Security Experts:

The U.S. Government: IT Laggard or Vanguard?

Vivek Kundra's Push to Cloud Computing and Innovation

Has the U.S. Government Landed itself on the Cutting Edge of Technology?

The private sector usually leads the way in technological advancement, but might we be witnessing a shift, where the government could begin to outpace the private sector? Has the U.S. Government landed itself on the cutting edge of technology?

In March 2009, Vivek Kundra was named the first-ever United States chief information officer. Though he’s recently announced his impending departure from Washington to accept a fellowship at Harvard University, Kundra is no doubt still leaving behind a legacy of IT reform. When brought on as CIO, Kundra was tasked with improving efficiency while also making government data more available and useful to the public. In his eyes, there were four immediate opportunities for bringing about positive change:

• Reviewing the U.S. Government’s $80 billion yearly spend on IT and working to ensure that taxpayer dollars aren’t wasted on non-dividend-producing investments

• Reducing costs by cracking down on inefficient infrastructure (e.g., billions of dollars worth of data centers) and promoting the use of green IT

• Enhancing the overall IT security posture and addressing the very real cybersecurity risk

• Tapping into the ingenuity of the American people and shifting to more efficient computing platforms

Game-Changing Approach

To start, Kundra and team certainly looked to and followed the lead of the private business sector in terms of adopting new technologies to meet their end goal of delivering more efficient government services. What’s interesting, however, is that a tipping point may be occurring—with the U.S. Government starting to up its pace to overtake the private sector in terms of the breadth and speed of the adoption of new and innovative technologies.

Kundra’s visionary plan for transforming federal IT management included a cloud-first policy in order to get away from wasteful spending on infrastructure. In the first four months of 2011, the U.S. government closed 39 of its more than 2,100 data centers. Now, moving along faster than ever expected, it hopes to close 156 more by December and maintains a lofty goal of shutting down a total of 800 by 2015. This project is part of the Obama administration’s effort to reduce waste, improve efficiency, and save $18.8 billion through data center consolidation. The workloads, including mailboxes and email systems, will be moved to some type of cloud computing platform. In all likelihood, the government would support the idea of private or hybrid clouds over public clouds.

Standards—Key to Cloud Computing Success

Vivek Kundra Cloud ComputingWhere Kundra (Right) adopted game-changing approaches, it’s in part due to (and thanks to) game-changing technologies. One of these is virtualization. Next up is virtualization security.

As a cloud-enabling technology, virtualization has ascended to the top of IT priority lists. And security, while formerly and too often an afterthought, is finally starting to get its day in the sun. Long-time virtualization customers—including the U.S. Government—are realizing the significance of virtual machine (VM) security and are now turning to find better security alternatives. And by better, we mean solutions that have been specifically designed for virtual environments—ones that are dynamic and provide protections in lockstep with VM creation, movement, and change. But with cutting-edge technology comes the need for an amalgamation of expertise and experience in the form of best practice guidelines. And certainly, to drive the U.S. Government’s transition to cloud computing, there is a need for standards—with regards to security, interoperability, and data portability. These standards will ensure greater efficiencies, as well as the protection of information—including citizen data.

In July, the National Institute of Standards and Technology (NIST), for example, released its Guide to Security for Full Virtualization Technologies for public comment. The guide discusses security concerns associated with virtualization technologies and offers recommendations for addressing those concerns. Similarly, the Federal Risk and Authorization Management Program (FedRAMP), which is a multiagency initiative, provides services to certify that information systems used in cloud environments meet federal security guidelines, including continuous network monitoring. This is a task easier said than done in virtualized environments, where traditional network monitoring devices are “blind” to traffic. Again, these initiatives cumulate into the greater effort by the government to realize savings faster and encourage the adoption of cloud while ensuring that the data housed in the federal government’s clouds is as secure as it can be.

This is certainly a trend worth keeping an eye on. As the federal government moves to broadly adopt cloud computing and legislate or at least lead with thinking on cloud security, those businesses and organizations that have already addressed it will be in great shape to interoperate with the new fed data centers, while those who haven’t will have some pretty clear precedents to follow. Either way, with a cloud-first strategy, the U.S. Government is looking much more the vanguard than laggard—which is good news for all.

view counter
Johnnie Konstantas heads Gigamon’s security solutions marketing and business development. With 20+ years in telecommunications, as well as data and cybersecurity, she has done a little bit of everything spanning engineering, product management and marketing for large firms and fledglings. Most recently, she was the VP of Marketing at Dato, a company pioneering large-scale machine learning. She was also VP Marketing at Altor Networks (acquired by Juniper), an early leader in virtualization security and at Varonis Systems. Past roles have included product management and marketing for Check Point, Neoteris, NetScreen and RedSeal Systems. Johnnie started her career at Motorola, designing and implementing large-scale cellular infrastructure. She holds a B.S. in Electrical Engineering from the University of Maryland.