WASHINGTON — In the federal government, which carries a roughly $80 billion annual IT budget, the question of cloud computing is no longer a question of “if,” but rather “how,” and “how soon.”
“The cloud computing debate is over,” Dan Burton, senior vice president of public policy with Salesforce.com, declared at a government technology conference here on Thursday. “First of all it’s over in the public sector and government, what we focus on here, because there is no vendor, there is no integrator, there is no consultant out there who says the cloud is not the way to go. So everyone realizes that it is inevitable that the federal government, just like state and local governments, will shift to cloud platforms, cloud infrastructures, cloud applications, and that that train has left the station.”
Burton and other executives from leading technology companies, speaking at the Software and Information Industry Association’s annual Cloud/Gov conference, were uniformly bullish about the prospects for the federal adoption of the cloud, buoyed in large measure by a series of concerted efforts on the part of federal IT leaders both to streamline the process of purchasing cloud services and applications and expand their deployment across the departments and agencies.
“I’m actually very optimistic about a profound change not just about how we implement IT in the federal government but how we procure it,” said Gunnar Hellekson, chief technology strategist with the open source vendor Red Hat.
The mandate to shift to the cloud originated from the White House’s tech team. It comes as part of a broad initiative to overhaul federal IT both to cut costs and drive productivity and operating efficiencies, to an extent modeling government deployments after the cloud services and apps that have been transforming the private sector.
“We’re realizing that the benefits of cloud and the drivers for moving to cloud computing are not just about the CIO’s office, they’re not just about the back-end benefits for IT,” said David Mihalchik, the strategy and business development lead for Google’s federal enterprise division.
“Cloud computing is not just about doing the same thing cheaper, but it’s about doing things that you couldn’t do before,” he added.
And many tech chiefs at the federal government, which admittedly has been a slow ship to turn, have warmed up to the applications and benefits associated with cloud computing that can be closely coupled with productivity, such as collaboration, massive email storage and the potential to work highly effectively from home.
The panelists, who are on the front lines of their companies’ efforts to expand their presence in the government market, described the meetings they have with federal CIOs as lately running more along the lines of hashing over concerns about architecture and licensing agreements, rather than a conversation about the merits of the cloud model itself.
Chief among those issues is security.
“That is still the threshold question,” Burton said. But at the same time, the security question is often muddied by unhelpful labels that emerged early on in the evolution of cloud computing, he argued. That includes the running debate over whether to opt for a public, private or hybrid cloud model, a nomenclature that on its face sheds little light on the security posture of a particular deployment.
“The real issue is if you’re a federal agency you don’t care whether you have a public cloud or a private cloud or a banana cloud,” Burton said. “What you really care about is does your vendor meet federal security requirements. That is the discussion.”
Indeed, the panelists warned against the reflexive equation of a private cloud with a secure cloud. What if the private cloud was operated by a convicted felon? Mihalchik wondered.
“You need to evaluate the security controls that are in place and not just say, ‘Oh I’ve got a private cloud so it much be secure,'” said Mihalchik, who argued by way of analogy that a private plane, say a two-seat Cessna, is not necessarily as safe as a commercial, “multi-tenant” jetliner available to the public.
Google and Salesforce have both won certifications under the Federal Information Security Management Act (FISMA) for their cloud applications.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.