NIST cloud roadmap: Too much too fast?

The new cloud computing roadmap designed to help federal agencies accelerate their cloud adoption could inspire agencies to do too much, too fast, warns an analyst.

The National Institute of Standards and Technology released the two-volume roadmap on Nov. 1. It lays out guidelines on how the federal government and private sector can best implement cloud computing. Although the roadmap is a “good, solid structure,” agencies still have their own legacy needs, technology limits and budget concerns to deal with, said Shawn McCarthy, a research director at IDC Government Insights and a contributor to Government Computer News’ Internaut column.

“It’s very important to continue urging agencies toward an enterprise architectures standard or as close to that as you can,” he said. “But every agency is going to have to proceed at its own pace, and it’s unlikely that anyone will be able to comply with every piece of it because of their own unique limits.”

Related story:

Cloud-computing help is on the way for agency managers


The actual migration to the cloud could be an easy, quick process, but when factoring in security requirements and the service level an agency might need, investment in time eventually pays off, McCarthy said. 

“Can you get some things in the cloud quickly? Yes. Is that the way to do it? Not necessarily,” he said. “It’s not exactly a checklist but people could view it like one: Have I looked at low- and high-priority security requirements? Do I understand how my data could be affected? Should I go in a cloud direction? Do I understand the requirements to collaborate with other agencies if I were to do this and share data?”

Agencies looking to follow the suggested guidelines should first pinpoint which services they need and which workload they should migrate, said Norm Laudermilch, federal chief operating officer at Terremark, a subsidiary of Verizon. Cost is another obvious element to consider: When the federal government decided to move to the cloud, it first compared the costs of running the website internally with the expenses of outsourcing it, he explained.

Although a growing number of companies are planning on getting in on the cloud market, not everyone will be able to provide the security the proposed standards call for, Laudermilch said.

“The security requirements are going to be all about the physical facilities that these cloud pods reside in, and very few cloud providers can meet those requirements,” he said. “It will help the government tremendously in their vendor selection process.”

In the midst of a continuous cyber blitzkrieg on the public sector, federal agencies are concerned about security more than everything, Laudermilch added. The first question federal agencies typically ask is how secure is the cloud, not “how fast does [the migration] go or how much does it cost or how big can it get,” he said. 

“We see federal agencies that say, ‘we’re not convinced to move to the cloud yet; you have to prove to us how secure it is,’” Laudermilch said. “That’s where the recertification and meeting all the audit criteria come into play for us. We see a very, very high level of diligence in security.”



About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.