Under pressure to move to cloud computing by the Office of Management and Budget (OMB), yet harboring intractable concerns about protecting sensitive data, many federal agency managers are opting for private clouds, which they consider more secure than public cloud environments.
Frankly, for the time being, some aspects of [the cloud] are totally unattractive to us for dealing with [sensitive] information.
Avi Bender, CTO, U.S. Census Bureau
At the U.S. Census Bureau, for example, officials are concentrating about 90% of their cloud efforts on establishing an internal private cloud, which is hosted at the bureau’s data computing center in Bowie, Md., said chief technology officer Avi Bender.
“We deal with a lot of privacy data under Title XIII, which is all the information collected in our surveys, and also Title XXVI, which is data from the Internal Revenue Service, so we have to take great care in terms of controlling and securing that type of information,” he said. “Frankly, for the time being, some aspects of [the cloud] are totally unattractive to us for dealing with that type of information.”
Bender said the bureau’s concern over data security is so great the agency can’t afford a single mistake. “One breach of taxpayer or personal data and we’re screwed,” he said. “The only thing that is going to be enough is that we continue within our own [private cloud] and we control it.”
Private cloud often the first step
Under the Obama administration’s federal cloud computing initiative, agencies are facing an OMB mandate to move more services and applications to the cloud -- preferably to commercially hosted clouds -- wherever possible.
Last year, in his 25 Point Implementation Plan to Reform Federal Information Technology Management (.pdf), then Federal Chief Information Officer Vivek Kundra ordered agency CIOs to identify at least three “must move” services to the cloud; the CIOs are to migrate at least one of these projects to a cloud environment within 12 months, and the remaining two within 18 months.
“When evaluating options for new IT deployments, OMB will require agencies default to cloud-based solutions whenever a secure, reliable, cost-effective cloud option exists,” the plan requires. To date, 25 agencies have ticketed 78 systems for cloud migration (.pdf) under the mandate.
Shawn P. McCarthy, research director for IDC Government Insights, estimates about 80% of cloud migrations across the government will be to private clouds -- both in-sourced and outsourced. “When you say private, a lot of times a private cloud could be sitting in a public facility, but it’s on a dedicated system run by a government-approved contractor and with very specific service-level agreements,” he said.
Where non-sensitive information is involved — such as that contained on many of the government’s public-facing websites — agencies are more open to commercially hosted public clouds. Amazon’s AWS GovCloud, for example, was launched at NASA’s IT Summit in August. “We are excited about the opportunity to work with the private sector,” said NASA acting CTO for IT Tsengdar Lee. But, he added: “At the same time we are approaching it cautiously.”
Indeed, about 60% of NASA’s current cloud-migration projects will be hosted by its internal private cloud, called Nebula, Lee said. “We have some IT security issues that may not be able to be satisfied by the public cloud.”