Federal Push for ‘Cloud’ Technology Faces Skepticism
Before cost-cutting became fashionable in Washington, Vivek Kundra, the White House’s chief information officer, was working to shrink the federal government’s enormous budget for information technology.
But even as Mr. Kundra returns to academia after a two-and-a-half-year run, his vision for a leaner and more Internet-centric future for government is being met with caution by at least a few of the technology chiefs at the federal agencies that now have to carry it out.
That is because Mr. Kundra’s vision hinges on “cloud computing,” in which an agency’s computer programs (like email) and data (like email messages) are stored by private contractors and delivered to government employees as services over the Internet.
Contractors like Amazon , Google and Lockheed Martin market their cloud services as a way for private companies and government agencies to avoid having to build and manage costly new data centers as they add computing capabilities.
The selling point, in addition to lower costs, is greater flexibility, because agencies can change the size of a project without having to add or subtract from their computing infrastructure.
“Just as the Internet has led to the creation of new business models unfathomable 20 years ago, cloud computing will disrupt and reshape entire industries in unforeseen ways,” Mr. Kundra wrote in an email.
Such high praise for new Internet technologies may be common in Silicon Valley, but it is rare in the federal government, where concerns about security are paramount.
Attacks from abroad this spring and summer on government systems and contractors have heightened concerns over security in defense and intelligence systems. In July, the Pentagon said it had suffered its largest breach, in which hackers obtained 24,000 confidential files. Defense officials said they suspected a foreign government’s intelligence operation could have been behind the attack.
Surveys of chief information officers of federal agencies, conducted by various research companies, show an elevated degree of concern about security when asked about cloud computing. But the agencies must comply with Mr. Kundra’s “Cloud First” policy, which encourages the use of cloud services for new projects and requires them to move at least three existing projects to the cloud by next summer.
Some agencies, especially those that deal with less-confidential information, have been quick to adopt the model. In the first six months of Mr. Kundra’s policy, the Agriculture Department has moved about 46,000 employee accounts and is in the process of adding 120,000. The cloud can help speed along technology projects, said Chris Smith, the agency’s information chief.
But other departments, especially defense and state, are proceeding more slowly. Teri Takai, the chief information officer for the Defense Department, said her agency’s use of cloud computing would be limited for the near future to keep confidential data within the military’s advanced security systems.
“With the increasing frequency and sophistication of cyberattacks on defense systems, we are concerned with any new approaches that can introduce new risks,” Ms. Takai wrote in an e-mail.
The Pentagon, with its global reach and hundreds of thousands of users, could benefit from the anytime-anywhere capabilities of cloud computing. Ms. Takai’s twist on Mr. Kundra’s vision is the concept of “Mission-Oriented Resilient Clouds,” a security-minded approach that the Pentagon is developing for use in military operations.
“When done with the proper considerations and planning, cloud computing will be a very effective and efficient tool,” Ms. Takai said.
The State Department is moving ahead only with low-risk projects, like a Web site for its Office of the Historian, which offers public information about the history of American diplomacy, the agency’s chief information officer, Susan Swart, said.
She said she would wait until other agencies worked out the kinks before moving many more projects to the cloud. “How can we ensure that the monitoring of the commercial cloud environment is done as well as we believe we do it internally?” Ms. Swart said. “Where will the data reside? When we’re managing it on our data centers, we know the answer to those questions.”
Several online breaches of cloud systems made headlines this spring, including an April attack on Amazon that disrupted thousands of private sector Web sites. Amazon, which continues to manage several federal clouds, including the Treasury’s main Web site, and which introduced a cloud service last week specifically for government clients, did not respond to interview requests.
David Mihalchik, who is in charge of Google’s federal cloud services, said that once agencies had a successful cloud migration, they became “very impressed” with the model.
He pointed to the General Services Administration, which assists other agencies in managing basic functions like transportation, office space and communications. In December, it became the first agency to put its entire email system on the cloud under Mr. Kundra’s policy, using a Google service.
“Different agencies have different requirements, but I don’t think there’s any question about cloud computing within the government,” Mr. Mihalchik said.
Overall spending on cloud computing is growing five times as fast as it is for traditional corporate technologies, though from a much smaller base, according to the International Data Corporation, a technology market research company. So far, the American private sector has been the driving force.
The United States government spends about $80 billion a year on information technology, making it the largest consumer of technology projects in the world. That spending has had a ripple effect in the private sector, spurring advances in technologies like encryption, design engineering, record-keeping and messaging. Even the Internet itself can trace its roots to a federal defense project.
But the government has also developed a reputation of wastefulness for pouring money into projects that grow in scope over time without delivering significant results, or for building immense hardware systems that are unnecessarily duplicated among agencies.
The creation of the federal chief information officer at the start of President Obama’s term was, in part, an effort to re-examine the government’s use of technology on a broad scale and seek ways for agencies to share resources and save money.
Mr. Kundra, who has become a fellow at Harvard and has been succeeded in the White House by Steven VanRoekel, a former Microsoft executive, has said his approach would save at least $3 billion a year.
Mr. Kundra and other cloud advocates have said the model’s perceived security risks have been overblown and that much of the skepticism has been amplified by those in the technology industry who have a business interest in maintaining the status quo.
Senator Thomas R. Carper, Democrat of Delaware, who is chairman of the Homeland Security and Governmental Affairs Committee, has introduced a bill that would increase executive branch and Congressional oversight of technology projects. He said moving to the cloud was a “good way to get better results for less money.”