WASHINGTON — The migration of government IT to a cloud-computing environment might be charitably called a gradual process.
Even the most exuberant proponents of revamping the federal computing infrastructure to a more efficient and lower-cost cloud model, such as federal CIO Vivek Kundra, consider it a decade-long transition.
But here at a House hearing probing the benefits and pitfalls of the federal migration to the cloud, Kundra told lawmakers that the transition is well under way. At the same time, he cautioned that the government’s early forays into the cloud are only first steps, and the federal computing environment remains bogged down by lengthy procurement periods and delayed implementation of new technologies.
“[The cloud] is by no means a silver bullet that’s going to solve all the IT problems we have,” Kundra told members of the Committee on Oversight and Government Reform.
What the cloud does promise, Kundra said, is the potential to significantly cut the portion of the government’s $76 billion IT budget that’s spent on infrastructure.
“Unfortunately, the number of data centers in the United States government has gone from 432 to over 1,100 in a decade,” Kundra said. “That’s not sustainable in the long term.”
Kundra outlined several of the administration’s early initiatives aimed at curbing IT waste and driving adoption of cloud-based services, such as the online spending dashboard that allows the public to track the cost of each agency’s technology projects, as well as Apps.gov, an online gallery for federal managers that hosts commercially available software applications from companies like Amazon (NASDAQ: AMZN) and Salesforce.com (NYSE: CRM).
Then, earlier this week, the administration initiated a detailed review of agencies’ IT initiatives, aiming to snuff out underperforming projects in the 2012 budget.
Kundra’s vision for remaking federal IT in the cloud model would see agencies both adopt lightweight software applications such as those available from commercial vendors on Apps.gov, and begin to shift their server and data-center infrastructure to a remote, multi-tenant environment.
“What we’re finding, unfortunately, is that in some agencies server utilization is at 7 percent,” Kundra told the panel, noting that over the last decade, while businesses have been consolidating their IT infrastructure, the number of federal data centers has spiked from 432 to more than 1,100.
The White House Office of Management and Budget, where Kundra’s office is housed, has directed the agencies to submit plans for consolidating their IT operations by December.
But for all of Kundra’s enthusiasm, other witnesses noted that cloud computing in government IT is a double-edged sword.
Today’s hearing coincided with the release of a report from the Government Accountability Office that found that 22 of the 24 major agencies polled expressed concerns about the security of moving data to the cloud and sharing infrastructure.
Gregory Wilshusen, GAO’s director of information security services, told the panel today that it would be “imprudent” to move certain types of data to any sort of remotely managed environment, but he acknowledged that the term “cloud” is hardly monolithic.
“It really depends on what kind of cloud is being used,” Wishusen said of the security question. He noted that while many agencies worry about data leakage from remotely hosted storage environments and wonder what might happen to their information if their service provider was compromised or shut down, the cloud offers security advantages for reducing workers’ dependence on carrying data in removable media and the relatively low cost of disaster recovery.
As part of the federal government’s push to the cloud, the National Institute of Standards and Technology is developing baseline security standards for federal IT projects using cloud-computing technologies.
The General Services Administration, the agency that oversees Apps.gov and houses the Federal Cloud Computing Program Management Office, is also working to streamline the integration of private could technologies into government IT.
GSA developed an interagency initiative dubbed the Federal Risk Authorization Management Program (FedRAMP), which provides joint security authorizations for cloud-computing technologies. That means that a vendor like Salesforce.com, which counts numerous federal agencies as clients, would be spared the red tape of having to win a separate certification each time it deployed the same solution in a different corner of the government.
Following the government witnesses, a second panel of industry representatives generally praised the government’s efforts to increase efficiency and lower costs with cloud computing.
Of course, representing Google (NASDAQ: GOOG), Microsoft (NASDAQ: MSFT), Salesforce and EMC (NYSE: EMC), each has a lively federal business that stands to grow as more agencies transition their computing operations to the cloud.
By turns, the witnesses commended initiatives such as FedRAMP and Apps.gov for simplifying the migration process, and suggested reforms to laws such as a 1986 statute that sets a looser privacy safeguard for information stored remotely on a company’s servers than for files locked inside a PC or an on-site data center.
The witnesses also offered emphatic assurances that providers in the private sector have resolved the security issues that continue to trouble so many agency administrators when they think about the cloud.
Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing division, seemed to capture the position of the vendors when he told the panel: “While the cloud is getting ready for the government, the government must get ready for the cloud.”