US Federal Agencies turning to the cloud
US Federal Agencies turning to the cloud
Federal agencies in the US are being asked to migrate their applications to the cloud under the administration’s cloud-first initiative.
Guidelines have been published by the National Institute of Standards and Technology to assist the agencies with the changeover, and the latest document, a draft Cloud Computing Security Reference Architecture entitled Special Publication 500-299, details ways in which responsibilities can be established for implementing the necessary security controls for the cloud.
The Federal Risk and Authorization Management Program (FedRAMP) already provides a “baseline security authorisation for cloud service providers,” reported GCN, however the federal agencies remain responsible for making sure that security for all of their resources and application that have been moved to the cloud continue to meet regulatory requirements.
The Special Publication 500-299 details “the ultimate objective” as being to “demystify the process of describing, identifying, categorising, analysing and selecting cloud-based services,” for agencies who are attempting to work out which cloud solution best suits their needs and the services they provide.
The guidelines also address specific cloud characteristics, including the decreased visibility and control by consumers, the broad network access, data residency, and the significant increase in the scale, dynamics and complexity of the environment.
In related news, computer giant Dell has designed a new cloud infrastructure aimed at meeting the security and compliance requirements of the FedRAMP head on. The Dell Cloud for US Government offers federal agencies myriad options to construct dedicated private and hybrid clouds as well as multi-tenant, secure cloud environments.
A Dell spokesperson said: “Dell has designed this solution specifically to meet FedRAMP requirements and the dedicated environments based on that reference architecture can be designed to meet other certifications and requirements [agencies] may need.
“We plan to submit this solution for FedRAMP certification in the near future and look forward to having it certified in a matter of months following that”, the spokesperson added.
Businesses looking to move services into the cloud, should evaluate the performance of their existing network and consider setting up a leased line or MPLS network.