US federal government: cloud first, but 'cloud' needs to be defined
What is 'cloud computing'? That's what the federal government needs to determine as it aggressively pursues this strategy to cut costs and improve the flexibility of its agencies.
The National Institute of Standards and Technology (NIST) plans to issue a first draft of a “Cloud Computing Technology Roadmap” by the end of fiscal 2011, intended to provide agencies with a single, standardized process for cloud adoption and management, Fierce Government IT reports.
The US federal government now has an active policy to put cloud-based options before on-site software and systems options in new IT purchasing. But moving to cloud options could potentially be even more chaotic than the existing huge $80-billion annual patchwork of federal IT purchases.
The NIST Cloud Computing Standards Roadmap Working Group is spearheading this effort. The goal of the working group and roadmap is to “survey the existing standards landscape for security, portability, and interoperability standards/models/studies/etc. relevant to cloud computing, determine standards gaps, and identify standardization priorities.”
Standards and definitions the working group will likely include in the roadmap include the following:
- Basic Definitions & Standards: TCP/IP, HTTP, HTML, XML, SOAP, REST, WSDL, SSL/TLS, XML/XMLD, JSON, TRP, DNS, SMTP
- High Level Standards & Definition for Cloud and Web Services: OVF, OCCI, CDMI, SPML, Web services, GridFTP, OAuth, OpenID, WS, WSS, SAML, Frameworx, XACML
- Categorization of Cloud Computing Related Standards: Cloud Taxonomy – output from Reference Architecture Working Group
Functional areas to be addressed in the roadmap include the following:
- SaaS Self-service management
- Application specific data formats
- Application functional interfaces
- Resource description and discovery
- QoS specification, monitoring, reporting
- SLA specification and negotiation
- Billing and metering
- Identity and access management
- Provisioning, management, replication, federation
- Single sign-on plus strong authentication
- Security auditing and compliance
In addition, the US General Services Administration, the purchasing arm of the federal government, says it intends to release, by summer, the first version of FedRAMP — which provides common security and monitoring services for cloud services to help agencies avoid guesswork.