Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
GSA's move to the cloud to be closely watched
Monday - 12/6/2010, 7:55am EST
By Jason Miller
Federal News Radio
The General Services Administration's decision to hire Unisys to move its e-mail to the cloud in many ways is the proof of concept for the rest of government.
Agencies and vendors are closely watching how GSA migrates to the commercial cloud both from a technical and culture standpoint.
Vivek Kundra, the federal chief information officer, said Thursday that if GSA shows moving to the cloud for e-mail can be done, then more and more agencies will follow suit.
In fact, OMB will provide guidance for the 2012 budget that would require agencies to move to the cloud for specific commodity services, such as e-mail or storage, Kundra said.
Kundra said he's driving a three-part cloud strategy starting with consumer-based platforms agencies can take advantage of like what GSA is doing.
"We want to make sure agencies don't default to the traditional way of buying IT," he said. "The traditional approach to buying IT is to go through the process where agencies believe they have to create custom solutions. GSA's move is a first step in this new foundation we are building. There are countless cases I could cite where we have seen this shift in thinking about how we buy IT. It's much better to provision IT where you are turning on services than to engage in this long term custom IT process. A lot of agencies have lost their way and they are becoming IT departments instead of focusing on their mission."
And GSA knows agencies and vendors are paying a lot of attention, especially around the security and private of Google's cloud.
Industry sources have expressed concern about where the Google data center is located and whether it's located outside the United States.
GSA modified the request for quotes late in the response period to alter the requirement that the data center must reside in the continental United States. Vendor sources say that was specifically for Google.
GSA did not respond for a request for comment on why it modified the RFQ late in the process.
It wrote in the modification that "As more information about Software as a Service has emerged since we issued our Request for Proposal, we have gained a better understanding of the level of maturity of this new and exciting environment. Our primary concern was and continues to be for the security of our data. And, while GSA prefers a location within the United States, we recognize we may have equated location with security and excluded other factors that could also ensure the security of our data, which unduly restricted offerors."
Casey Coleman, GSA's CIO, wouldn't confirm where the data center is located, but did say it was not in India.
"Security is a paramount concern in GSA's decision and in every case information security and data security are much more than just about the physical location of the data center," she said. "Cloud offers considerable efficiencies. Our vendor team will comply with all applicable requirements for security."
She adds that GSA will monitor the security of the data centers and GSA owns all data in the cloud.
"In the contract it stipulates that data can't be used or released and all key individuals must go through background checks," Coleman said. "We also put in the contract that should GSA end the contract, the vendors are required to remove from their all government data from their servers."
PV Puvvada, the vice president and managing partner for civilian agencies at Unisys Federal Systems, also wouldn't confirm if the servers were in the continental U.S.
"As a smart security policy, we don't talk publicly about the location," he said. "We are working closely with GSA and they will have close monitoring and insight into what we will do to meet their requirements. I'm pretty sure GSA can take advantage of cloud and make sure it's secure and reliable."
Puvvada added that GSA put good security requirements in the RFP and Unisys and its partners will meet all of them.
Security is only one area where agencies will be watching what GSA does. The data migration and the overall user experience also will be closely monitored by others in government.
"There is a lot of interest on the part of other agencies," said Dave McClure, GSA's associate administrator for citizen services and innovative technologies. "Agencies always are looking for leaders and during this period of developing lessons learned, we are happy to be in this position."