TOPICS > Science

Government Aims for Cost, Security Benefits With Cloud Computing

BY Travis Daub  September 28, 2009 at 12:20 PM EDT

Federal CIO Vivek Kundra explains Apps.gov

“We’ve been building data center after data center, acquiring application after application, and frankly, what’s that done is it’s driven the cost and investments in technology across the board,” he said in a speech earlier this month at NASA’s Ames Research Center. “We cannot continue in this trajectory.”

The government spends $19 billion out of a $76 billion federal information technology budget on infrastructure, and much of that, he said, is duplicative.

Technologists from the Obama administration hope tax dollars might be saved by using cloud computing, putting commonly used software into a shared set of servers and letting agencies buy and use only what they need.

Cloud computing is a relatively new, but rapidly growing, concept. Internet giants Amazon and Google are both leading providers, leveraging their massive data centers to lease computing power and storage space to clients around the world. Google Docs — a Web-based word processor, spreadsheet and presentation tool — is a popular example of a widely-used cloud application.

Apps.gov, which launched this month, is one of the federal government’s biggest forays into cloud computing to date. The site, which Kundra announced in his speech, is designed to be a one-stop storefront for software used by federal agencies.

The Apps.gov model puts responsibility for the government’s purchasing or procuring of software and computing infrastructure with the General Services Administration. Each agency then contracts to use what it needs — and only as much as it needs. The GSA also negotiates terms of service with software vendors and checks applications for compliance under federal statute.

At the moment, Apps.gov’s offerings are sparse: A few workflow programs are available, along with Google search and a handful of social media applications, most of which are free.

Mark Drapeau, an associate research fellow at the National Defense University’s Center for Technology and National Security Policy, expects the government application store’s offerings to scale up soon.

“Kundra’s general strategy seems to be to field things and then build them up,” he said. “This idea of not having the perfect thing, fielding it, getting feedback from users, and then tinkering with it and experimenting with it is very unusual.”

But it’s a good start, says John Wonderlich, policy director for the Sunlight Foundation in Washington, D.C.

“The basic, easy solutions are often the ones that are missing,” he says. Including applications like Scribd, a free document hosting tool, and WordPress, a free and open-source blogging platform, is a way of telling agencies they don’t have to spend millions on new software.

The long-term vision for Apps.gov is a complete rethinking of how the government buys technology, says Casey Coleman, the GSA’s chief information officer. Agencies would move away from building and maintaining software and infrastructure, and instead use third-party tools — whether from the government or the private sector.

An oft-cited example of government cloud computing is USA.gov, an index of government information and job listings. The site, which first launched in 2000, originally cost $2.5 million a year to maintain, and software upgrades took six months. After moving to a cloud environment in May, Kundra says the cost is down to $800,000 a year, and upgrades can be done in a day.

Another success story is the Transportation Security Agency’s blog, Evolution of Security, which runs on the free Blogger platform. Under past practices, “it would have cost over $600,000 to get to the FISMA certification, the infrastructure, then make sure all those processes were built,” Kundra says. “Yet in our consumer life, we can do that for free.”

But relying on Web-based applications over software designed in-house means rethinking security, both government officials and outside groups have acknowledged.

Google has responded to those concerns by creating a special “government cloud,” dubbed the “Public Sector.” In an interview, Google’s Federal Business Development Manager David Mihalchik repeatedly stressed that the Internet search giant’s servers were the safest available. The new cloud, he says, creates a “dedicated, separated, parallel instance” where government data can live without any possibility of crossing into commercial space.

At the Gov2.0 Summit, a conference of civic-minded technologists earlier this month in Washington, Werner Vogels, vice president and chief technology officer at Amazon.com, discussed security concerns about Web-based storage systems.

“Keeping your data secure is a very specialized task,” he said on a panel discussion. And if new cloud computing comes with specialized security, it could be an improvement over past efforts, which can sometimes be ad-hoc and department specific.

“The smaller agencies may have data centers that are the size of a little closet, and they haven’t really embedded security,” Kundra says. “You don’t have someone who’s 100 percent dedicated to maintaining that infrastructure.”

Still, other observers say information security may prove the critical hurdle for government to overcome for use of such systems. Peter Eckersley, staff technologist at the Electronic Frontier Foundation, said the government needs a better way to rate how sensitive and secure data is.

“What we’d really want to see is Apps.gov doing some kind of risk analysis for each of the services it offers: how much time would it cost a hacker to break into this service, how much data could they get out, how sensitive would that data be?” he said. “If the risk looks small, or lower than the in-house alternative, go ahead and use the service.”