Security and privacy concerns continue to lead U.S. federal department CIOs to choose private clouds over public clouds. For large Federal departments and their sub-agencies, private clouds can be ideal because they provide security and privacy while still yielding performance and efficiency gains. When it comes to the cloud, however, size matters. Smaller U.S. federal agencies and state and local governments may fail to achieve the economies of scale necessary for benefiting from a private cloud environment. For this reason, smaller public sector organizations with interconnected missions should consider following the German example and invest in a third type of cloud solution: the community cloud.
The U.S. National Institute of Standards and Technology (NIST) defines a community cloud as a cloud infrastructure “provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations).”
In the context of the U.S. government, “community” constitutes departments and agencies that share similar program objectives, which often translate to the same security requirements. For example, federal, state, and local emergency coordinators could use a community cloud to track, assess, and share knowledge about disaster preparedness assets. Similarly, government bodies and private sector health providers that need their electronic data to meet the standards of the Health Insurance Portability and Accountability Act (HIPAA) could jointly utilize a HIPAA-compliant community cloud.
Community clouds are an attractive alternative to private clouds because they offer the privacy and security of a private cloud without its associated isolation. The Nebula community cloud developed by the National Aeronautics and Space Administration (NASA), for instance, enables a multitude of scientists and researchers to share large, complex data sets via the cloud. Nebula’s degree of data consolidation and information-sharing would never have been possible through a private cloud. Federal departments and agencies that share a community cloud moreover benefit from joint savings on IT infrastructure, interoperability of systems, and opportunities for inter-agency collaboration.
As U.S. federal department CIOs weigh whether to pursue a community cloud solution, they can look to the example of the European Union (EU) for guidance. Germany, for example, is quickly moving toward the adoption of community cloud solutions. The country’s central government currently supports the development of various community-driven cloud projects such as “CloudCycle,” an open-source platform designed to provide a number of public sector stakeholders, such as public schools, with cloud services. Aside from promoting a cloud solution that will meet the needs of niche public sector groups, Germany is also funding community-oriented cloud initiatives that are industry-specific. For example, one initiative called “PeerEnergyCloud” aims to involve a variety of energy players and become the national cloud solution for smart grid control and energy optimization processes.
Inspired by the German model, cloud solutions for the U.S. government at the federal, state, and local levels can be customized to meet the needs of specialized public sector entities and/or government-sponsored private sector industries. The technical barriers for doing so are low, largely because a number of private sector vendors that include IBM, Microsoft, Google, and CSC already offer government-specific community cloud services.
Given the numerous capabilities and advantages of public sector community clouds and the plethora of providers offering secure and customizable cloud products, federal CIOs should make an effort to understand how they might invest in a community cloud solution. The time for evaluating and taking advantage of this kind of technology is now.