Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

US federal IT leaders look for trust, transparency in cloud vendors

Kenneth Corbin | Nov. 3, 2014
As the FedRAMP security certification standard evolves, government tech officials are having an easier time evaluating private cloud offerings. However, they caution that trust and vendor relationships are key, and regardless, some sensitive applications will remain in-house.

At the Postal Service, for instance, Barlet's team was considering which applications would be good candidates for a cloud migration, and ended up transitioning some processes like the organization's project management software. But the agency's more complex case-management software, it was ultimately decided, was too elaborate and carried too many unique specifications to shift to a third-party provider.

"Because of all the extra requirements, it just seemed a little safer to keep that in-house," Barlet says.

Security Still Chief Impediment to Government Move to Cloud
Security has long been cited as a chief impediment to the government's move to the cloud and its partnership with commercial providers. Much of that comes down to an issue of trust, according to Steve Hernandez, CISO at the Department of Health and Human Services' Office of Inspector General, who urges vendors to be more forthcoming with information about their risks and vulnerabilities in their conversations with government buyers.

"We need to know beforehand what type of risk we're assuming, and to do that we need accurate vulnerability information from these cloud providers," Hernandez says. "What can happen is you can end up being collateral damage because another agency or commercial provider was hit."

Officials have also been slow to warm up to the cloud brokerage initiative that the General Services Administration has been developing, inviting cloud services firms to establish themselves as brokers who would help government agencies purchase and deploy cloud products from other vendors.

At the outset, some officials are wary of that model for introducing added layers of complexity, particularly when federal CIOs already worry about outsourcing critical applications to commercial vendors.

"Maybe at some point we'll get there," Barlet says. "But I don't know if it's going to come any time soon."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.