TechAmerica Foundation collaborated with NIST and provides 14 recommendations and a Cloud First Buyer’s Guide for agencies.
The TechAmerica Foundation has unveiled a cloud computing roadmap that delivers detailed guidance to help the federal government adopt cloud computing technologies and policy incentives to keep the U.S. at the forefront of the technology.
The Commission on the Leadership Opportunity in U.S. Deployment of the Cloud (CLOUD2) provided 14 recommendations and a Cloud First Buyer’s Guide for Government to the Obama administration at press conference in Washington July 26.
The commission, led by Salesforce.com Chairman and CEO Marc Benioff and VCE Chairman and CEO Michael Capellas, was created with the encouragement of the administration to further its cloud-first policy.
How standards could get cloud out of the 1970s
How to secure data in the cloud? Stick with it like glue.
Capellas said the commission has collaborated with the National Institute of Standards and Technology, which is also creating a roadmap for federal agencies. NIST expects to unveil its plan during the agency’s cloud computing forum in November.
The Commission is not looking to reinvent programs and initiatives, Capellas said, and, as a result, looked at government standards and security efforts with a view toward contributing where the need occurs.
NIST and government agencies leading the efforts in cloud computing were brought in at an early stage to get a sense where the commission was headed with its recommendations, said Dawn Leaf, NIST’s senior executive for cloud computing.
NIST was already pursuing some of the commission’s recommendations, she said.
Some of the work that NIST has done in providing Standards Acceleration to Jumpstart Adoption of Cloud Computing use cases and developing reference architecture might help vendors categorizes technology in the buyer’s guide. So agencies are actually comparing apples with apples, she said.
The commission’s recommendations focus on four areas important to cloud computing:
Trust: Individuals and organizations must be confident that the cloud can meet their needs, including security, privacy and availability.
Some of the recommendations under this area include the need for government and industry to support and participate in the development of international, standardized frameworks for securing, assessing, certifying and accrediting cloud solutions.
Government and industry should also accelerate the development of a private sector-led identity management ecosystem as envisioned by the National Strategy for Trusted Identities in Cyberspace. Government should also enact a national data breach law to clarify breach notification responsibilities and commitments of companies to their customers and strengthen criminal laws against those who attack computer systems and networks.
Transnational Data Flows: The cloud is not defined by national borders; businesses and data flow across international borders and the U.S. must lead by example in dealing with these challenges, ensuring full realization of the cloud capabilities.
Recommendations under this area call for government and industry to promote a comprehensive, technology-neutral privacy framework based on the Organization for Economic Co-operation and Development’s principles and frameworks. The government should lead in identifying and implementing mechanisms for lawful access by law enforcement or government to data stored in the cloud. Both government and industry should enable effective practices for collecting information from the cloud to meet forensic or e-discovery needs.
Transparency: Cloud providers will earn confidence from corporate America and government agencies by providing users meaningful ways to evaluate cloud implementations and for vendors to share relevant and reliable information about their capabilities to build trust in the system.
Some recommendations include that industry should publicly disclose information about relevant operational aspects of their cloud services, including portability, interoperability, security, certifications, performance and reliability. Cloud providers should enable portability of user data through document tools, and support agreed-upon industry standards and best practices.
Transformation: For full adoption of the cloud, the federal government must change how it acquires technology, and invest in improving technology infrastructure, including expediting broadband deployment and the move to IPv6.
Recommendations include the need for agencies to demonstrate flexibility in adapting procurement models to acquire cloud services and solutions. Congress and the Office of Management and Budget should demonstrate flexibility in changing budget models to help agencies acquire cloud services and solutions.
Government and industry should embrace the modernization of broadband infrastructure and the move to IPv6 to improve the bandwidth and reliable connectivity necessary for the growth of cloud services.