December 10, 2012

DOE Connects the Dots on Multi-Lab Cloud Strategy

Tiffany Trader

For the first time it is now possible to access the cloud computing strategies of all 22 Department of Energy national laboratories and research organizations in one document. The 53-page report provides an overview of the progress and future plans for each of the 22 centers.

The developments are an extension of the Cloud First mandate that came out of the Office of Management and Budget’s 25-point plan to reform federal information technology management. The plan, published Dec. 9, 2010, attributes a range of benefits to cloud computing, including better cost efficiency, greater flexibility and faster procurement times.

As the current document elucidates, a special challenge for these DOE agencies is security. Regardless of other possible cloud benefits, these labs cannot afford to skimp on cyber security practices. The authors point to analyst firm Gartner’s seven security considerations when moving to the cloud: privileged user access, regulatory compliance, data location, data segregation, recovery, investigative support, and long-term viability.

A proven method of reducing risk is to “approve once and use often.” This approach, which adds consistency to security controls and eliminates redundancies, was standardized by the OMB in December 2011, under the Federal Risk and Authorization Management Program (FedRAMP).

DOE cloud report

Earlier this year, the DOE in partnership with the National Nuclear Security Administration (NNSA) established the RightPath program to address network vulnerabilities by aligning the various departments’ IT strategies. Toward that end, the RightPath team is developing a secure cloud services brokerage technology called YOURcloud which will connect a federal customer base to a federated marketplace of cloud service providers (public, private and hybrid).

Each of the 22 institutions outlined have different types of cloud implementations in different stages of development, illustrating that there is no one-size-fits all model. However, the authors do draw several simple but important, conclusions.

1. Have a plan.

2. Address security concerns.

3. Share successes and missteps.

4. Remember cloud services are evolving.

“Understand the cloud and its risks and benefits,” the authors write. “As cloud computing continues to evolve, know that risks and benefits may change.”