Cloud computing math — does it add up?
If you doubt the economic benefits of a governmentwide approach to cloud security, do the math.
If any one doubts the economic benefits of a governmentwide approve-once, use-often approach for accrediting and certifying cloud computing services and products, just do the math.
There are about 10,000 IT systems in the federal government, each with its own security boundaries. If broken into subsystems, there would be a lot more security controls to deal with, said Sanjeev “Sonny” Bhagowalia, deputy associate administrator at the General Services Administration’s Office of Citizen Services and Innovative Technologies.
Agencies can spend $180,000 on certification and accreditation to ensure their systems and subagency systems comply with federal security controls.
“I don’t know the math, but that’s a lot of zeroes in there,” Bhagowalia said.
Bhagowalia spoke about the benefits of the government’s Federal Risk and Authorization Management Program Feb. 17 at the Cloud/Gov 2011 conference held by the Software & Information Industry Association and Input in Washington, D.C.
The goal of FedRAMP, an interagency program, is to provide a standard framework for assessing and authorizing cloud computing services and products for multiagency use so each agency won’t need to embark on a separate certification process. Agencies are not mandated to use FedRAMP, which should be ready for implementation this summer, but it sure seems to make economic sense.