White House Proposes Cloud Security Standards
The Obama administration is looking to take some of the risk out of cloud computing by proposing a set of standard security requirements that would apply to all federal agencies and contractors.
Under the Federal Risk and Authorization Management Program (FedRAMP), the government would establish a common security baseline for cloud computing providers. The common baseline would ensure cloud-technologies adhere to a standard set of security controls, allowing the government to “approve once, and use often” the service of an approved cloud computing provider.
The proposed standards were developed over the past 18 months by an inter-agency team, including the National Institute of Standards and Technology, the General Services Administration (GSA), the CIO Council, and such working bodies as the Information Security and Identity Management Committee. Industry participants are being invited to comment on the proposal up until Dec. 2, 2010.
“As part of the President’s Accountable Government Initiative, we are working to close the IT gap between the private and public sectors, and leverage technology to make government work harder, smarter, and faster for the American people,” Federal CIO Vivek Kundra, said in a statement announcing the initiative. “By simplifying how agencies procure cloud-computing solutions, we are paving the way for more cost-effective and energy-efficient service delivery for the public, while reducing the federal government’s data center footprint.”
Governments have been among the most enthusiastic adopters of cloud computing to date. In mid-October, the GSA announced an agreement with about a dozen cloud computing providers, including Amazon, Microsoft, AT&T and Verizon, to offer cloud storage, virtual machines and Web hosting services through the Apps.gov Federal storefront.