Let's face it. We've all heard the following phrases tossed around in government IT circles — a lot.
- Don't reinvent the wheel.
- ABC: Adapt before create.
- Use best-of-breed technology.
- Avoid duplicative efforts.
Sharing what works seems to be the modus operandi from the get-go when it comes to securing federal services that migrate to the cloud.
Consider the Agriculture Department, which has adopted infrastructure, platform and software as a service, and is using both public and private clouds. CIO Chris Smith says other agencies are welcome to make use of USDA's certification and accreditation (C&A) process.
"We are happy to share our testing and evaluation process — in the spirit of FedRAMP, which is just to do it once and save money," Smith says, referring to the Federal Risk and Authorization Management Program.
FedRAMP, which expects to be up and running this fall, aims to provide a standard approach for assessing and authorizing cloud services. As agencies certify services using FedRAMP, other agencies seeking the same services will be able to move immediately to the migration phase.
"FedRAMP is a fantastic concept, and I wish it had been there prior to us going to our cloud offering," Smith says.
The same can be said of the forthcoming security and use roadmap being developed by the National Institute of Standards and Technology, says Kevin Smith, deputy CIO of the U.S. Patent and Trademark Office.
"It's kind of like the chicken before the egg. Do you want to go into the cloud when the standards are not developed yet? USPTO is preparing for the cloud standards by redesigning our legacy applications on an open-source private cloud with cloud-ready functionality," Smith says.
The National Oceanic and Atmospheric Administration, which is moving its e-mail to a public cloud, has already hopped on the sharing bandwagon. It used C&A work previously done by the General Services Administration when it selected its provider.
NOAA's Larry Reed, director of IT security, says he definitely sees the value for agencies in taking advantage of the groundwork being laid by NIST and FedRAMP. "We all have to do the risk management process, and whatever NIST and FedRAMP make more efficient is, in general, good for us."
To glean additional insights shared by USDA and NOAA, as well as the Justice Department, turn to "Silver Lining: The Dynamics of Cloud Security." Plus, we have posted some exclusives - including one about USPTO's project, an update on FedRAMP and the latest on the NIST Cloud Roadmap.
Sharing is on the mind of Richard T. Eva too. At his Army data center, which focuses on acquisition programs, Eva oversees an eager, young staff serving up processing to customers servicewide. Over the past few years, the center has consolidated and standardized extensively on blades and virtual machines.
"The consolidation effort is a noble cause, but the second-tier effect will be greater — the sharing and integration of applications and data," Eva says. Shared services will continue to grow because they make business sense, he says.
To read more about how virtualization has changed Eva's data center, as well as the savings taking place in other agencies that have adopted virtualized environments, see a package of articles, "A Bright Trajectory," "End to End" and "What Desktop?"
This issue also includes several other articles that cover intriguing federal technology efforts that could be adapted or adopted broadly. Here are a few:
- A look at how agencies are using data leak protection.
- Our interview with Defense Department CIO Teri Takai.
- A peek behind the curtain at the government's offensive cyberÂwarfare efforts.
- A Best Practices piece on mass notification systems by Coast Guard Lt. Cmdr. Ted Kim.
We hope this issue inspires you — by suggesting ways that you can piggyback on good work already done by other agencies or open your shop to agencies that might want to learn from you.
Vanessa Jo Roberts