Rising above security concerns

No longer a speck on the horizon, cloud computing is gathering adherents because it can deliver critical software services via the Internet rather than through an in-house data center.

And because its applications can be used by all types of devices, such as laptop computers, cell phones and personal digital assistants, cloud computing ranks as one of the most important strategic technologies for 2009, according to research firm Gartner Inc.

“It’s amazing how fast you can work when you have a cloud-enabled environment,” said Curt Aubley, chief technology officer for operations and next-generation solutions at Lockheed Martin Corp.’s Information Systems and Global Services business division.

“You’re not waiting for the server person to do something and the network person to do something and the storage person to do something, and [then] they have to get security approval,” he said.

“You point; you click; you fill out the forms; you say, ‘Go’; [and] it’s done.” Indeed, cloud computing could be the next big thing for federal agencies trying to reduce their information technology costs, cope with tight budgets and compensate for a shrinking workforce, except for one down-to-earth concern: security.

“Security people are used to having a piece of an application running on a processor in a data center,” said William Perlowitz, vice president of advanced technology at Apptis Inc., a provider of IT solutions and services. “Now we’re talking about dynamically associating parts of software with virtual machines that could be running on geographically [dispersed] data centers,” he said. “This is a very difficult problem for [chief information security officers] to come to terms with.” Aubley agrees. From a government perspective, the challenge is security, he said. “Do you really want to put your data next to data, say, from Canada or the data from South America or the data from Asia? Well, sometimes there may be value in doing that. A lot of times, especially with more sensitive data, probably not.”

CROWDED FIELD

In August 2008, Apptis soared into the cloud computing realm inhabited by the likes of Microsoft Corp. and Google by partnering with ServerVault to create the Apptis/ServerVault Trusted Cloud offering and launching a federal sales campaign.

Cloud computing combines its unique functions with service-oriented architecture and virtualization, but it has not been fully vetted through government enterprise architecture and security processes, Perlowitz said. That makes agency CISOs wary about deploying it, he added.

Still, cloud computing is becoming increasingly attractive to the government.

“We have increased demand for computing, shrinking budgets, and we have data centers that are full,” Perlowitz said. And even when data centers are not at capacity, in some cases they struggle with local utilities that can’t supply enough power or connectivity, he added.

Aubley said cloud computing has great potential. “A lot of technologies are now coming together, which allow you to put very creative architectures together,” he said. That creates clouds for public and government use in addition to hybrid clouds that address specific needs. Aubley cited Google Apps and Microsoft’s new Windows Azure as examples of public clouds.

Microsoft introduced the Azure Services Platform, a major component of its hybrid cloud computing initiative, in October 2008. Windows Azure “gives our customers the power of choice to deploy applications in cloudbased Internet services or through onpremises servers, or to combine them in any way that makes the most sense for the needs of their business,” said Ray Ozzie, Microsoft’s chief software architect, at the company’s Professional Developers Conference, where the platform was unveiled.

Lockheed Martin has cloud technology and solutions for clients with security requirements, but the giant defense contractor will also use public clouds when appropriate, Aubley said.

Private clouds have the same capabilities as public clouds, but they are secured on the customer’s network or data center, or on a contractor’s network, he said. That allows multiple users within the organization to share the benefits of cloud computing, but outside groups, companies or countries cannot access it.

“That is the most secure of the models,” Aubley said. That model should become increasingly attractive to federal agencies, especially as technology problems on earlier versions are resolved, he said.

COST CONCERNS

Cloud computing also might solve many cost and data-delivery problems for agencies struggling with continuity of operations and disaster recovery. “It shifts the cost from capital expenditure to operational expenditure,” Perlowitz said.

“Commercial pricing for a virtual machine is around 10 cents an hour, which means to buy a virtual machine for a year from a cloud vendor [costs] $876,” he said. “If you look at storage, it’s about $1 per gigabyte per month. So if you were to buy a terabyte of storage for a year from a vendor that would cost you $12,000.” The savings are even greater when power and cooling, administrative, procurement, and depreciation costs are factored in, Perlowitz said. “If I can consolidate my servers from 15 platforms to one, the cost and price savings alone would kick start most of these green computing initiatives,” he added. “It’s a very compelling financial story.” But others warn of potential hidden costs. “There are often unanticipated fees,” said Rob Walters, general manager of The Planet Inc., an IT hosting company in Houston.

Walters said there could be a big cost difference between paying to store data and using cloud storage to routinely access files for reading and writing.

Accessing cloud-stored data for use — commonly called puts and gets — could result in higher monthly fees and the loss of expected savings, he said.

Customers pay a cloud bandwidth fee to write some data and maintain it there.

“This doesn’t sound like a particularly bad scheme when you look at what they’re actually charging,” Walters said.

“It’s like one cent per thousand of these puts or gets. But when you have an application that’s writing very small files on a very, very regular basis, it is possible — and we’ve spoken to a lot of customers who’ve found [it to be so] — that their bill actually ends up being larger for those operations, those puts and gets, than it is for the maintenance, the storage capacity fees and the bandwidth fees.”

STORAGE OVERLOAD

Apptis initially targets agencies whose storage needs might suddenly increase because of a major disaster or rapid troop deployment, said Phil Horvitz, the company’s chief technology officer.

In such a situation, the agency has several options, he said. It can hope its infrastructure can handle the increased demand or it can expand the infrastructure in anticipation of a future spurt.

“That would cost the government millions of dollars for infrastructure that would be unused possibly for several years and also require periodic upgrading,” he said.

The third option is the hybrid approach, “where we augment the customer’s existing infrastructure with a cloud,” Horvitz said. That model allows agencies “to buy computing on demand, as needed ‘by the drink.’ That’s a lot more effective.” Perlowitz said Apptis’ efforts to offer cloud computing solutions to the government are going well. He said the Defense Department and the Defense Information Systems Agency are among the agencies that have shown the most interest so far. But he added, “When you go into the government and explain a new service offering, first they look at you with raised eyebrows. If you persist, and they keep listening, then you stand a good chance to generate some business.”