NIST cloud roadmap: Too much too fast?

The new cloud computing roadmap designed to help federal agencies accelerate their cloud adoption could inspire agencies to do too much, too fast, warns an analyst.

The National Institute of Standards and Technology released the two-volume roadmap on Nov. 1. It lays out guidelines on how the federal government and private sector can best implement cloud computing. Although the roadmap is a “good, solid structure,” agencies still have their own legacy needs, technology limits and budget concerns to deal with, said Shawn McCarthy, a research director at IDC Government Insights and a contributor to Government Computer News’ Internaut column.

“It’s very important to continue urging agencies toward an enterprise architectures standard or as close to that as you can,” he said. “But every agency is going to have to proceed at its own pace, and it’s unlikely that anyone will be able to comply with every piece of it because of their own unique limits.”


Related story:

Cloud-computing help is on the way for agency managers


 

The actual migration to the cloud could be an easy, quick process, but when factoring in security requirements and the service level an agency might need, investment in time eventually pays off, McCarthy said. 

“Can you get some things in the cloud quickly? Yes. Is that the way to do it? Not necessarily,” he said. “It’s not exactly a checklist but people could view it like one: Have I looked at low- and high-priority security requirements? Do I understand how my data could be affected? Should I go in a cloud direction? Do I understand the requirements to collaborate with other agencies if I were to do this and share data?”

Agencies looking to follow the suggested guidelines should first pinpoint which services they need and which workload they should migrate, said Norm Laudermilch, federal chief operating officer at Terremark, a subsidiary of Verizon. Cost is another obvious element to consider: When the federal government decided to move USA.gov to the cloud, it first compared the costs of running the website internally with the expenses of outsourcing it, he explained.

Although a growing number of companies are planning on getting in on the cloud market, not everyone will be able to provide the security the proposed standards call for, Laudermilch said.

“The security requirements are going to be all about the physical facilities that these cloud pods reside in, and very few cloud providers can meet those requirements,” he said. “It will help the government tremendously in their vendor selection process.”

In the midst of a continuous cyber blitzkrieg on the public sector, federal agencies are concerned about security more than everything, Laudermilch added. The first question federal agencies typically ask is how secure is the cloud, not “how fast does [the migration] go or how much does it cost or how big can it get,” he said. 

“We see federal agencies that say, ‘we’re not convinced to move to the cloud yet; you have to prove to us how secure it is,’” Laudermilch said. “That’s where the recertification and meeting all the audit criteria come into play for us. We see a very, very high level of diligence in security.”

 


 

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.