Will Federal Contracting Officers Soon Have Their Heads in the Clouds?

TL;DR: As one Hewlett Package Chief executive recently put it, cloud computing “is the next generation of the internet.” Whether you realize it or not, if you use services like Facebook or Gmail, your personal data already lives in “the cloud,” and the same transformative power that connects long-lost classmates at the click of a mouse can be harnessed by federal agencies to approach modern governance in incredibly powerful ways.
7 minute read

A Brief Look at the Imminent Cloud-Computing Storm Front

As one Hewlett-Packard chief executive recently put it, cloud computing “is the next generation of the internet.” 1 Whether you realize it or not, if you use services like Facebook or Gmail, your personal data already lives in “the cloud,” and the same transformative power that connects long-lost classmates at the click of a mouse can be harnessed by federal agencies to approach modern governance in incredibly powerful ways.

What is Cloud Computing

Traditionally, when one thinks of computing power, they think of an on-site datacenter — a room filled with blinking lights and whirling fans — hardware, software, and data storage all within feet of the users they serve. 2 The traditional approach to computing generally entails complicated and expensive upgrade procedures scheduled on a semi-regular basis, as well as accommodating the increasing demand for backup and recovery redundancy necessary to reduce downtime should these system fails. 3 Such data centers are often managed by their own departments, staffed with the specialized, technical administrators needed to maintain and ensure the day-to-day operation of these increasingly complex and increasingly mission-critical business resources. 4

Seen as a virtually unlimited hardware and communications infrastructure managed by a third party-provider, cloud computing, on the other hand, allows for rapid increases in capacity without the need to invest in additional hardware, personnel, or software licensing. 5 “As a customer, you don’t know where the resources are, and for the most part, you don’t care. What’s really important is the capability to access your application anywhere, move it freely and easily, and inexpensively add resources.” 6 In simplest terms, the cloud uses an off-site service to store, transmit, and process information, and employs the internet as the means to access that service. 7

How Cloud Computing Came About

Several innovations fueled the shift toward computing in the cloud. First, the rise and adoption of both broadband internet access, which allowed for reduced load times, and a programming technique known as Ajax, which allowed sites to look and feel more like desktop programs through a constant push-and-pull of information, combined to usher in a greater reliance on remote applications. 8 At the same time the growth of enterprise data centers, and the public’s increasing comfort with Web 2.0 services like GMail and Facebook provided a technical and social infrastructure to support such a push. 9

The biggest breakthrough, however, the core and true power behind cloud computing, came from the consolidation of physical servers through system virtualization. Through virtualization, one physical server can become the host to many virtual servers. 10 Because the resources are dynamically allocated across physical servers as the virtual servers require them, the physical resources are used more efficiently. 11 If server A, say an email server like one may see in most corporate or government offices sees a sudden spike in activity, rather than slowing, it can borrow resources from server B, a site hosted on the same physical server. The user, unaware that this shift has even occurred, sees the two servers as discrete and unconnected despite their physical location.

The biggest implication however, is that computing resources can be provisioned and released on demand and as needed. 12 If agency X is a government agency that requires a great deal of information to be processed at the close of the stock market each day, it can pay for five servers up until 3:59 each day, be charged solely for the increased processing power and storage it requires from 4:00 to 4:05, and can return to five server for the remainder of the day. Under a traditional approach, all 100 servers, for example, it required at its peak, would have to be operational 24 hours a day, with the necessary personnel and infrastructure to support it.

Types of Cloud Computing

Cloud computing exists in several forms today. The most basic, “infrastructure as a service” (IAAS), uses shared facilities, hardware, and networks to hold and move data. Customers, given virtual servers, may then install, configure, and use their own software freely. 13 As indicated above, however, customers do not rent the physical servers (merely their equivalent processing power), and providers may move virtual servers between physical servers as necessary. 14 Amazon’s EC2, S3, and CloudFront are prime examples of cloud computing, storage, and delivery respectively.

Second, and slightly more advanced, “platform as a service” (PaaS) allows providers to serve customers with a shared computing platform and software environment. The customer can upload software code in a predetermined programming language (such as Java or PHP) and the provider executes that code and returns the result. 15 Google Apps Engine is a prime example of such an arrangement.

Finally, “software as a service” (SaaS) is most associated with Web-based consumer services such as Facebook or Flickr but can find application in business and government environments as well. The provider hosts software designed to perform a specific function, such as social networking or photo sharing, and the user interacts with that application being run on the provider’s server. 16

One additional distinction among cloud services can be made. Each of the three approaches listed above can be hosted in either a public cloud, meaning one customer’s virtual servers may be freely intermingled with another customer’s among physical servers, or in a private cloud in which the physical servers, infrastructure, or datacenter may be entirely segregated from those used to provide services to other clients. 17

Implications of Cloud Computing

Cloud computing has several implication for members of the government contracting community. First, inherent in the nature of cloud computing is the fact that one organization must trust a third party with its data, something which may have far-reaching ethical and legal implication depending on the type of data stored and the parties involved.

More broadly, when contracting for cloud services, organizations have several technical aspects to take into account. From a security standpoint, customers should evaluate data encryption (can others access my data?), physical security (can others access the datacenter?), and provider viability (will the service be around in ten years?). From a data integrity standpoint, those looking to enter the cloud should inquire as to data locality (is my data being hosted outside the United States?), data portability (what happens if I want to leave the service?), and redundancy (what happens if there is a natural disaster near their data center?). Finally, from a legal perspective, customers should evaluate terms of service, privacy policies, and service level (uptime) agreements. 18

How to Get Into the Cloud

Several avenues exist for organizations looking to experiment with the cloud. For federal agencies, the General Service Administration, through Apps.gov, will soon be rolling out a Federal private cloud. While the specifics have not yet been announced, this service is expected to provide federal agencies with storage, virtual machine, and Web hosting services at a relatively low cost. 19 Some of this service’s potential has already been hinted at by the recent launch of Apps.Gov NOW, a hosted service that provides federal agencies with out-of-the-box blogs (site publishing platforms), Wikis (sites editable by members of a community), and online bulletin boards (sites to facilitate online discussions), all at no cost. 20

Second, many federal sites such as the Federal Communications Commission and Recovery.Gov are in the process of seeking or have already sought third-party cloud hosting services likes Amazon Web Services (AWS) as mentioned above. 21 Federal agencies opting for such a route must be sure to work closely with the appropriate parties to ensure, federal IT security standards are met, such as FISMA 22 requirements, or that record retention standards are met, for example, where data stored in the cloud constitutes a system of records under the privacy act. 23

Finally, earlier this summer, Google announced FISMA moderate certification of its Google Apps for Government data centers, providing mail, calendar, document, video, and Web hosting services to Federal agencies in a private cloud hosted entirely within the United States. 24 Agencies wishing to contract their traditional IT infrastructure out to Google can do so for as low as $50 per user per year, however, such savings may come at a cost. Special attention must be paid to the risks associated with trusting a third-party with what may potentially be an agency’s most sensitive data.

Whether a federal contracting officer or a provider of IT services, just as the internet has revolutionized countless aspects of every day life, it is clear that so too will the emerging cloud computing front forever shape the contours of Federal IT procurement in the years to come.

This article originally published in the Federal Bar Association Government Contracts Section Fall 2010 Newsletter (PDF, p. 6).

  1. Stephen Lawson, Cloud is internet’s Next Generation, HP Executive Says, InfoWorld, June 25, 2009, http://www.infoworld.com/d/cloud-computing/cloud-internets-next-generation-hp-executive-says-120 (quoting HP CTO Russ Daniels). 

  2. See Generally Jack Newton, Putting Your Practice in the Cloud a Pre-Flight Checklist, 73 Tex. B.J. 632 (2010). 

  3. See Mark H. Wittow, Daniel J. Buller, Cloud Computing: Emerging Legal Issues for Access to Data, Anywhere, Anytime, 14 J. Internet L. 1 (2010). 

  4. Id. 

  5. Wittow, 14 J. Internet L. 1 (2010). 

  6. J. Nicholas Hoover, Interop: Oracle Predicts Cloud Confusion to Continue, InformationWeek, Sept. 17, 2008, http://www.informationweek.com/news/services/hosted_apps/showArticle.jHTML?articlelD=210602225

  7. Peter M. Lefkowitz, Contracting in the Cloud: A Primer, Boston B.J., Summer 2010, at 9. 

  8. Dennis Kennedy, Working in the Cloud Tips on Success with Online Software Services, ABA J., August 2009, at 31. 

  9. Id. 

  10. Wittow, 14 J. Internet L. 1 (2010). 

  11. Id. 

  12. Peter Mell and Tim Grance, Definition of Cloud Computing, National Institute of Standards and Technology, Information Technology Laboratory, October 7, 2009, http://www.nist.gov/itl/cloud/upload/cloud-def-v15.PDF

  13. Lefkowitz, Boston B.J., Summer 2010, at 9. 

  14. Id. 

  15. Id. 

  16. Id. 

  17. Id. 

  18. Newton, 73 Tex. B.J. 632. 

  19. Cloud IT Services, Apps.Gov 

  20. Apps.Gov Now, General Services Administration 

  21. Cloud Services, Federal Business Opportunities, https://www.fbo.gov/index?s=opportunity&mode=form&id=d63c725d5a3006919289698350e3d4b3&tab=core&_cview=1 (last visited October 5, 2010); J. Nicholas Hoover, Recovery.Gov Moved to Amazon Cloud, Information Week, May 12, 2010, http://www.informationweek.com/news/government/cloud-saas/showArticle.jHTML?articleID=224701861

  22. Federal Information Security Management Act of 2002. 

  23. 5 U.S.C.A. § 552a (West). 

  24. Google Apps for Government, Official Google Enterprise Blog, July 26, 2010, http://googleenterprise.blogspot.com/2010/07/google-apps-for-government.HTML

Originally published November 15, 2010 | View revision history

If you enjoyed this post, you might also enjoy:

benbalter

Ben Balter is the Director of Engineering Operations and Culture at GitHub, the world’s largest software development platform. Previously, as Chief of Staff for Security, he managed the office of the Chief Security Officer, improving overall business effectiveness of the Security organization through portfolio management, strategy, planning, culture, and values. As a Staff Technical Program manager for Enterprise and Compliance, Ben managed GitHub’s on-premises and SaaS enterprise offerings, and as the Senior Product Manager overseeing the platform’s Trust and Safety efforts, Ben shipped more than 500 features in support of community management, privacy, compliance, content moderation, product security, platform health, and open source workflows to ensure the GitHub community and platform remained safe, secure, and welcoming for all software developers. Before joining GitHub’s Product team, Ben served as GitHub’s Government Evangelist, leading the efforts to encourage more than 2,000 government organizations across 75 countries to adopt open source philosophies for code, data, and policy development. More about the author →

This page is open source. Please help improve it.

Edit