Blog archive

Cloud computing math — does it add up?

If any one doubts the economic benefits of a governmentwide approve-once, use-often approach for accrediting and certifying cloud computing services and products, just do the math.

There are about 10,000 IT systems in the federal government, each with its own security boundaries. If broken into subsystems, there would be a lot more security controls to deal with, said Sanjeev “Sonny” Bhagowalia, deputy associate administrator at the General Services Administration’s Office of Citizen Services and Innovative Technologies.

Agencies can spend $180,000 on certification and accreditation to ensure their systems and subagency systems comply with federal security controls.

“I don’t know the math, but that’s a lot of zeroes in there,” Bhagowalia said.

Bhagowalia spoke about the benefits of the government’s Federal Risk and Authorization Management Program Feb. 17 at the Cloud/Gov 2011 conference held by the Software & Information Industry Association and Input in Washington, D.C.

The goal of FedRAMP, an interagency program, is to provide a standard framework for assessing and authorizing cloud computing services and products for multiagency use so each agency won’t need to embark on a separate certification process. Agencies are not mandated to use FedRAMP, which should be ready for implementation this summer, but it sure seems to make economic sense.

Posted by Rutrell Yasin on Feb 18, 2011 at 10:10 AM

Reader Comments

Tue, Feb 22, 2011 SonnyB Washington DC, USA

The context for the $ 180,000 number is for a typical Certification and Accreditation (C&A) (now called Assessment and Authorization (A&A))under FISMA for EACH system or application at the “low” or “moderate” level. There are approximately 10,000 systems in the US Government in the annual $ 80 B Federal IT portfolio. Also, each system has more sub-systems, applications and boundaries. Ergo, this adds up to spending a lot of $ in C&A (now A&A) Security in Government. FEDRAMP can obviate part of that spending for the “CLOUD-ONLY” portion of the systems/sub-systems/applications portfolio with its “approve-once and use-often” approach, thereby saving time, effort and $ (a “lot of zeroes”), once agencies are on-board. with the launch of FEDRAMP. This is the context for my comments. We can do IT more efficiently, if we unite our efforts!


Tue, Feb 22, 2011 RayW

One big advantage of many systems, assuming that all those systems do not have common access methods and points, is security. Certain "groups" are hot and heavy into copying everything the Gov does for various reasons ranging from "Wikileaks" to our big trading "partner" on the east side of the Pacific, and the cloud mentality just makes it easier to scarf data (face it, intrusion is a lot easier than prevention, unless there is no access). Yes, it is more cost effective for the big software houses and they have more control over what we use, and the computer/network "gurus" do not have to worry about each person needing special setups, our software is all in one controlled spot.

The PC brought the freedom to work (and a lot of computing center folks fought it since they lost the power, look at IBM and the power struggles there back then), the cloud brings back the days of mainframe control.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

WT Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.