NIST cloud roadmap: Too much too fast?

The new cloud computing roadmap designed to help federal agencies accelerate their cloud adoption could inspire agencies to do too much, too fast, warns an analyst.

The National Institute of Standards and Technology released the two-volume roadmap on Nov. 1. It lays out guidelines on how the federal government and private sector can best implement cloud computing. Although the roadmap is a “good, solid structure,” agencies still have their own legacy needs, technology limits and budget concerns to deal with, said Shawn McCarthy, a research director at IDC Government Insights and a contributor to Government Computer News’ Internaut column.

“It’s very important to continue urging agencies toward an enterprise architectures standard or as close to that as you can,” he said. “But every agency is going to have to proceed at its own pace, and it’s unlikely that anyone will be able to comply with every piece of it because of their own unique limits.”

Related story:

Cloud-computing help is on the way for agency managers


The actual migration to the cloud could be an easy, quick process, but when factoring in security requirements and the service level an agency might need, investment in time eventually pays off, McCarthy said. 

“Can you get some things in the cloud quickly? Yes. Is that the way to do it? Not necessarily,” he said. “It’s not exactly a checklist but people could view it like one: Have I looked at low- and high-priority security requirements? Do I understand how my data could be affected? Should I go in a cloud direction? Do I understand the requirements to collaborate with other agencies if I were to do this and share data?”

Agencies looking to follow the suggested guidelines should first pinpoint which services they need and which workload they should migrate, said Norm Laudermilch, federal chief operating officer at Terremark, a subsidiary of Verizon. Cost is another obvious element to consider: When the federal government decided to move to the cloud, it first compared the costs of running the website internally with the expenses of outsourcing it, he explained.

Although a growing number of companies are planning on getting in on the cloud market, not everyone will be able to provide the security the proposed standards call for, Laudermilch said.

“The security requirements are going to be all about the physical facilities that these cloud pods reside in, and very few cloud providers can meet those requirements,” he said. “It will help the government tremendously in their vendor selection process.”

In the midst of a continuous cyber blitzkrieg on the public sector, federal agencies are concerned about security more than everything, Laudermilch added. The first question federal agencies typically ask is how secure is the cloud, not “how fast does [the migration] go or how much does it cost or how big can it get,” he said. 

“We see federal agencies that say, ‘we’re not convinced to move to the cloud yet; you have to prove to us how secure it is,’” Laudermilch said. “That’s where the recertification and meeting all the audit criteria come into play for us. We see a very, very high level of diligence in security.”



About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.