Defense Media CTO: Clouds on the Horizon

By Craig Kaucher
Chief Technology and Information Officer at Defense Media Activity.

Craig Kaucher is the Chief Technology and Information Officer at the Defense Media Activity. These are his personal views and do not in any way constitute an endorsement on behalf of the Defense Media Activity, the Department of Defense, or the U.S. Government of any particular commercial product or service.

The phrase “cloud computing” may seem to be one of the most over-hyped phrases of the past few years, as every vendor seemed suddenly able to offer cloud services and every tech manager touted progress in moving their enterprise to the cloud. Yet, when you dig beneath the hype and look for real tangible evidence of organizations that truly live in the cloud, few large scale examples exist.

That’s not to say that many smaller organizations, and especially solo operators, haven’t made the leap. But, those examples are perhaps more of the “bleeding edge” than the norm. Government organizations, in particular, have both the usual and some unique challenges in moving to the cloud.

What does it take to move large enterprises to the cloud? I’d say it takes a cloud services enterprise, for starters, and then proof that it works. A cloud services enterprise, as I’d define it, is a service provider with a one-stop shop for people and organizations to get all of the typical and most used computing services that they are used to at their desks. The proof comes with a steady record of successful operations, good security, and continuous improvements to products and services.

Google got out early a year or so ago with its version of “enterprise-in-a-cloud” by offering email, file sharing and storage, and office document creation, from anywhere, anytime, with an Internet connection being the only requirement. Many small operators flocked quickly to this service, and both savings and success at that level resulted. But, since then, even with some fairly sizable enterprises joining the Google cloud (City of Los Angeles, for example), Google has had their literal ups and downs in operations, and also suffered from some widely publicized security shortfalls. Give Google credit, though, for continuing to innovate.

Other fairly large cloud services enterprises, from Apple to Amazon and AOL to Yahoo, are trying to penetrate the cloud market, and they stand a decent chance of attracting at least some of their present core customers and markets to their services. For some of these vendors, it may be a “do or die” situation. Sure, Apple can continue to be highly successful with its hardware and software offerings, and Amazon will likely continue to succeed as a premier e-retailer and marketplace, but for the AOLs and Yahoos of the world, if they can’t gain enough of a profitable foothold to support enterprise cloud services, then they’re out of the game. What then for their core business of attracting eyeballs for ads?

And, then, there’s Microsoft. It appears that not only has the sleeping giant awoken, but it’s poised to go the distance to provide something highly similar to your traditional desktop office environment, and take a good shot at the one “big thing” that’s made the government market skittish about clouds — security. Yes, we’ve still got just words right now, and we’re a long way from that “proof” thing that I mentioned earlier. But one-stop ? Looks like it so far. Improvements? Too early to tell, but give them credit for syncing the online versions of Office with what’s coming out in the desktop versions. Security? Well, they mention in their briefing ISO 27001, SAS 70 Type I and Type II, HIPPA, FERPA, 21 CFR Part 11, FIPS 140-2 and TIC, but no reputable government security officer takes any vendor at their word. We’ll need to test it, certify it, accredit it, and drive it around the block a few times before we trust it enough to start wholesale loading of our data to this cloud. Still, where are the other enterprise- level cloud vendors with these core government requirements?

So what’s the take-away here? Two things from my perspective. First, at least on paper, someone is finally taking government security concerns into account in development rather than as a “bolt-on.” Others should take heed. We still need to prove it to ourselves, but at least we have an assertion of meeting a written requirement in hand. Second, there is competition. From an enterprise perspective, Google, and now Microsoft, appear to be setting the pace. Two is better than one, but that doesn’t mean that there’s not room for more competitors.

With the current offerings on the table, who’s going to be next to raise the bar?