Cloud Computing Getting Cloudier

It’s getting crowded in the cloud.

More accurately, the field of people giving advice and cloud computing guidance outnumbers federal agencies that seem to be actually moving to cloud computing.

The most significant document in recent weeks came this week. The National Institute of Standards and Technology (NIST) issued the US Government Cloud Computing Technology Roadmap, Volume I, Release 1.0 (Draft). It isn’t easy going. Here’s one of six bullet points describing the purpose of the document. It’s to serve as “the mechanism to integrate and present analysis, findings and useful technical artifacts generated through the NIST Cloud Computing program public working groups, internal NIST Cloud Computing and related projects, and the NIST chaired Federal Cloud Computing Standards and Technology Working Group, along with referenced related and complimentary work that was reviewed and considered in the roadmap generation process.”

Got that?

Basically the document is a call for public comment and suggestions on ten requirements to make cloud computing kosher for the federal government. The requirements are:

• International voluntary, consensus-based interoperability, portability and security standards.
• High priority security requirements
• Technical specifications for high-quality service-level agreements
• Clear and consistently categorized cloud services
• Frameworks to support federated community clouds
• Technical security solutions de-coupled from organization policy
• Defined unique government requirements and solutions
• Collaborative parallel “future cloud” development initiatives
• Defined and implemented reliability design goals
• Defined and implemented cloud service metrics.

Some of this work, NIST expects, will take until 2015. The Roadmap makes cloud computing seem so far from shovel-ready as to be more of an abstraction than a policy that agencies can reasonably fulfill. On the other hand, NIST has been working intensively on a series of cloud workshops, technical reference architectures, definitions and case histories. So it’s not really starting from ground zero. Federal IT people - government and contractors - who really want to make cloud a serious business should read this document.

Seemingly not wanting to be left out, a group of cloud computing vendors has formed a sort of coalition for cloud security, using a solid cast of regulars as it’s expert front line. The latter includes former Homeland Security Secretary Michael Chertoff, former OMB e-gov Administrator Karen Evans and former Air Force CIO Dale Meyerrose. Partners are companies like Harris (where Meyerrose works), Juniper Networks, L3 Stratis, Lockheed Martin, and Microsoft. You can check out this group here.

Then there is the TechAmerica Foundation’s Cloud2 effort, which also blogs and testifies. The non-profit Mitre Corporation runs a cloud computing forum for government. The CIO Council is moving along on its FedRAMP certification process to standardize the assessment and authorization of cloud services suppliers to the federal government.

Everything cloud-related seems to be coming in wholesale quantities, except federal migration to the cloud. Not that there haven’t been some. The General Services Administration is on Google mail now. Interior reissued a request for information. It’s trying again to put 80,000 users’ e-mail in the cloud, but it’s first award, to Microsoft, was protested by Google.

Some of the most exciting work is being done via internal government clouds. The SANS Institute has given it’s 2011 U.S. National Cybersecurity Innovation Award to Los Alamos National Laboratory for security in its own cloud. Los Alamos used a VMWare product called vShield. The Defense Information Systems’ Forge.mil, described in FedInsider #91, has been delivering innovation regularly.

To me, one of the most promising developments comes from Homeland Security CIO Richard Spires. At the recent ACT-IAC Executive Leadership Conference, he described a contract for “workplace as a service.” Hewlett Packard and CSC will deliver virtualized desktops and mobile devices to access them as a bundled package. Employees will choose from several variations depending on how mobile they need to be. It looks like the 21st century version of seat management, only without the seat thanks to the mobility component.