The real obstacle to federal cloud computing


The State Department, it turns out, has a cloud that's not really a cloud.

When auditors from the office of inspector general took a look at the thing the department calls a cloud computing service, they decided it can't be so, since it violates just about all of the five essential characteristics of a cloud, as defined by the National Institute of Standards and Technology.

Those five characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.

Customers can make limited changes to their applications and configuration, auditors say, but can't make changes to their server or network storage without the intervention of office employees, thus violating the essential characteristic of on-demand self-service.

Neither can customers access the cloud from a variety of computing platforms, meaning that broad network access doesn't exist. Resource pooling likewise doesn't exist, at all.

Rapid elasticity--the ability to automatically add or subtract computing resources commensurate with demand--exists, but only "to some extent."

As for measured services, the office has some capability and uses a monitored value to alert a customer of a problem, but crossing the threshold of that value won't cause the offering to automatically optimize resources, auditors say.

My question is how widespread the conditions auditors identified in State are across the federal government.

My suspicion is that they're pretty common--especially since I've heard users of Defense Information Systems Agency cloud offerings grumble (off the record) about similar matters.

It's possible to cast some of the complaints people have against centralized providers like DISA or the State Department's Bureau of Information Resource Management (neither particularly well-known for their outstanding customer relationship management) in terms of disgruntled program managers kvetching that they no longer have their own rack of servers. But in the case of cloud computing, I feel that's not the case, since the inherent promise of cloud is indeed on demand self-service.

If a federal user has to send a TPS report in triplicate in order to get more cloud storage or computing power, that diminishes the potential of cloud computing itself. As a result, in the short term it looks indeed much better to have servers in a closet--nobody likes bureaucracy, and doubly so when the technology in question has the ability for direct hands-on manipulation.

The real feelings of loss of control that are an obstacle to cloud computing, I suspect, aren't necessarily held by users, but by the providers of federal private clouds, who want to provide something that kinda looks like a cloud but isn't really. - Dave