Feds Head Into the CloudBy Tony Kontzer | Posted 05-15-2009
The future of cloud computing may be about to get a lot brighter. With the release on Wednesday of the U.S. government's cloud computing RFI, a path has been laid and a model established. It's now up to the cloud computing marketplace to rise to the occasion.
The RFI, which was generated by the General Services Administration's Office of the CIO, in conjunction with the IT Infrastructure Line of Business technology-standardization initiative, is noteworthy not just for the technology roadmap it indicates--a laser-like focus on Infrastructure-as-a-Service, with a more patient approach to software- or platform-as-a-service.
Rather, what really grabbed my attention was the hard-hitting set of questions it asks vendors to answer--the precise questions CIOs considering a cloud strategy should be asking, not only of their vendors, but of their own IT organizations.
Of course, you can read these in the RFI document yourself, but I'd be remiss in my responsibilities if I didn't at least give you some crib notes. Here's a rundown of the spot-on queries the GSA is posing:
1) In addressing the hot-button topic of service-level agreements, the GSA asks whether interested vendors offer flexible, negotiated, customer-specific SLAs or only cookie-cutter versions. This is a critical consideration in a technology category that's been pretty wishy-washy about SLAs.
2) On the data management front, the GSA is seeking all the proper assurances: It wants to know how data is managed at rest and in transit; it wants guarantees that data will remain within the continental U.S.; and it wants assurances that it can retrieve its data if it needs to terminate a contract (particularly if a service provider meets the same fate as Coghead.
But perhaps the biggest stroke of genius is a question I haven't heard a single CIO bring up previously, namely who owns the intellectual property rights to "artifacts" developed or hosted in the cloud? Whoever wrote that question demonstrated considerable foresight.
3) On everyone's favorite cloud-related topic of concern, security, GSA dug beneath the typical requirements related to certifications and procedures and due diligence and posed two forward-looking requests: One for suggestions on authentication models that would be most effective for government administrative use, and another for details on any capabilities that aren't compliant with IP version 6. (And for more on how the Feds are out in front on IPv6 development, read this.)
4) With management of heterogeneous cloud computing environments representing a growing challenge for CIOs with aggressive cloud strategies, the GSA wants details about the ability to integrate with other vendors for the purpose of monitoring and managing multiple cloud services, and it seeks recommendations on how cloud-to-cloud communication can be achieved.
5) Finally, on the portability front, the GSA's concerns about long-term vendor viability (more fallout from the Coghead failure?) caused it to ask about exit strategies for applications running in a provider's cloud, should it become necessary to vacate that cloud. GSA also is asking interested providers how they go about preventing vendor lock-in, whether related to their own services, or those provided by their partners and suppliers.
In truth, it's my hope that private sector CIOs are ahead of this and have already established this line of detailed questioning in their discussions with cloud providers. But whether they have or not, GSA has supplied them with a blueprint for holding those providers accountable for their future business practices, and for ensuring that cloud computing evolves into the viable, long-term IT strategy so many technology execs want it to be.