Feds, industry to hash out cloud standards at May summit

The Cloud Summit, to be hosted on May 20 by the National Institute of Standards and Technology, will turn attention to creating standards for data interoperability, portability and security.

The National Institute of Standards and Technology will host a Cloud Summit on May 20 with federal agencies and the private sector with the intent to develop data interoperability, portability and security standards for cloud computing that can be applied across agencies.

Vivek Kundra, the federal chief information officer, told an audience at the Brookings Institution today that establishing such standards is essential to making full use of cloud computing's potential.

By Aug. 1, NIST officials plan to move forward with initial specifications, which will lead to the launch of a portal for cloud standards where various stakeholders can collaborate online in a cloud environment, Kundra said.

“NIST will convene people around the table, and part of what we want to do is test case studies,” Kundra said during an address on “The Economic Gains of Cloud Computing,” sponsored by Brookings in Washington, D.C. The event was moderated by Darrell West, vice president and director of Governance Studies with Brookings, which released a report entitled “Saving Money Through Cloud Computing.”

Related stories:

Cloud computing really can save your agency millions

Don't look down: the path to cloud computing is still missing a few steps

From the event:

Kundra's full remarks

Kundra's slide presentation

Cloud computing refers to services, applications and data storage delivered online through powerful file servers. To that end, the federal government is encouraging agencies to move to the cloud for more efficient information technology operations and cost savings.

Many agencies are making the shift toward the cloud, Kundra said. For example, the Health and Human Services Department is deploying a cloud-based customer relationship and project management solution provided by Salesforce.com.

The solution will support HHS’s Regional Extension Centers in allocating grant funding to doctors and hospitals for the implementation of electronic health records.

At the NIST Cloud Summit, participants will look at cases studies such as HHS' and try to assess the issues and specifications associated with the cloud implementation -- what standards are needed for data portability, interoperability and security, Kundra said.

“For example, what does authentication look like in the cloud environment? As you look at the government and its shift in the last couple of years to smart cards, how does that interoperate with a cloud-based solution?” Kundra asked. “Those are some of the questions we want to address.”

Kundra said that the government wants to create a consensus-driven environment for standard-setting. “If we don’t set those standards, it is going to create an environment where we are doing nothing more than webifying our current infrastructure,” he said.

Furthermore, the federal government wants “to make sure that from a security perspective we have the right standards in place so that agencies can continuously monitor the security of these [cloud] solutions,” Kundra said.

Federal employees and the public must be confident that their information is safe in the cloud, Kundra said. However, the economic benefits of cloud computing won’t be realized if every agency independently reviews and certifies solutions, he said.

NIST has created a technical process for centralized certification to provide common security management services to federal agencies. The process supports the development of common security requirements and performs authorization and continuous monitoring services for governmentwide use, Kundra said.

Agencies can realize these benefits by leveraging the security authorizations provided through a joint authorization board. The board consists of the agency sponsoring a system’s governmentwide authorization and three permanent members: the Defense and Homeland Security departments and the General Services Administration.

The board will provide both initial and ongoing acceptance of risk on behalf of the government as systems are continuously monitored throughout their life cycles, Kundra said.