds of things, like authentication, confidentiality for your data, protection of privacy.
In addition, you have to worry about the reliability and availability of the service, [especially] if it’s going to be mission-critical applications.
What you have to recognize as a federal agency is that it may be possible that that cloud service could do that better than if you were doing it yourself.
I think that’s the thing that the management needs to understand. If they pick the right application and the right service provider, they’ll actually get enhanced availability for security than if they did it themselves.
AG: I think this is a really interesting part — or an interesting fork in the road.
You’ve got the early adopters — people quickly adopting services, but, again, since we focus on security, what we’re hearing and what we’re seeing with people — the cloud providers and the people who want to use them — is that enterprises (and government also) — built up over a number of years internal compliance programs to meet regulations, to meet guidelines. . . . They built their own compliance programs internally, and they’ve had control over all of their touch points.
What we’re seeing with people who have moved to cloud services [is that] that’s sort of lagging a little bit.
So, as an example, you may have a great password management policy for your internal applications that you can document, you can get on it again and people can feel comfortable that you’re living up to a certain policy.
When you change over to a cloud service, all of a sudden you may not have as many options or the ability to synchronize the two. There’s sort of a very interesting market emerging for services that can bridge the enterprise or the agency infrastructure to the cloud so that you’re not replicating the two and having to maintain, let’s say password policies or account creation and teardown in two separate locations.
I think this is going to become a real interesting area as the auditors, I think, have to get caught up. I think it’s a new thing to audit in that level of detail. Certainly, not auditing cloud providers — people have done that in the past — but now this is getting very specific because there’s a lot of data moving over and I think it’s going to open up some eyes when the policies that people worked so hard to set internally aren’t necessarily easily applicable to the cloud.
That gap is going to have to close.
Tomorrow: advice on closing that gap, as well as how VeriSign is helping federal agencies.