DOD Releases Cloud Computing Strategy; Designates DISA as the Enterprise Cloud Service Broker

The Department of Defense announced today the release of a cloud computing strategy that will move the department's current network applications from a duplicative, cumbersome, and costly set of application silos to an end state designed to create a more agile, secure, and cost effective service environment that can rapidly respond to changing mission needs. In addition, the Defense Information Systems Agency (DISA) has been named as the enterprise cloud service broker to help maintain mission assurance and information interoperability within this new strategy.

For further information:

• DoD Cloud Computing Strategy
• Cloud strategy memo
• Designation of DISA as the enterprise cloud service broker

Of related interest:

Information Technology Reform: Progress Made but Future Cloud Computing Efforts Should be Better Planned. GAO-12-756, July 11.

GAO was asked to (1) assess the progress selected agencies have made in implementing OMB's "Cloud First" policy and (2) identify challenges they are facing in implementing the policy. To do so, GAO (1) selected seven agencies, analyzed agency documentation, and interviewed agency and OMB officials; and (2) identified, assessed, and categorized common challenges. The agencies were the departments of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; the General Services Administration; and the Small Business Administration.

GAO recommended should these agencies direct their respective chief information officer (CIOs) to establish estimated costs, performance goals, and plans to retire associated legacy systems for each cloud-based service discussed in this report, as applicable.

The National Institute of Standards and Technology(NIST) has release a two volume report on "cloud computing."

• US Government Cloud Computing Technology Roadmap Volume I Release 1.0 (Draft) High-Priority Requirements to Further USG Agency Cloud Computing Adoption, NIST Special Publication 500-293, NIST Cloud Computing Program Information Technology Laboratory (November 2011) [PDF, 32 pages].

  The National Institute of Standards and Technology (NIST), consistent with its mission, has a technology leadership role in support of United States Government (USG) secure and effective adoption of the Cloud Computing model to reduce costs and improve services.

• US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft) Useful Information for Cloud Adopters, NIST Special Publication 500-293, NIST Cloud Computing Program Information Technology Laboratory (November 2011) [PDF, 85 pages].

Hat tip to Sabrina I. Pacifici!

Via INFOdocket.com

From GCN:

The National Institute of Standards and Technology has released for public comment a draft “road map” designed to foster federal agencies’ adoption of cloud computing.

The road map also will support private-sector cloud efforts, improve the information available to decision-makers, and facilitate the continued development of the cloud computing model, NIST officials said.

"U.S. Government Cloud Computing Technology Roadmap, Release 1.0" (NIST Special Publication 500-293) is designed to support the secure and effective adoption of the cloud computing model by federal agencies. The public comment period is open through Dec. 2.

[Clip]

The draft publication defines high-priority requirements for standards, official guidance and technology developments that need to be met for agencies to accelerate their migration of existing IT systems to the cloud computing model.

Read the Complete GCN Article

See Also: NIST Releases Draft Cloud Computing Technology Roadmap for Comments (via NIST)

See Also: Final Version of NIST Cloud Computing Definition Published (October 25, 2011)

See Also: NIST Cloud Computing Program

Direct to Documents:

"U.S. Government Cloud Computing Technology Roadmap, Release 1.0" (NIST Special Publication 500-293)

The NIST Definition of Cloud Computing (NIST Special Publication 800-145).

Agencies identify 78 services for cloud transition, By Joseph Marks, NextGov (05/26/2011).

Federal agencies have identified 78 computer systems they plan to migrate to the cloud within a year, according to the Office of Management and Budget.

...Computer clouds essentially are large banks of computer servers that can operate much closer to full capacity than standard servers by rapidly repacking data as one customer surges in usage and another one dips. Data storage in the cloud is operated like electricity grids or other utilities, with customers paying only for what they use.

A handful of low-risk government services, such as websites that don't take in sensitive public information, are already in privately owned cloud space.

Agencies Have Identified 78 Systems Migrating to the Cloud Within One Year (10 page PDF listing and describing services by agency).

Nextgov reports that one Energy Department website, which is devoted to sharing clean energy practices with industry, was affected by the recent Amazon Cloud Failure.

The final report of the Financial Crisis Inquiry Commission was released on Thursday. Or as Frank Portnoy, in a NYT opinion piece today described it, three reports: "a 410-page volume signed by the commission’s six Democrats, a leaner 10-pronged dissent from three of the four Republicans, and a nearly 100-page dissent-from-the-dissent filed by Peter J. Wallison, a fellow at the American Enterprise Institute."

GPO has quickly created a purl for the report (http://purl.fdlp.gov/GPO/gpo3449) which is linked to from the commission's Web site (and already available from Marcive and embedded in my library's catalog record). But what's more interesting is that the main link to the commission report -- http://c0182732.cdn1.cloudfiles.rackspacecloud.com/fcic_final_report_full.pdf -- is actually hosted on RackSpace, a cloud Web services company. It's interesting not only because the commission decided to publish their report with a private company -- and one not even listed at the GSA's apps.gov portal for .gov contracting of cloud services -- but that they couldn't even spoof the url so it *looked* like it was coming from a .gov server.

This brings into question whether the commission's report is in the public domain as it is actually hosted on a non-.gov server. I've collected it with the Stanford library's EEMs tool (here's a project briefing from fall 2010 CNI meeting brief about Everyday Electronic Materials (EEMs)). But part of the EEMs process is a workflow for managing copyright issues. I'm assuming it IS in the public domain as the work of an official US govt organ, but how would Stanford University's general counsel (or IP lawyers in general) read this? This will no doubt be a growing and ongoing concern.

As readers know, we've been tracking on the wikileaks cables (and I highly recommend WikiRiver to do that!). One of the things that came up early on in this story was news that Amazon had kicked Wikileaks off of its Web servers (with Paypal and Visa later following suit). Wikileaks tweeted the following response: "If Amazon are so uncomfortable with the first amendment, they should get out of the business of selling books."

Buried in the deluge of news about Wikileaks was this post by Dave Winer (who created WikiRiver) "US govt a big user of Amazon web services." Turns out the US government does a large and growing amount of business with Amazon Web Services including Web and application hosting, backup and storage, and high performance computing.

Today I got a promotional email from Kay Kinton, Senior Public Relations Manager for Amazon Web Services, entitled "Amazon Web Services Year in Review." It contained a paragraph, quoted below, that explains how their government business grew in 2010.

"Government adoption of AWS grew significantly in 2010. The Recovery Accountability and Transparency Board became the first government-wide agency to migrate to a cloud-based environment when it moved Recovery.gov to AWS in March 2010. Today we have nearly 20 government agencies leveraging AWS, and the U.S. federal government continues to be one of our fastest growing customer segments. The U.S. General Services Administration awarded AWS the ability to provide government agencies with cloud services through the government's cloud storefront, Apps.gov. Additional AWS customers include Treasury.gov, the Federal Register 2.0 at the National Archives, the openEI.org project at DoE's National Renewable Energy Lab, the Supplemental Nutrition Assistance Program at USDA, and the Jet Propulsion Laboratory at NASA. The current AWS compliance framework covers FISMA, PCI DSS Level 1, ISO 27001, SAS70 type II, and HIPAA, and we continue to seek certifications and accreditations that make it easier for government agencies to benefit from AWS. To learn more about how AWS works with the federal government, visit: http://aws.amazon.com/federal/."

The U.S. National Archives and Records Administration (NARA) has a new document that addresses agencies using "cloud computing":

• Frequently Asked Questions About Managing Federal Records In Cloud Computing Environments.

  The purpose of this FAQ is to provide agency records officers with a basic overview of cloud computing, its benefits and concerns, and records management implications that agencies will need to consider when implementing cloud computing services.

Addressing records management implications associated with cloud computing, NARA notes that, "Various cloud architectures lack formal technical standards governing how data is stored and manipulated in cloud environments. This threatens the long-term trustworthiness and sustainability of the data."

See also: NARA Addresses Cloud Record Keeping, By Elizabeth Montalbano, InformationWeek (February 22, 2010).

DocumentCloud is a new service being developed with startup funding from the James L. Knight Foundation. It sounds like an excellent service. It will be software, a Web site, and a set of open standards that will make original source documents easy to find, share, read and collaborate on, anywhere on the Web."

I cannot help but wonder why libraries are not at the forefront of projects like this.

Started by reporters at the New York Times and ProPublica, this service will give individuals and organizations involved in original reporting mechanisms for sharing the documents they obtain and discover and making those documents available to other for new reporting and new uses.

Over two dozen organizations are working on the development of DocumentCloud, including traditional publications and news organizations such as The Atlantic, Chicago Tribune, Forbes, The Seattle Times, Thomson Reuters, Washington Post, and WNYC Radio, as well as organizations that collect and publish documents, such as The National Security Archive, ACLU National Security Project, OpenCRS, and the Sunlight Foundation,

Users will be able to search for documents by date, topic, person, location, etc. and will be able to do "document dives," collaboratively examining large sets of documents. Think of it as a card catalog for primary source documents. DocumentCloud is not meant to be a general document hosting service, like Scribd, Docstoc or Google Docs. Our goal is to build a service that makes source documents easier to find and share regardless of where they are hosted. It is a complement to these services, and not a competitor. the goal is to make documents even easier to find on search engines. DocumentCloud will have information about documents and relations between them, for example what locations, people, or organizations a group of documents have in common. Conceived of by journalists working at ProPublica and The New York Times, DocumentCloud will be managed as an independent nonprofit.

Their FAQ notes: "Will there be an API? Hell yes."

See also: Coming soon: Data mining made easier, By Alex Byers, Nieman Watchdog (July 11, 2009).

A couple of recent events have caused me to reanalyze and clarify my thoughts about Cloud computing: first there was the GPO Purl server crash and today there's the story about massive data loss from T-Mobile and Microsoft/Danger for anyone using a Sidekick:

"Regrettably, based on Microsoft/Danger's latest recovery assessment of their systems, we must now inform you that personal information stored on your device—such as contacts, calendar entries, to-do lists or photos—that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger."

Ouch indeed!

Cloud computing is basically the outsourcing of Web services (storage, email and other application layers, computational cycles etc) to a third party. Although I am guilty of using the cloud metaphor to describe the digital FDLP, it's clear from the concept map below that I don't mean we should outsource FDLP Web services to third parties. I hope it's clear that I'm describing a collaborative and distributed system of digital content, collaborative cataloging/metadata creation, as well as shared technical infrastructure in which data and technological redundancy and collective and proactive action reign. This is the exact opposite of the "cloud."

So what would that metaphor be? I was thinking of the birch or banyan tree; but it's more like the symbiosis or mutual aid exhibited by certain ants and trees. It's a Peer-to-peer network with a conscience. Let's call it the FDLP ecosystem.