Cloud Security

Kundra Eyes 25% of Fed IT Spend on Cloud Services

Cloud Services Must Comply with FISMA Regulations
Kundra Eyes 25% of Fed IT Spend on Cloud Services
Known as the Cloud First policy, Federal CIO Vivek Kundra has outlined a new policy in which one-quarter of the $80 billion the federal government spends on information technology would employ cloud computing solutions.

Kundra, who wrote the 43-page Federal Cloud Computing Strategy, said the government could reduce its data center infrastructure expenditure by some 30 percent by moving to a cloud computing model for IT services. "Cloud computing can allow IT organizations to simplify, as they no longer have to maintain complex, heterogeneous technology environments,' he said. "Focus will shift from the technology itself to the core competencies and mission of the agency."

In the report, Kundra said it isn't sufficient to consider only the potential value of moving to cloud services. "Agencies should make risk-based decisions which carefully consider the readiness of commercial or government providers to fulfill their Federal needs," he said.

Under a section entitled security requirements, the new strategy points out that agencies, under the requirements of the Federal Information Security Management Act, must ensure that a safe, secure cloud solution is available to provide a prospective IT service, and should carefully consider agency security needs across a number of dimensions, including but not limited to:

  • Statutory compliance to laws, regulations and agency requirements;
  • Data characteristics to assess which fundamental protections an application's data set requires;
  • Privacy and confidentiality to protect against accidental and nefarious access to information;
  • Integrity to ensure data is authorized, complete and accurate;
  • Data controls and access policies to determine where data can be stored and who can access physical locations; and
  • Governance to ensure that cloud computing service providers are sufficiently transparent, have adequate security and management controls and provide the information necessary for the agency to appropriately and independently assess and monitor the efficacy of those controls.

Kundra said each agency will reevaluate its technology sourcing strategy to include consideration and application of cloud computing solutions as part of the budget process. "Consistent with the Cloud First policy," he said, "agencies will modify their IT portfolios to fully take advantage of the benefits of cloud computing in order to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost."


About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.