It sometimes makes me smile when everyone starts talking about cloud computing. All the buzzwords are out there - no longer TLAs but now Four Letter Acronyms such as SaaS, IaaS, NaaS and dual meanings for these and more. Is SaaS software as a service or storage as a service? What we end up with are a few great ideas, some good ideas and then a whole lot of misunderstanding and what then become bad paths taken that end in poor implementations.
All of that being said cloud computing, as an idea, shared services that reduce implementation and operating costs in a standard way, is a great one. Honestly I use it every day - my Google services as one easy example.
Now that good Idea is gaining attention within the US Federal Government and I believe it is the right move - if attention is paid. Reduction of operating costs through consolidation of data centers is a prudent thing to be looking at. I know that the government knows how to protect resources so if they leverage that expertise then consolidation can be achieved with not just cost savings but in fact improved service and reliability of the infrastructure. To achieve this will take some push from Capitol Hill, OMB or maybe even the White House to ensure that implementations are not hindered by agency politics but I think that in today's environment of shrinking budgets this will be easier to deliver now than 10 years ago.
One of the other big considerations, of course, will be security. Again this is not a case of me believing that the government does not understand security but may instead be a case of ensuring that the implementation covers the areas of concern. In my eyes this includes things like:
- appropriate means of authentication based on the resource as well as the operational environment
- implementation of a open authorization model to consider government employees, contractors and non-governmental personnel with a need to access such as law enforcement and other first responders
- implementation of fraud detection within the transactional environment to ensure that information remains in control of the parties authorized to see and use it
- an understanding of the ability to open certain resources to the public using appropriate authentication means
These things, as you can see, are not technology specific but should be considered as part of the governments overall programs with regards to identity within the federal space as well as identity within the non-federal space such as that as defined by NSTIC. Of course as part of this there is also consideration to information sharing with other national partners.
This is a topic that has much interest to me so I will be following and discussing this a bit more in the near future.
- Posted using BlogPress from my iPad
