When Congress passed the fiscal 2012 National Defense Authorization Act (NDAA) last week, it may have done more for cloud computing than any other organization to date.
Now that his objections have been addressed, President Obama is expected to sign the final version of the NDAA (HR1540) into law. The majority of news coverage of the act has focused on controversial provisions for the indefinite detention of US citizens who are suspected of terrorism, but the cloud computing industry and IT departments should focus on “Section 2867: Data Servers and Centers.”
Section 2867 requires the Department of Defense CIO to develop a performance plan by April 2 for reducing the resources required for servers and datacenters. Specifically, the CIO must develop a plan to reduce:
Square footage of datacenter floor space
Power and cooling utility costs
Capital infrastructure costs per megawatt of data storage
The number of commercial and DoD-developed applications
The number of full-time equivalent staff
The NDAA also requires the plan to include specific strategies for:
Desktop, laptop, and mobile device virtualization
Transitioning to cloud computing
Migrating data and services from DoD datacenters to private-sector cloud services
Reporting datacenter metrics on cost, capacity, and energy efficiency
Transitioning DoD-owned datacenters to just-in-time modular technology.
The decision by Congress to legislate on something as specific as cloud computing for the Department of Defense should not be a big surprise. Congress has been using the department's budget for very prescriptive spending for many years. Until now, such spending focused mainly on weapon systems and military bases that produce civilian contractor jobs in congressional districts.
The implications of Congress having a specific interest in cloud computing will certainly be significant. Executing a focused strategy to use cloud computing and consolidate the DoD infrastructure will pour billions of dollars into the cloud services market. Massive defense spending on cloud services should lead to more innovation and more mature cloud offerings -- to the benefit of all consumers of such services. The DoD spending should also lead to better unit costs for service providers, which in turn should offer better pricing for the rest of the market.
To compete for DoD contracts, cloud vendors will have to devote resources to qualifying as defense contractors and making their services compliant with the Federal Information Security Management Act. Companies like Amazon Web Services, which received FISMA certification in September, will have an early advantage over other vendors. Overall, having more FISMA-compliant cloud services would be a positive for the cloud market and would go a long way in addressing fears about cloud security.
However, the Department of Defense will expand the cyberattack surface of every cloud service provider it uses. This in turn will mean additional risk for the vendors' commercial customers, which will need to account for it in their risk management plans.
Though the DoD already has plenty of data security issues from self-hosted systems, a security breach from a cloud-based service could be a major industry setback. Fortunately, the NDAA includes a significant set of provisions to improve cybersecurity.
For now, we can only speculate on what the DoD CIO will propose in the performance plan and the effect it will have more broadly on cloud computing innovation and adoption. The plan could become a blueprint that other federal agencies, states, and large enterprises could follow when converting to cloud services.
But given how specific Congress was in the NDAA, the real mystery will be in the details and the timeline for executing the plan.
— Jerry Bishop is an independent IT consultant specializing in CIO services, IT strategy, and turning around underperforming IT departments.
If anyone has ever been in government employment or dealt with the US Government in regards to contracts, they are not known for making deadlines as they should. Even if this bill is signed into law by the President, the deadline set for the plan could easily be extended due to the overwhelming aspects that are facing providers and also the wide scope of issues being covered.
Can this be a great thing for cloud providers and others in the industry? Most definitely! Will many existing IT vendors to the federal government be affected? Most likely. And how big of an impact will the reduction in spending come to light based on the criteria that has been established already? Probably minimal.
I do agree that earlier adopters of the Federal Security guidelines and certification to meeting those standards will have a leg up on the competition, but at what price are they going to be able to get away with charging the DOD and other governmental agencies it is hard to say. The government is not know for paying "retail" on too many things out there and demand certain price points to be met based upon their purchasing power.
Well said about too much money actually adversely impacting innovation. This is one of my concerns as well. Just because money is pumped into an industry (which sometimes just means one company) doesn't mean that innovation is going to follow. In fact, it could easily mean the lack of incentive for innovation.
I agree here. The budget dedicated to innovation might have to be cut down to cater to the fixes mentioned in the list. This may not be so good for cloud's future.
Michael, I agree those are concerns, but I don't think they're that much worse than the current state of affairs.
To your first point, I may be mistaken, but I've heard of more security lapses at govt. sites and large corporate sites than at cloud providers. Mark Twain said, "Put all your eggs in one basket, and WATCH that basket!"
As for the threat of govt. cutting off access, government(s) seize computers, raid ISPs and make secret partnerships with telecoms, etc. as it is.
The upside of course is the investment and the explicit endorsement this represents.
I am more worried about the depressing impact too much money will have on the vendors' innovation. While there are counter-examples, most innovation will continue to take place far away from DoD (or any large) bureaucracy. And the wider the reach of the bureaucracy, the less space there is for the inventor in his garage. (Did you read recently about the solo developer of what became the Predator drone? It wasn't Lockheed Martin.)
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Microsoft's recent decision to bundle its Office software with business partner offerings indicates that cloud software may be in the news, but licensed packages are still in demand for failover.
Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
The Amazon smartphone rumor and the Apple mini-iPad rumor show that the mobile device giants think they have to be in all the device spaces to win. Why? Because the cloud can create an ecosystem where every device can cooperate to support the user, and if you don't supply all the devices you miss out on the total value.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
