When the industry first began discussing the hybrid cloud computing model back in 2008, cloud computing purists pushed back hard. After all, they already thought private clouds were silly and a new, wannabe-hip name for the data center. To them, the idea of hybrid clouds that used private clouds or traditional computing platforms was just as ridiculous.

A controversial Internet security bill proposed in 2010 by Sen. Joe Lieberman (I-Conn.) could yet become law in the current session of Congress, said Jeff Greene, counsel on the majority staff of the Senate Homeland Security and Governmental Affairs Committee.

Cloud computing offers a host of potential benefits to public bodies, including scalability, elasticity, high performance, resilience and security together with cost efficiency. Understanding and managing risks related to the adoption and integration of cloud computing capabilities into public bodies is a key challenge. Effectively managing the security and resilience issues related to cloud computing capabilities is prompting many public bodies to innovate, and some cases to rethink, their processes for assessing risk and making informed decisions related to this new service delivering model.

Private and community clouds best fit the IT needs of public administrations, says the EU's cyber security agency.

Public cloud computing carries with it great promise and great risk. Enterprises are hesitant to get on board, despite continuous advice last year from industry experts to embrace it rather than ban it. Departments and divisions are provisioning their own IT services from the cloud with a credit card — a shadow process that in itself is a risk.

Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.

Guidelines provide a framework to help federal departments and agencies make sound, risk based security decisions about how to securely embrace cloud computing.

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

Cloud computing offers a powerful complement to the more established IT solutions federal agencies have long used to conduct their operations. In the right circumstances, it holds the potential to deliver significant cost savings through resource sharing and elimination of redundancies. It also can offer instant scalability to meet expected or unexpected surges in demand. But the acquisition of cloud solutions represents a new approach that brings with it a host of new considerations for government CIOs.

The federal government is fundamentally changing the way it operates. We are confronted with system-wide challenges ranging from the economy, the environment, to health care, etc. Therefore, our public infrastructure is not performing adequately and there are operational and public safety risks. Such challenges have forced the Federal government to take a front and center role in working across the public, private, and academic sectors to solve massively complex and cross-disciplinary, interdependent problems.