The General Service’s Administrations point-person for all things cloud computing said, like almost every new technology, the economics “are driving the transformation.â€
Speaking at the Cloud/Gov 2011 conference, Sanjeev “Sonny†Bhagowalia, deputy associate administrator at the General Services Administration’s Office of Citizen Services and Innovative Technologies, said the government’s recently released cloud-computing strategy “is a first step in laying out a grand vision,†which includes a hefty dose of cost savings, according to a Federal News Radio report.
The Office of Management and Budget has identified about $20 billion a year spent by federal agencies on IT infrastructure that could be moved to the cloud.
According to Federal News Radio, OMB has also estimated that nine departments could also increase their cloud-computing spending to the tune of about $1 billion.
“We think we can save some that money by moving use cases at the low and moderate levels,” Bhagowalia said. “The economics are driving this transformation. Cloud is not necessarily cheaper, but you can do certain things faster. We’ve been able to deploy capabilities in three months that would normally take nine months.”
Bhagowalia also touted the economic benefits of cloud security guidelines FedRAMP, short for the Federal Risk Authorization Management Program. FedRAMP aims to provide a standard framework to evaluate and authorize cloud-computing services and technologies for government customers.
And this standardized method, what Washington Technology called an “approve-once, use-often approach,†could also save money, by limiting the security controls each IT system and subsystem requires.
Otherwise, federal agencies could spend as much as $180,000 for certification and accreditation programs for each system and subsystem, Washington Technology reported. With about 10,000 such systems in the federal government’s IT portfolio, the numbers can quickly add up.
“I don’t know the math,†Bhagowalia said, “but that’s a lot of zeroes in there.â€
The context for the $ 180,000 number is for a typical Certification and Accreditation (C&A) (now called Assessment and Authorization (A&A))under FISMA for EACH system or application at the “low” or “moderate” level. There are approximately 10,000 systems in the US Government in the annual $ 80 B Federal IT portfolio. Also, each system has more sub-systems, applications and boundaries. Ergo, this adds up to spending a lot of $ in C&A (now A&A) Security in Government. FEDRAMP can obviate that spending for the “CLOUD-ONLY” portion of the systems/sub-systems/applications portfolio with its “approve-once and use-often” approach, thereby saving time, effort and $ (a “lot of zeroes”), once agencies are on-board. with the launch of FEDRAMP This is the context of my comments.
Thanks
Sonny
FedRAMP may be a good starting point for facilitating cloud computing processes, but there are a number of security concerns that need to be recognized. Some critics argue that FedRAMP does not provide enough application security oversight, which is a reason for concern as in recent years, application attacks have surpassed system-level attacks.
At ccskguide.org, we take a look at the security issues around cloud computing and help prepare candidates for the CCSK Cloud Security Certification. Check out our blog post on FedRAMP:
http://ccskguide.org/2011/02/fedramp-gov2-0/