NIST cloud roadmap: Too much too fast?

The new cloud computing roadmap designed to help federal agencies accelerate their cloud adoption could inspire agencies to do too much, too fast, warns an analyst.

The National Institute of Standards and Technology released the two-volume roadmap on Nov. 1. It lays out guidelines on how the federal government and private sector can best implement cloud computing. Although the roadmap is a “good, solid structure,” agencies still have their own legacy needs, technology limits and budget concerns to deal with, said Shawn McCarthy, a research director at IDC Government Insights and a contributor to Government Computer News’ Internaut column.

“It’s very important to continue urging agencies toward an enterprise architectures standard or as close to that as you can,” he said. “But every agency is going to have to proceed at its own pace, and it’s unlikely that anyone will be able to comply with every piece of it because of their own unique limits.”

Related story:

Cloud-computing help is on the way for agency managers


The actual migration to the cloud could be an easy, quick process, but when factoring in security requirements and the service level an agency might need, investment in time eventually pays off, McCarthy said. 

“Can you get some things in the cloud quickly? Yes. Is that the way to do it? Not necessarily,” he said. “It’s not exactly a checklist but people could view it like one: Have I looked at low- and high-priority security requirements? Do I understand how my data could be affected? Should I go in a cloud direction? Do I understand the requirements to collaborate with other agencies if I were to do this and share data?”

Agencies looking to follow the suggested guidelines should first pinpoint which services they need and which workload they should migrate, said Norm Laudermilch, federal chief operating officer at Terremark, a subsidiary of Verizon. Cost is another obvious element to consider: When the federal government decided to move to the cloud, it first compared the costs of running the website internally with the expenses of outsourcing it, he explained.

Although a growing number of companies are planning on getting in on the cloud market, not everyone will be able to provide the security the proposed standards call for, Laudermilch said.

“The security requirements are going to be all about the physical facilities that these cloud pods reside in, and very few cloud providers can meet those requirements,” he said. “It will help the government tremendously in their vendor selection process.”

In the midst of a continuous cyber blitzkrieg on the public sector, federal agencies are concerned about security more than everything, Laudermilch added. The first question federal agencies typically ask is how secure is the cloud, not “how fast does [the migration] go or how much does it cost or how big can it get,” he said. 

“We see federal agencies that say, ‘we’re not convinced to move to the cloud yet; you have to prove to us how secure it is,’” Laudermilch said. “That’s where the recertification and meeting all the audit criteria come into play for us. We see a very, very high level of diligence in security.”



About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Mon, Nov 7, 2011 John Denver

And the most overlooked question - will going cloud *really* save us money? Also - cloud is an over-used marketeering word that primarily means turning over your infrastructure to a third party...'cloud' provider that has invested heavily in virtualization technology, and will certainly cram as much as possible into the smallest space possible. Get use to crashing apps and service degradation, as an enforceable SLA system is not typically within the purview of most end-users. Hardware is cheap, stay physical and go with one OS per machine, as one OS will accommodate more users than many OS's on the same server - simple math, but look for the vendors with 'cloud' stake, who will tell your executives differently...

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group