FedRAMP for cloud brokers would be valuable, say panelists


As agencies move to the cloud it's unclear whether cloud brokers are acting on their behalf or on behalf of cloud providers, said Hamid Ouyachi, chief technology officer at the Labor Department.

"There is a need, in terms of clarity, of what the broker's role is," said Ouyachi, while speaking at the Federal Cloud Computing Summit in Washington, D.C.  A FedRAMP program for cloud brokers would be "an interesting concept," he added.

Certifying brokers through a FedRAMP process could ensure transparency into the broker's relationships and also clarify roles and responsibilities, said Ouyachi.

John Messina, a National Institute of Standards and Technology computer scientist and co-chair of the cloud computing reference architecture working group, said defining the role of cloud brokers is something NIST is working on. It has a definition in the cloud computing reference architecture (.pdf), but there is no uniform, accepted understanding of what cloud broker is internationally.

"So, the first step in moving in that direction is to come up with a uniformly-accepted understanding of what cloud broker is, at an international level," said Messina.

"Cloud brokers are really complex, and I'm trying to deal with the underlying service level agreements which are directly paid to cloud broker--you probably would need something on the order of FedRAMP for cloud broker but that is not my area of expertise. It's a complex subject," said Messina.

Cloud brokers' contractual obligations are not just a simple chain. It's a complex web of interrelationships, he added.

"That's really, really the old west at the moment that needs to be clarified and greater standards need to be done for us to better make use of it," said Messina.

Related Articles:
DISA says commercial cloud computing middleman function at IOC
Spotlight: GSA assessing impact of SP 800-53 rev. 4 on FedRAMP
Cloud first is about delivering value, not counting services, says OMB official