Different 4 Ways that Cloud Computing could Reinvent Government and Their Policies

Within the federal government, cloud adoption could improve services in four major ways: business transformation, procurement frameworks, digital identity and shared services architecture.

When the government fully embraces the cloud, the American people will have access to government data and services 24 hours per day using any type of device. Imagine government-created apps that give private industry fast access to the petabytes of information handled by the U.S. government. Then, think about how that information could empower decision-making.

Government procurement frameworks aren’t currently designed for flexibility and agility. Working with a cloud services provider (CSP) means accepting that things will change, and they’ll change often. For example, CSPs often revise their services packages, and customers get the upgrade whether they like it or not. Because services are always changing, the fixed-price arrangement that works for the government now may not be cost-effective in the future. Under current procurement guidelines, many agencies try to negotiate custom services with CSPs. The whole point of a CSP’s business model is to lower costs by allowing many users to share resources in common.

Because the cloud means sharing resources, government agencies will have to re-examine how they authenticate identities. The U.K. has taken an interesting approach to this. In the U.K., private companies like Facebook and Google can become "identity providers" (IDP). When individuals want to apply for government services, then they are asked to login with commonly used identity credentials, such as a Facebook login. Once Facebook authenticates the user, it transmits approval to the government. The user then gains admission into the government portal. This way, the government won’t keep login credentials on its websites, so users don’t have to fear data capturing and tracking from government organizations.

In the U.S., 46 percent of agencies are concerned about the security of their applications and proprietary data within a cloud environment. The U.S. government could leverage existing authentication tools, like the Public Key Infrastructure, or it could go with something like the U.K.’s IDP process. The good news about the U.K. process is that users won’t have to remember yet another login, and the government won’t have to worry about protecting identity data in a central location.

The U.S. government has created a program called FedRAMP that makes cloud migration much simpler. Organizations like Amazon Web Services, for example, can gain FedRAMP compliance based on the impact level of different types of services and information. For example, since Amazon Web Services has Agency Authority to Operate (ATO) for the Department of Health and Human Services at FedRAMP’s "moderate impact" level, then HHS agencies can quickly migrate data and applications to the AWS cloud.

This partnership with AWS is one example of how agencies can relinquish the mindset of always creating their own customized solutions. Instead, they can grab turnkey alternatives that have already passed the FedRAMP test. By sharing common infrastructure in volume, agencies can cut their technology and support costs. Since FedRAMP provides the security analysis framework, agencies can feel comfortable with FedRAMP-approved CSPs.

About the Author: Dave Asprey is responsible for thought leadership and strategy as the Vice President of Cloud Security at Trend Micro. He works with press, analysts, customers, partners, the Cloud Security Alliance and the cloud and virtualization community in general to bring more cloud knowledge to Trend Micro, and to share Trend Micro’s innovative new cloud and virtualization strategy. Dave’s writing has been published by the NY Times and Fortune and his cloudywords.com blog was named "Top 100 cloud blogs" by Cloud Expo.