Cloud2 Commission Report

by WingspanGuest on ‎07-26-2011 02:45 PM (480 Views)

From Wingspan Guest Blogger, PG Menon, Director, Solutions Architect for Brocade

As Dave Stevens wrote in an previous blog, earlier this month we, along with several other members of the Cloud2 Commission, delivered our final recommendation on the move to cloud technologies to the Federal Government. Here is a partial summary of what was presented as well as our view on the opportunity this presents for U.S. businesses and consumers.

For more than a century, the United States has led the world in taking advantage of new developments in computing and information technology.  With cloud computing, we are now entering a new phase in the history of IT that will be at least as transformative as the mainframe or the Web and provide at least as much benefit to all Americans.

Cloud computing is based on a simple idea. By allowing computer users to tap into servers and storage systems tied together by the Internet—cloud service providers can give users better, more reliable, more affordable, and more flexible access to the IT infrastructure. This, in turn, enables individuals, companies and governments to more quickly build new applications and services by reducing the cost and complexity of deploying and managing IT resources. The cloud represents a powerful new way to provide computing power and storage to anyone in any part of the world, unleashing huge new opportunities globally for companies and consumers alike. And, it is available to anyone with a good Internet connection.

This democratization of IT represents a perfect storm for the United States. To maintain our competitive position, we must focus on quickly and effectively harnessing the full power of cloud computing, leading in both the deployment of cloud technologies and the development of new cloud services. This focus will help American companies generate high-paying jobs for this industry and will help our Federal Government to shape the evolution of the cloud - not through law and regulation - but by being smart users of the technology. The Cloud2 Commission Report is intended to provide recommendations to the White House and key federal agencies to adopt policies to both foster R&D as well as increase the internal deployment of cloud computing for their own IT infrastructure.

The recommendations are in 4 areas:

  • Instill trust in cloud computing
  • Ensure privacy of data across legal and national boundaries
  • Promote the standardization of cloud service offering and disclosure of service levels
  • Provide incentives for change in procurement process and organizational structure


For this blog, I want to focus on the first area because without a sense of trust, cloud computing will have a stalled start. Similar to the advent of online shopping, users – regardless whether they from the private or public sector – only began to engage in online shopping “en masse” after the security issues were addressed. In order to build trust and drive adoption we must: Support a standardized security framework

  • Accelerate the development of an identity management ecosystem
  • Enact a national data breach code of conduct and clarify responsibilities
  • Encourage joint research in academia, government and the private sector

Here are some supporting explanations of these important components.

Support a standardized security framework

The Commission recommends that cloud computing service providers collaborate with relevant associations and standards bodies to assess and evolve current domestic and international best practices and standards as they pertain to delivering trust in the cloud. Some of these are:

  • National Institute of Standards and Technology (NIST)
  • Federal Risk and Authorization Management Program
  • Security Content Automation Protocol (NIST S-CAP)

The Commission believes that cloud-related security metrics are critical for establishing a basis for trust in the cloud and recommends that industry collaborative efforts also address security measurement frameworks, such as:

  • Carnegie Mellon Initiative Consortium (CSMIC)
  • Cloud Security Alliance (CSA)

As the cloud is deployed by federal agencies and businesses in multiple sectors, cloud-related security issues will become an important element of the overall security discussion for those communities, such as:

  • Information Sharing and Analysis Centers (ISACs)
  • Sector Coordinating Councils

Accelerate the development of an identity management ecosystem

Identity management facilitates access verification, billing, law enforcement access, and other features and capabilities. The National Strategy for Trusted Identities in Cyberspace (NSTIC,, released in April 2011, is aimed at developing a broad, private-sector led, identity management ecosystem that enables the identification and authentication of the individuals, organizations, and underlying infrastructure involved in an online transaction.  The Commission endorses NSTIC’s goal of facilitating creation and broad deployment of identity capabilities, and the adoption of cloud services by business and government will provide additional opportunities and motivation for development of this identity ecosystem.

Enact a national data breach code of conduct and clarify responsibilities

Cloud services, like existing IT systems, will be the target of malicious attacks.  The Commission notes that clarity around what should happen in the event of a data breach will serve both cloud consumers and providers. Specifically, the Commission recommends a national data breach law to streamline notifications and make it simple for customers to understand their rights with regard to notification. The law should be applicable to all types of entities that are holding the covered data; cloud service providers, industry, government, nonprofit organizations, academic organizations, etc.

Encourage joint research in academia, government and private sector

The Commission recommends that government, industry, and academia take responsibility for developing and carrying out a research agenda that will promote U.S. leadership in the cloud by enabling innovation that benefits customers and service providers.  Important areas of research include methods to improve trust, efficiency, availability, and agility in the cloud and that support the continued evolution of cloud’s capabilities.

In the next few installments I will focus on the remaining 3 recommendations. Until then, please send me your comments/questions on cloud computing and the Cloud Commission recommendations.