Feds, industry to hash out cloud standards at May summit

The Cloud Summit will turn attention to standards for data interoperability, portability and security.

The National Institute of Standards and Technology will host a Cloud Summit on May 20 with federal agencies and the private sector with the intent to develop data interoperability, portability and security standards for cloud computing that can be applied across agencies.

Vivek Kundra, the federal chief information officer, told an audience at the Brookings Institution today that establishing such standards is essential to making full use of cloud computing's potential.

By Aug. 1, NIST officials plan to move forward with initial specifications, which will lead to the launch of a portal for cloud standards where various stakeholders can collaborate online in a cloud environment, Kundra said.

“NIST will convene people around the table, and part of what we want to do is test case studies,” Kundra said during an address on “The Economic Gains of Cloud Computing,” sponsored by Brookings in Washington, D.C. The event was moderated by Darrell West, vice president and director of Governance Studies with Brookings, which released a report entitled “Saving Money Through Cloud Computing.”

Related stories:

Cloud computing really can save your agency millions

Don't look down: the path to cloud computing is still missing a few steps

From the event:

Kundra's full remarks

Kundra's slide presentation

Cloud computing refers to services, applications and data storage delivered online through powerful file servers. To that end, the federal government is encouraging agencies to move to the cloud for more efficient information technology operations and cost savings.

Many agencies are making the shift toward the cloud, Kundra said. For example, the Health and Human Services Department is deploying a cloud-based customer relationship and project management solution provided by Salesforce.com.

The solution will support HHS’s Regional Extension Centers in allocating grant funding to doctors and hospitals for the implementation of electronic health records.

At the NIST Cloud Summit, participants will look at cases studies such as HHS' and try to assess the issues and specifications associated with the cloud implementation -- what standards are needed for data portability, interoperability and security, Kundra said.

“For example, what does authentication look like in the cloud environment? As you look at the government and its shift in the last couple of years to smart cards, how does that interoperate with a cloud-based solution?” Kundra asked. “Those are some of the questions we want to address.”

Kundra said that the government wants to create a consensus-driven environment for standard-setting. “If we don’t set those standards, it is going to create an environment where we are doing nothing more than webifying our current infrastructure,” he said.

Furthermore, the federal government wants “to make sure that from a security perspective we have the right standards in place so that agencies can continuously monitor the security of these [cloud] solutions,” Kundra said.

Federal employees and the public must be confident that their information is safe in the cloud, Kundra said. However, the economic benefits of cloud computing won’t be realized if every agency independently reviews and certifies solutions, he said.

NIST has created a technical process for centralized certification to provide common security management services to federal agencies. The process supports the development of common security requirements and performs authorization and continuous monitoring services for governmentwide use, Kundra said.

Agencies can realize these benefits by leveraging the security authorizations provided through a joint authorization board. The board consists of the agency sponsoring a system’s governmentwide authorization and three permanent members: the Defense and Homeland Security departments and the General Services Administration.

The board will provide both initial and ongoing acceptance of risk on behalf of the government as systems are continuously monitored throughout their life cycles, Kundra said.


About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.