|By Kevin Jackson||
|September 15, 2011 02:00 PM EDT||
(This is part 3 of the series entitled "Implementation of Cloud Computing Solutions in Federal Agencies". First published on Forbes.com, this series provides the content of a whitepaper I recently authored. A copy of the complete whitepaper will be available at NJVC.com starting September 7, 2011.)
While the benefits and value of the federal cloud computing policy can be debated, the world’s transition to cloud computing as an integral component of any IT infrastructure cannot be denied. The prudent government executive should, therefore, heed the lessons learned from the many private industry corporations that already have miles behind them on this journey.
When identifying a potential cloud computing project, one should always count on a multi-year transition. Organizations should always use a consistent cloud opportunity identification process to reduce the risk of project failure by leveraging data from successful cloud implementations. Clients need to determine set metrics (economic, operational and service) with direct linkage to specific mission requirement(s). Use of a gate-driven cloud adoption process designed to terminate failed projects early in the project lifecycle and deliver measurable capabilities within a quick timeframe (weeks—not years) is highly recommended.
A risk mitigation plan also must be formalized that addresses each of the following concerns:2
- Loss of Governance. When moving to a cloud environment, clients relinquish control to the CP on a number of security-related issues. A gap in security defenses may also exist as service level agreements may not adequately address CP-related security requirements.
- Portability. Issues related to provider lock in are outlined in the Challenges section of this white paper on page 5.
- Isolation Failure. Multi-tenancy and collaboration are at the core of cloud computing. Resource isolation failure addresses mechanisms separating storage, memory, routing and reputation among different clients on the same cloud (e.g., guest-hopping attacks). However, it must be noted that attacks on these mechanisms are not as pervasive and much more difficult to attempt versus attacks on traditional operating systems.
- Compliance Risks. Investments in certifications (e.g., industry standard or regulatory requirements) may be compromised or lost when moving to the cloud.
- Management Interface Compromise. Security is an issue with client management interfaces with the public cloud provider. The reason? These services are provided via the internet and permit access to a larger set of resources than traditional operating systems. Security risk can dramatically increase when this is combined with remote access and web browser vulnerabilities.
- Data Protection. It may be difficult for clients to effectively check the data-handling practices of their CPs to ensure critical and sensitive data is handled lawfully and ethically. This problem can be aggravated in cases of multiple transfers of data (e.g., between federated clouds). However, it must be noted that some CPs share information on their data-handling practices with clients and others offer certification summaries on their data processing and data security activities and their various security controls (e.g., Statement on Auditing Standards 70 Certification.
- Insecure or Incomplete Data Deletion. As with most operating systems, when a request to remove a cloud resource is made, a true erase of data may not happen. Adequate or timely data deletion also may not be feasible (or undesirable from a client perspective) because extra copies of data are stored but not readily available or the disk to be destroyed also houses other data from other clients. When multi-tenancies and the reuse of hardware resources are added to the mix, this risk can increase.
- Malicious Insider. Cloud architectures necessitate the creation of certain staff positions (e.g., CP system administrators and managed security service providers) that can be extremely high risk in terms of internal security threats.
Creating a Cloud Computing Roadmap for Federal Agencies First Steps
According to, GovCloud: Cloud Computing for the Business of Government, when a government agency is ready to undertake the implementation of a cloud-based solution, it must determine which IT services, business functions and processes to deploy in the cloud environment. A five-year roadmap should be created that includes the desired order to move each of the services to the cloud for each year during that time period.3 Requirements for each service to be deployed in the cloud should be developed and a cost/benefits analysis performed to establish the rationale why each targeted service should move to the cloud.
Implementation of a Low-Risk Test Case
A low-risk test case should be implemented prior to undertaking a wholesale transfer of services to the cloud.4 This is harder than it may sound as some IT services that may seem simple to deploy to the cloud are not so easy. Four questions should be asked (and answered) to decide which IT services are best suited to live in the cloud5:
- Can compliance requirements be balanced with other IT prioirities?
- Is this an IT function or service the agency has mastered?
- Can the agency use a standardized service?
- Is the test case easily implementable?
A misconception may exist that just because an application or service being deployed to the cloud isn’t mission critical, the process will be simple and straightforward. This is not always true. If the agency is new to the cloud and wishes to establish a private cloud it will take time to determine the appropriate split of responsibilities between the service provider and the agency’s IT team.6 Compliance and liability issues can also be tricky, as defining compliance conditions and establishing liability for intellectual property protection with cloud vendors reach well beyond the IT world—and, as such, with so many moving parts may take time to properly address and resolved.7 NIST has launched the U.S. Government Cloud Computing Business Case Working Group to assist agencies with the development of cloud-compatible user cases. Email, geospatial data exchange and services management are among the first user cases currently in development.
The authors of GovCloud: Cloud Computing for the Business of Government also offer seven recommendations that must be considered during the development and implementation of an agency’s cloud roadmap:
- Own the information, even if you own nothing else. An agency must claim its right to own the information even if it doesn’t own the infrastructure, application or service associated with that information. Any agency is liable for its information—regardless of where it lives—and some education will likely be needed about this fact among its IT team. While it may be unrealistic to prevent departments from provisioning their own cloud application, the agency must institute policies and procedures to ensure it can monitor how information deployed to the cloud is managed. As it is often hard to envision future uses of information, it also is recommended that agencies make sure cloud-dwelling data can be brought back into the enterprise if needed.
- Don’t take terminology for granted. It is vital to ensure that important terminology is defined in the same way by the agency and the cloud service provider—room for different interpretation always exists. A review of information governance policies must take place to identify the areas of highest risk so authoritative definitions for vocabulary in these areas can be developed and adopted.
- Hope for standards, but prepare to integrate. In short, the cloud is young and isn’t established enough to have developed standard specifications for platform interoperability and data exchange. Strategic groundwork for future data integration needs to be laid in the early stages of any movement to the cloud. Agencies must insist that their cloud service providers provide clear documentation on the data formats and schemas used for information storage in their systems.
- Control cloud platform proliferation. Agencies should minimize the number of different cloud platforms that require support to limit information fragmentation and decrease the chance of a future huge integration effort. To the greatest extent possible, an agency’s IT team should help departments look for shared requirements in standardized business functions. The team can identify cloud platforms that meet these needs and consolidate the agency’s services on them, when possible. Not only will the ability to share information increase, this will result in greater leverage when negotiating contract terms and pricing.
- Make the information “cloud ready.” Agencies that organize their data sets well enough for use across multiple platforms will be best positioned to take advantage of cloud services, and will be better able to deploy enterprise information to the cloud more easily.IT teams need to get into the habit of encrypting data into one common format (probably XML)—a process even more important if data moves through externally operated resources to the cloud.
- Master solution integration. The shift to the cloud requires IT professionals to change their focus from owning and operating enterprise systems to becoming master information service integrators. In addition to linking legacy databases to SaaS, IT teams need to connect their private and public clouds to create a seamless technology environment that works like a single cloud custom-made for their specific enterprises.
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
Oct. 22, 2016 09:15 AM EDT Reads: 681
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
Oct. 22, 2016 09:15 AM EDT Reads: 1,407
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service.
Oct. 22, 2016 08:30 AM EDT Reads: 921
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Oct. 22, 2016 08:15 AM EDT Reads: 3,750
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Oct. 22, 2016 08:15 AM EDT Reads: 414
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
Oct. 22, 2016 07:45 AM EDT Reads: 3,093
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Oct. 22, 2016 07:00 AM EDT Reads: 2,251
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
Oct. 22, 2016 06:45 AM EDT Reads: 379
The Internet of Things (IoT), in all its myriad manifestations, has great potential. Much of that potential comes from the evolving data management and analytic (DMA) technologies and processes that allow us to gain insight from all of the IoT data that can be generated and gathered. This potential may never be met as those data sets are tied to specific industry verticals and single markets, with no clear way to use IoT data and sensor analytics to fulfill the hype being given the IoT today.
Oct. 22, 2016 06:30 AM EDT Reads: 2,226
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
Oct. 22, 2016 06:15 AM EDT Reads: 11,214
If you had a chance to enter on the ground level of the largest e-commerce market in the world – would you? China is the world’s most populated country with the second largest economy and the world’s fastest growing market. It is estimated that by 2018 the Chinese market will be reaching over $30 billion in gaming revenue alone. Admittedly for a foreign company, doing business in China can be challenging. Often changing laws, administrative regulations and the often inscrutable Chinese Interne...
Oct. 22, 2016 06:00 AM EDT Reads: 1,342
SYS-CON Events announced today that SoftNet Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. SoftNet Solutions specializes in Enterprise Solutions for Hadoop and Big Data. It offers customers the most open, robust, and value-conscious portfolio of solutions, services, and tools for the shortest route to success with Big Data. The unique differentiator is the ability to architect and ...
Oct. 22, 2016 05:45 AM EDT Reads: 474
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
Oct. 22, 2016 05:00 AM EDT Reads: 2,474
In the next forty months – just over three years – businesses will undergo extraordinary changes. The exponential growth of digitization and machine learning will see a step function change in how businesses create value, satisfy customers, and outperform their competition. In the next forty months companies will take the actions that will see them get to the next level of the game called Capitalism. Or they won’t – game over. The winners of today and tomorrow think differently, follow different...
Oct. 22, 2016 04:30 AM EDT Reads: 808
One of biggest questions about Big Data is “How do we harness all that information for business use quickly and effectively?” Geographic Information Systems (GIS) or spatial technology is about more than making maps, but adding critical context and meaning to data of all types, coming from all different channels – even sensors. In his session at @ThingsExpo, William (Bill) Meehan, director of utility solutions for Esri, will take a closer look at the current state of spatial technology and ar...
Oct. 22, 2016 03:30 AM EDT Reads: 1,666
The Open Connectivity Foundation (OCF), sponsor of the IoTivity open source project, and AllSeen Alliance, which provides the AllJoyn® open source IoT framework, today announced that the two organizations’ boards have approved a merger under the OCF name and bylaws. This merger will advance interoperability between connected devices from both groups, enabling the full operating potential of IoT and representing a significant step towards a connected ecosystem.
Oct. 22, 2016 02:45 AM EDT Reads: 1,152
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Oct. 22, 2016 01:30 AM EDT Reads: 9,615
SYS-CON Events announced today that Streamlyzer will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Streamlyzer is a powerful analytics for video streaming service that enables video streaming providers to monitor and analyze QoE (Quality-of-Experience) from end-user devices in real time.
Oct. 22, 2016 01:15 AM EDT Reads: 900
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Oct. 22, 2016 01:15 AM EDT Reads: 815
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
Oct. 22, 2016 01:00 AM EDT Reads: 8,183