Cloud

Choosing the Right Federal Cloud Solution

Follow NIST’s tips when selecting your agency’s cloud vendor.

Robert Bohn is the cloud computing program manager and reference architecture lead in NIST’s Applied and Computational Sciences Division.
Frederic de Vaulx is a vice president at Prometheus Computing and leads the metrics subgroup of NIST’s Reference Architecture and Taxonomy Working Group.

The National Institute of Standards and Technology is responsible for guiding the adoption of cloud computing throughout the federal government.

NIST researchers wrote the widely recognized definition of cloud computing and in 2014 published the first volume of the U.S. Government Cloud Computing Technology Roadmap, “High-Priority Requirements to Further USG Agency Cloud Computing Adoption.”

For those involved in choosing cloud services, we offer the following tips to help find the cloud-based tools and resources that will best fit your agency’s or department’s needs.

1. Establish a Baseline

Compare any cloud service with NIST’s definition, which spells out five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity or agility, and measured service.

The government also requires security, interoperability and portability protocols to be in place before an agency or department can move forward with the adoption of cloud-based services (check out the recently published Cloud Computing Roadmap to learn more).

2. Identify Stakeholders

Remember that people play crucial roles in successful cloud adoption. Customers must develop the business and technical requirements. Procurement officials prepare the contract language and work with vendors to ensure that the proper enforcement mechanisms are in place. The IT security team should be involved too.

3. Choose Your Words Carefully

A common language and set of definitions for use by all participants is an absolute necessity. The language agreed upon in procurement is the ultimate arbiter for contract enforcement and deliverables — outlined in the 2011 “NIST Cloud Computing Reference Architecture.”

4. Compare Vendor Services

Obtain accurate comparisons of the services vendors provide. Any description of services requires verification. For instance, vendors may say that their cloud availability is 99.9 percent, but that could mean availability from 9 to 5 in your time zone, in the vendor’s time zone, or with the exception of downtime.

5. Fine-Tune the SLA

Service-level agreements inform the customer how much of a particular cloud service attribute will be delivered under the contract. Both the customer and vendor are responsible for producing a clear SLA. That requires use of the common language described in the cloud roadmap and attention to the most relevant services.

6. Devise an Exit Strategy

A critical but often ignored part of procuring cloud services is discussion of how a customer will receive data back from the provider when a contract ends. The provider may not be able to return data in its original form or in any usable way. Have this discussion before any agreement is reached.

Extra Credit: Cloud Metrics

Because cloud is a new technology, NIST is returning to the basics and developing metrics for measurable cloud attributes so customers can make informed choices about cloud services.

Business and technical requirements ultimately will drive the metrics used by your agency. Those metrics can help customers select the amount or types of cloud services to provide more control and flexibility.

The NIST Cloud Service Metrics public working group is identifying measurable cloud service attributes to assist in identifying key metrics for cloud services.

PhotoAlto sas/Alamy; Yagi Studio/Getty Images (cloud)