Kundra Eyes 25% of Fed IT Spend on Cloud Services

Cloud Services Must Comply with FISMA Regulations

By GovInfoSecurity.com, February 14, 2011.
Kundra Eyes 25% of Fed IT Spend on Cloud Services

K

See Also: Breaking Down Ease-of-Use Barriers to Log Data Analysis for Security

nown as the Cloud First policy, Federal CIO Vivek Kundra has outlined a new policy in which one-quarter of the $80 billion the federal government spends on information technology would employ cloud computing solutions.

Kundra, who wrote the 43-page Federal Cloud Computing Strategy, said the government could reduce its data center infrastructure expenditure by some 30 percent by moving to a cloud computing model for IT services. "Cloud computing can allow IT organizations to simplify, as they no longer have to maintain complex, heterogeneous technology environments,' he said. "Focus will shift from the technology itself to the core competencies and mission of the agency."

In the report, Kundra said it isn't sufficient to consider only the potential value of moving to cloud services. "Agencies should make risk-based decisions which carefully consider the readiness of commercial or government providers to fulfill their Federal needs," he said.

Under a section entitled security requirements, the new strategy points out that agencies, under the requirements of the Federal Information Security Management Act, must ensure that a safe, secure cloud solution is available to provide a prospective IT service, and should carefully consider agency security needs across a number of dimensions, including but not limited to:

  • Statutory compliance to laws, regulations and agency requirements;
  • Data characteristics to assess which fundamental protections an application's data set requires;
  • Privacy and confidentiality to protect against accidental and nefarious access to information;
  • Integrity to ensure data is authorized, complete and accurate;
  • Data controls and access policies to determine where data can be stored and who can access physical locations; and
  • Governance to ensure that cloud computing service providers are sufficiently transparent, have adequate security and management controls and provide the information necessary for the agency to appropriately and independently assess and monitor the efficacy of those controls.

Kundra said each agency will reevaluate its technology sourcing strategy to include consideration and application of cloud computing solutions as part of the budget process. "Consistent with the Cloud First policy," he said, "agencies will modify their IT portfolios to fully take advantage of the benefits of cloud computing in order to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost."

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Target Breach Consumer Lawsuit to Proceed

A federal judge has denied Target's motion to dismiss a consolidated class action lawsuit filed on...

Latest Tweets and Mentions

ARTICLE Target Breach Consumer Lawsuit to Proceed

A federal judge has denied Target's motion to dismiss a consolidated class action lawsuit filed on...

The ISMG Network