TRENDING:

Cloud Security

Kundra Eyes 25% of Fed IT Spend on Cloud Services

Cloud Services Must Comply with FISMA Regulations GovInfoSecurity.comFebruary 14, 2011    
Kundra Eyes 25% of Fed IT Spend on Cloud Services
Known as the Cloud First policy, Federal CIO Vivek Kundra has outlined a new policy in which one-quarter of the $80 billion the federal government spends on information technology would employ cloud computing solutions.

Kundra, who wrote the 43-page Federal Cloud Computing Strategy, said the government could reduce its data center infrastructure expenditure by some 30 percent by moving to a cloud computing model for IT services. "Cloud computing can allow IT organizations to simplify, as they no longer have to maintain complex, heterogeneous technology environments,' he said. "Focus will shift from the technology itself to the core competencies and mission of the agency."

In the report, Kundra said it isn't sufficient to consider only the potential value of moving to cloud services. "Agencies should make risk-based decisions which carefully consider the readiness of commercial or government providers to fulfill their Federal needs," he said.

Under a section entitled security requirements, the new strategy points out that agencies, under the requirements of the Federal Information Security Management Act, must ensure that a safe, secure cloud solution is available to provide a prospective IT service, and should carefully consider agency security needs across a number of dimensions, including but not limited to:

  • Statutory compliance to laws, regulations and agency requirements;
  • Data characteristics to assess which fundamental protections an application's data set requires;
  • Privacy and confidentiality to protect against accidental and nefarious access to information;
  • Integrity to ensure data is authorized, complete and accurate;
  • Data controls and access policies to determine where data can be stored and who can access physical locations; and
  • Governance to ensure that cloud computing service providers are sufficiently transparent, have adequate security and management controls and provide the information necessary for the agency to appropriately and independently assess and monitor the efficacy of those controls.

Kundra said each agency will reevaluate its technology sourcing strategy to include consideration and application of cloud computing solutions as part of the budget process. "Consistent with the Cloud First policy," he said, "agencies will modify their IT portfolios to fully take advantage of the benefits of cloud computing in order to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost."

Previous
NIST Issues a Slew of Draft Guidance
Next
Steve Jobs is Apple of Pentagon's Eye

About the Author



Around the Network

Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.