NIST logo
*

Welcome Cloud Computing
Forum and Workshop

Wednesday, November 2, 2011
Dr. Patrick Gallagher
NIST Director


Good morning

Welcome to our fourth public forum on cloud computing.

We're delighted to have Steve VanRoekel, the United States Chief Information Officer, with us here today.

Steve, who will be speaking in a few minutes, has been on the job for the three months. In this short time, he has demonstrated real leadership and commitment to moving the U.S. government forward in using cloud computing. I think that many of you who know Steve, know about his passion on this topic.

We're also honored to have with us Ambassador Phil Verveer, the State Department's Director for International Communications and Information Policy.

Phil will be serving as the Chair of our Cloud Without Borders panel coming up a little later on.

There are clouds in our future. But instead of the kind of clouds that obscure, these clouds clarify.

They free us from expending time and treasure on the mechanics of Information technology.

For those of us in government, they allow us to concentrate on serving our customers—the American people.

For that reason, moving government operations into the cloud is a major part of the Administration's Campaign to Cut Waste.

To illustrate…

Two weeks ago, federal agencies released their plans to save IT costs.

These plans included more than 5 billion dollars in savings by consolidating and closing 962 data centers by 2015.

But the impact is actually much more: For example, according to the Office of Management and Budget, by shifting to cloud-based solutions, the Federal Highway Administration has been able to reduce the number of physical servers from 82 to 15.

Eliminating that many servers has enabled them to cut real estate space by 70 % and electricity use by 43 %. Impressive! But, it also doubled their available processing power and increased their capacity for data storage nearly sevenfold—from 24 terabytes to 163 terabytes.

Cost savings and performance improvements: that is the power of a disruptive technology. It changes the equation from one of trade-offs, to win-win scenarios.

This is a relatively simple example. Going forward, we will undoubtedly find new and even more innovative ways to use cloud services, resulting in even more dramatic savings and enhanced – and most exciting of all, brand new – levels of performance, and new functionality.

It is the allure of these compound benefits that is driving government agencies and others to jump to the cloud very early in the technology maturity cycle.

Indeed, the U.S. Cloud First policy stipulates that each and every federal agency must complete at least one cloud project by the end of this calendar year, and three by June 2012. 

The advantages of early adoption come at a cost. We are procuring cloud long before we have the standards that help define these products and markets. That can get in the way of adoption since meeting requirements must be dealt with in a more ad hoc manner.

But it also puts pressure on standards development resulting in the classic trade off: the same standards and requirements that make markets work so effectively can get in the way of the innovations in a rapidly developing technology.

So, when we laid out the NIST cloud computing program plan, we gave a lot of thought as to how we could strike a delicate balance:

How do we provide helpful guidance for agencies in the short term to support early adoption, but also promote innovation and allow industry to define effective standards for interoperability, security, and portability – key requirements for the cloud?

Adding complexity to this challenge was our starting point.

Last year we had a compelling goal – to promote government adoption of cloud – and we had a diverse group of stakeholders. We didn't have an effective way to work together.

We also had a "Tower of Babel" problem. We all used similar words, but with different meaning depending on context.

Thanks to you, we've come a long way.

This conference today is evidence that we have a workable partnership to address this complex challenge.

Thanks to you, we've also defined what we are talking about. With strong participation from industry, industry associations, academia, and government – and specifically from many of you in this room – we have:

  • defined a common nomenclature for cloud;
  • we've defined a reference architecture;
  • we are defining model use cases for cloud and the requirements that are needed for these use cases


Thanks to you, we now have a great starting point.

Today – again thanks to your collaborative work - we take the next step:

We've defined the key pieces, now we need to put it all together.

We have to take our definitions, our reference architecture, our use cases – and use them to define an action plan.

Specifically, this plan must:

-strike the balance between short term and long term;

-expose specific requirements that have to be addressed;

-define some priorities in addressing these requirements.

Yesterday, we released for a 30 day public comment period, a first draft of the Cloud Computing Technology Roadmap.

The Roadmap is our action plan.

It lays out the goals and requirements that — we think — must be met to fully exploit a broad range of cloud–based services.

We expect it to be not only a first step in guiding federal standards development efforts – but because our needs are not all unique - also to be very useful to the private sector.

We needed a framework, a roadmap, that defined the federal government's needs in terms broad enough to accommodate the pace of change in this area and give industry guidance as it developed standards to address these needs.

We recognized the global reach of cloud technology and the speed with which it is moving. We don't want our efforts to slow down this innovation.

This roadmap is a product of our partnership: based on a year's worth of input, case studies, and other input we've received.

It should serve as the catalyst for action.

The new roadmap really has two parts — the big picture strategy with the requirements that enable cloud services and some more tactical specifics about how to get there.

Ultimately, our goal is to make it substantially easier to buy, secure, transfer, and interconnect cloud-based services. A key ingredient here is defining user requirements.

The list of requirements in the report includes many of the things needed for the fair buying and selling of any valuable commodity.

I'm not going to rattle them all off here. (I'll let Dawn Leaf give you the details later.) But let me highlight some of the high-level requirements:

Cloud consumers, in this case, the U.S. government, need to be able compare cloud services — to compare apples to apples – to efficiently procure these services.

They need a common categorical framework for cloud services, so their approach is tailored to the type of service. This is an area where we have made progress and had some impact, shaping how people talk about the cloud market and package their services.  We hope and urge the rest of the cloud computing community to adopt these common terms and definitions as well.

Common terms and metrics to help buyers and sellers avoid disputes over what was promised and what was paid for.  I don't think there's any disagreement that this is better for everybody.

The roadmap calls for the development of performance-based — as opposed to prescriptive — standards.

How your particular company solves a problem should be irrelevant so long as the outcome, the level of service, is of the quality the cloud consumer and provider agreed upon.

That quality should also be quantifiable, going back to metrics.

Cloud consumers need checks and balances that provide confidence that their property, data in this case, will be well cared for no matter where that data might be stored or manipulated at any given moment.

The activities of other tenants in the cloud should not disrupt their neighbors.

Cloud consumers need ways to ensure appropriate monitoring and physical security to protect their valuables against theft or destruction.

We need insurance, redundancy, a backup plan of some kind.

And finally, cloud consumers need the ability to pack up their property — data or information — and move it to another cloud if they want to, without excessive cost.

Satisfying these and other high priority requirements that are spelled out in the report will help the U.S. government meet its goal of shifting $20 billion worth of our current $80 billion in annual IT expenditures to the cloud. That's a pretty big incentive for all of us!

Defining our needs is step one. Step two is rolling up our sleeves to address these needs.

For each of the requirements listed in the roadmap there are a complementary set of proposed Priority Action Plans.

These priority action plans represent the second part of the process—

these are the tactics for building the roads that get us to enhanced use of cloud services—

work that includes developing standards, guidance, and technology necessary to satisfy these requirements.

We anticipate that many of you may already be planning to take on some of this work.

Some of you may even have begun already.

For those of you who have not, we need your help. Please consider committing to this effort.

You will also find in the report detailed government use cases for specific types of cloud services

and the development of metrics, measurement tools, and sample service agreements.

The Roadmap defines a well defined plan of attack to support federal adoption of cloud.

Near term, many barriers remain to the federal government's adoption of the cloud.

For example:

While some interoperability and portability exists between cloud providers, it may not be enough to satisfy federal requirements.

We need to be able to move from one cloud provider to another easily and inexpensively.

In addition, we have a well-defined approach to security management in place, but they have largely been proven in traditional IT environments, not in the cloud.

These need to be re-evaluated in this new context.

In efforts separate from the Roadmap, we are already working hard to address these immediate concerns.

For example, over the past year, NIST has published special publications that provide guidance related to these and other security considerations.

We have also served as a technical advisor to the FedRAMP project, which has developed a list of specific security requirements to assure that cloud systems satisfy FISMA compliance and security controls.

So we still have long way to go before we achieve the vision established in the Federal Cloud Computing Strategy, but today's release of the draft Cloud Computing Roadmap marks successful completion of a significant first step toward government adoption of the cloud.

This Roadmap should be a blue print for a much more cohesive and organized community effort on cloud.

That's where all of you come in.

On the draft Roadmap, we need your input.

If you think we have the priorities wrong, you have 30 days to let us know.

If you think we overlooked something in the rationale or there is a technical case to the contrary, let us know.

What do you think about the priority action plan list—are these the right ones? Let us know.

Does any of the work these plans target already exist? Let us know.

We are also working with the federal community and we will share your recommendations with Federal agencies through the Federal Cloud Computing Standards and Technology Working Group.

We're committed to continue to work collaboratively and transparently with all stakeholders through public working groups and websites.

So, I hope you are ready for a roll-up-your sleeves-and-get-to-work kind of meeting.

What you accomplish in this forum and in the collaborations to come is pivotal for realizing the promise of cloud computing.

With every meeting, we draw closer to the cloud. I can see it rolling in.

Thank you again for your efforts.

I look forward to hearing about your progress over the next few days.