![Free-eBooks.net](/resources/img/logo-nfe.png)
![All New Design](/resources/img/allnew.png)
Cloud Computing
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The Cloud Computing model offers the promise of massive cost savings combined with increased IT agility. It is considered critical that government and industry begin adoption of this technology in response to difficult economic constraints. However, cloud computing technology challenges many traditional approaches to datacenter and enterprise application design and management. Cloud computing is currently being used; however, security, interoperability, and portability are cited as major barriers to broader adoption.
The National Institute of Standards and Technology (NIST) has defined cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Essential characteristics are:
Cloud computing service models include:
Cloud computing deployment models include:
Cloud computing enables the sharing, storage, and accessibility of data via the Internet, rather than through individual, limited-access hard drives. It is an evolution toward the renting of integrated services as needed without the high risk and capital costs of development and infrastructure. The adoption of cloud computing offers many benefits to Veterans, their families and dependents, VA personnel, and VA partners. Using cloud, Veterans and their families will have access to VA services on any device, anywhere, and at any time. They will experience improved mission services and capabilities, and will be able to access information seamlessly, globally, securely, cost effectively, and reliably.
VA has been pursuing various IT infrastructure evolution initiatives for some time. The adoption of utility cloud computing models has numerous advantages. Fundamentally, the capability supports rapid delivery of VA business capabilities. Thus, it provides agile, scalable, and reliable infrastructure needed to keep pace with an explosive growth of information and the increased variety and uses of VA’s strategic information assets. VA’s efforts to this end align with the Office of Management and Budget (OMB)’s 25 Point Implementation Plan to Reform Federal Information Technology Management. (December 9, 2010) and the priority of the current VA Chief Information Officer (CIO) to adopt cloud computing.
By definition, cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. (NIST SP 800-145) VA has several cloud initiatives already in use that correspond to the Service Models identified above:
VA has developed an implementable enterprise cloud strategy to realize the greatest benefits of cloud computing across VA and to prevent the potential risk of diverging approaches or overlapping efforts. The strategy is consistent with the CIO’s vision and aligned with VA policies. The purpose of the strategy is to deliver more responsive IT services at lower cost to the Department and to promote adoption of the following concepts:
Enterprise Design Patterns (EDPs) are developed by the Office of Technology Strategies (TS) in coordination with internal and external subject matter experts (SME) and stakeholders. Enterprise Design Patterns are incorporated into the Design, Engineering, & Architecture (DE&A) Compliance and provide reusable, enterprise-level capabilities guidance. They provide a standardized framework of capabilities and constraining principles to aid all integrated project teams (IPT) in the development, acquisition, and/or implementation of IT systems and services. Each signed Enterprise Design Pattern is listed below by topic area.
On March 17, 2016, the CIO and Deputy CIO for Architecture Strategy and Design signed VA Directive 6551 regarding VA Enterprise Design Patterns. This directive establishes a mandatory policy for establishing and utilizing Enterprise Design Patterns by all Department of Veterans Affairs (VA) projects developing information technology (IT) systems in accordance with the VA’s Office of Information and Technology (OI&T) integrated development and release management process, the Veteran-focused Integration Process (VIP).
Cloud computing enables convenient, rapid, and on-demand computer network access—most often via the Internet--to a shared pool of configurable computing resources (in the form of servers, networks, storage, applications, and services). Quite simply, it is the way computing services are delivered that is revolutionary. Cloud computing allows users to provision computing capabilities rapidly and as needed; that is, to scale out and scale back as required, and to pay only for services used. Users can provision software and infrastructure cloud services on demand with minimal, if any, human intervention.
Because cloud computing is based on resource pooling and broad network access there is a natural economy of scale that can result in lower costs to agencies. In addition, cloud computing offers a varied menu of service models from a private cloud operated solely for one organization to a public cloud that is available to a large industry group and the general public and owned by an organization that is selling cloud computing services. Various forms of cloud computing solutions are already being used in the federal government today to save money and improve services. Let me illustrate with just a few examples:
In addition to improved services, GSA anticipates that cloud computing will be a major factor in reducing the environmental impact of technology and help achieve important sustainability goals. Effective use of cloud computing can be part of an overall strategy to reduce the need for multiple data centers and the energy they consume. Currently, GSA is supporting OMB in working with agencies to develop plans to consolidate their data centers. Using the right deployment model – private cloud, community cloud, public cloud, or a hybrid model – can help agencies buy improved services at a lower cost within acceptable risk levels, without having to maintain expensive, separate, independent and often needlessly redundant brick and mortar data centers.
In February 2010, the Federal CIO announced the Federal Data Center Consolidation Initiative. In it, he designated two Federal agency CIOs -- Richard Spires (DHS) and Michael Duffy (Treasury) to lead the effort inside the Federal CIO Council. It also highlighted the following goals:
GSA has a significant leadership role in supporting the adoption of cloud computing in the federal government. We have concentrated our efforts on facilitating easy access to cloud based solutions from commercial providers that meet federal requirements, enhancing agencies’ capacity to analyze viable cloud computing options that meet their business and technology modernization needs, and addressing obstacles to safe and secure cloud computing. In particular, GSA facilitates innovative cloud computing procurement options, ensures effective cloud security and standards are in place, and identifies potential multi-agency or government-wide uses of cloud computing solutions. GSA is also the information hub for cloud use case examples, decisional and implementation best practices, and sharing exposed risks and lessons learned. GSA has set up the Info.Apps.Gov site as an evolving knowledge repository for all government agencies to use and contribute their expertise.
Cloud services are usually offered and purchased as commodities. This is a new way of buying IT services and requires careful research on both government requirements and industry capability to meet demand. To assist agencies in buying new commercially provided cloud services, GSA established a website -- Apps.Gov -- modeled on other GSA product and service acquisition storefronts. The purpose of Apps.Gov is to provide easy, simple ways to find, research, and procure commercial cloud products and services. Agencies can search for software as a service (SaaS) products categorized under business purpose headings and get product descriptions, price quotes, and links to more information on specific products. Usage patterns to date indicate that agencies use this information to either directly buy SaaS products or, alternatively, as a source of marketplace research that is used to support cloud procurements using other vehicles such as GSA Schedule or GSA Advantage.
One of the most significant obstacles to the adoption of cloud computing is security. Agencies are concerned about the risks of housing data off-site in a cloud if FISMA security controls and accountabilities are not in place. In other words, agencies need to have valid certification and accreditation (C&A) process and a signed Authority to Operate (ATO) in place for each cloud-based product they use. While vendors are willing to meet security requirements, they would prefer not to go through the expense and effort of obtaining a C&A and ATO for each use of that product in all the federal departments and agencies. The PMO formed a security working group, initially chaired by NIST to address this problem. The group developed a process and corresponding security controls that were agreed to by multiple agencies – which we have termed as the Federal Risk and Authorization Management Program (FedRAMP).
FedRAMP is a government-wide initiative to provide joint authorizations and continuous security monitoring services for all federal agencies with an initial focus on cloud computing. By providing a unified government-wide risk management for enterprise level IT systems, FedRAMP will enable agencies to either use or leverage authorizations with:
FedRAMP allows agencies to use or leverage authorizations. Under this program, agencies will be able to rely upon review security details, leverage the existing authorization, and secure agency usage of system. This should greatly reduce cost, enable rapid acquisition, and reduce effort. FedRAMP has three components:
1. Security Requirement Authorities which create government-wide baseline security requirements that are interagency developed and approved. This will initially be the Federal Cloud Computing Initiative and ultimately live with the ISIMC Working Group.
2. The FedRAMP Office which will coordinate authorization packages, manage authorized system list, and provide continuous monitoring oversight. This will be managed by GSA.
3. A Joint Authorization Board which will perform authorizations and on-going risk determinations to be leveraged government-wide. The board will consist of representatives from GSA, DoD, DHS and the sponsoring agency of the authorized system.
GSA is working with OMB, security groups including the Federal CIO Council’s Information Security and Identity Management Committee, and the marketplace to vet this program and ensure that it will meet the security requirements of the government while streamlining the process for industry.
The Common Open Government Dialogue Platform is a project undertaken by GSA in response to the Open Government Directive's mandate that agencies "incorporate a mechanism for the public to provide input on the agency’s Open Government Plan." Over the course of six weeks, GSA provided interested agencies with a no-cost, law- and policy-compliant, public-facing online engagement tool, as well as training and technical support to enable them to immediately begin collecting public and employee input on their forthcoming open government plans. Since then, GSA has worked to transfer ownership of the open government public engagement tool, powered by a cloud SaaS platform called IdeaScale, to interested agencies, in a manner that provided both policy and legal compliance, as well as support for sustained engagement. The tool was launched in February 2010 across 22 federal agencies and the White House Office of Science and Technology Policy; overall resource investment was less than $10,000 – far less than the hundreds of thousands or millions of dollars that would have resulted from agencies independently pursuing and procuring IT solutions. The agencies’ dialogue sites garnered over 2,100 ideas, over 3,400 comments, and over 21,000 votes during a six-week "live" period and the tool continues to be used by several agencies for a variety of other open government purposes.
USASpending.gov is a source for information collected from agencies in accordance with the Federal Funding Accountability and Transparency Act of 2006. This public facing web site is a cornerstone of the Administration’s efforts to make government open and transparent. Using USAspending.gov, the public can determine how their tax dollars are spent and gain insight into the Federal spending processes across agencies. It also houses the Federal IT Dashboard, which displays details on the nearly 800 major federal IT investments based on data reported to the Office of Management and Budget. This data is also now housed in a cloud infrastructure environment maintained by NASA.
Data.gov is the central portal for citizens to find, download, and assess government data. It now hosts over 270,000 data sets covering topics ranging from healthcare to commerce to education. Data.gov was one of the first public facing government websites to deploy cloud computing successfully in government. It empowers citizens by allowing them to create personalized mash-ups of information from diverse sources (e.g., local school academic scores arrayed by education spending levels), solve problems (e.g., FAA flight time arrival information), and build awareness of government’s role in activities affecting daily activities (e.g., food safety, weather, and the like).
Challenge.gov is a government-wide challenge platform that will be hosted in a cloud computing infrastructure service to facilitate government innovation through challenges and prizes. This tool provides forums for seekers (the federal agency challenger looking for solutions) and solvers (those with potential solutions) to suggest, collaborate on, and deliver solutions. It will also allow the public to easily find and interact with federal government challenges. The platform responds to requirements defined in a March 8, 2010, OMB Memo, “Guidance on the Use of Challenges and Prizes to Promote Open Government” which included a requirement to provide a web-based challenge platform within 120 days. GSA is also exploring acquisition options to make it easier for agencies to procure products and services related to challenges.
Citizen Engagement Platform will provide a variety of blog, challenge and other engagement tools to make it easy for government to engage with citizens, and easy for citizens to engage with government. The platform addresses agencies’ need for easy-to-use, easy-to-deploy, secure and policy-compliant tools. This “build once, use many” approach adds lightweight, no-cost options for agencies to create a more open, transparent and collaborative government with tools either hosted or directly managed by GSA.
Cloud computing is a relatively new process for acquiring and delivering computing services via information technology (IT) networks. Specifically, it is a means for enabling on-demand access to shared and scalable pools of computing resources with the goal of minimizing management effort and service provider interaction. To encourage federal agencies to pursue the potential efficiencies associated with cloud computing, the Office of Management and Budget (OMB) issued a Cloud First policy in 2011 that required agency Chief Information Officers to implement a cloud-based service whenever there was a secure, reliable, and cost-effective option.
GAO was asked to assess agencies' progress in implementing cloud services. GAO's objectives included assessing selected agencies' progress in using such services and determining the extent to which the agencies have experienced cost savings. GAO selected for review the seven agencies that it reported on in 2012 in order to compare their progress since then in implementing cloud services; the agencies were selected using the size of their IT budgets and experience in using cloud services. GAO also analyzed agency cost savings and related documentation and interviewed agency and OMB officials. What GAO Found:
GAO is recommending, among other things, that the seven agencies assess the IT investments identified in this report that have yet to be evaluated for suitability for cloud computing services. Of the seven agencies, six agreed with GAO's recommendations, and one had no comments.
GAO was asked to examine federal agencies' use of SLAs. GAO's objectives were to (1) identify key practices in cloud computing SLAs and (2) determine the extent to which federal agencies have incorporated such practices into their SLAs. GAO analyzed research, studies, and guidance developed by federal and private entities to develop a list of key practices to be included in SLAs. GAO validated its list with the entities, including OMB, and analyzed 21 cloud service contracts and related documentation of five agencies (with the largest fiscal year 2015 IT budgets) against the key practices to identify any variances, their causes, and impacts.
Federal and private sector guidance highlights the importance of federal agencies using a service level agreement (SLA) in a contract when acquiring information technology (IT) services through a cloud computing services provider. An SLA defines the level of service and performance expected from a provider, how that performance will be measured, and what enforcement mechanisms will be used to ensure the specified performance levels are achieved. GAO identified ten key practices to be included in an SLA, such as identifying the roles and responsibilities of major stakeholders, defining performance objectives, and specifying security metrics. The key practices, if properly implemented, can help agencies ensure services are performed effectively, efficiently, and securely. Under the direction of the Office of Management and Budget (OMB), guidance issued to agencies in February 2012 included seven of the ten key practices described in this report that could help agencies ensure the effectiveness of their cloud services contracts.
GAO determined that the five agencies and the 21 cloud service c