State Dept. cloud not really a cloud, say auditors
The thing the State Department calls a cloud computing service falls short of the characteristics the National Institute of Standards and Technology says are necessary for a genuine cloud service, says the department's office of inspector general.
In a report (.pdf) dated June 2012, auditors say the systems and integration office within the Bureau of Information Resource Management has pursed creation of a private cloud for departmental users. But when comparing what the office has created to the "3-4-5" framework (.pdf) of three service models, four deployment models and five essential characteristics that NIST uses to define cloud computing, it turns out that the office has not created a cloud at all.
Specifically, the offering does not fully satisfy any of the five essential characteristics--on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service--auditors say.
Customers can make limited changes to their applications and configuration, auditors say, but can't make changes to their server or network storage without the intervention of office employees, thus violating the essential characteristic of on-demand self-service.
Neither can customers access the cloud from a variety of computing platforms, meaning that broad network access doesn't exist. Resource pooling likewise doesn't exist, at all.
Rapid elasticity--the ability to automatically add or subtract computing resources commensurate with demand--exists, but only "to some extent."
As for measured services, the office has some capability and use a monitored value to alert a customer of a problem, but crossing the threshold of that value won't cause the offering to automatically optimize resources, auditors say.
- download the report, ISP-I-12-30 (.pdf)