Discussing government cloud computing news with Tarak Modi

In a recent podcast, Peter Schooff spoke with Tarak Modi, vice president and CTO of Calibre Systems, about the U.S. government's use of cloud computing. What follows is a transcript of their conversation, edited for editorial style, clarity and length.

Peter Schooff: Could you give an update on the status of the federal data center consolidation?

Tarak Modi: Sure. To summarize the initiative itself, it is the latest effort to stop and reverse the growth of federal data centers by promoting the use of green IT. Not only would this reduce the cost of data-center hardware, software and operations, but it would help improve the overall IT security posture of the government and shift IT funds from the mere tactical keeping-the-lights-on type of expenses to more strategic computing platforms and technology investments.

[Recently,] a lot has happened. All agencies have successfully created asset inventories and data-consolidation plans. The exercise so far has had some interesting revelations. One of the more disturbing findings is that we were way off in terms of how many federal data centers we thought we had. We've all heard [U.S. CIO] Vivek Kundra cite over 1,100 data centers in his speeches and interviews. Well, the real number is [nearly] double that. That means we have almost 2,100 data centers in the federal government. By far, the worst culprit is the Department of Defense, with 772 data centers. The Department of State follows, with 361 data centers. These two agencies alone exceed Kundra's estimate of the 1,100 data centers.

As we go further down the list, you'll see that that the Department of Interior has 210 data centers and the Department of Health and Human Services has 185. All the remaining agencies have less than 100 each, with some of them in the single digits.

By the way, as far as this initiative is concerned, a data center is any room that is larger than 500 square feet, is devoted to data processing and meets one of the Uptime Institute's Tier 1, 2, 3, or 4 classifications.

This leads us to an interesting dilemma--sort of a sort of a Catch-22. On the one hand, the much higher number of data centers further necessitates the need for this consolidation initiative. On the other hand, it creates some interesting challenges.

One challenge is the even greater pressure on already scarce funding. Another challenge is that the increased scope of work will make it even more difficult for agencies to meet the already aggressive timelines. And, finally--even worse for the initiative, but good news from the agencies' perspective--is that there are no hard consequences for lack of compliance.

So ultimately, while no one doubts the criticality of this initiative, it remains to be seen just how much of an impact it really will have on stopping, much less reversing, the growth of federal data centers. My two cents to them: Start with the small server rooms, gain some early wins by showing the reduction in numbers, and then move on to the tougher task of optimizing the larger data centers.

PS: I'd have to say a lot of people would not be that surprised that the federal government didn't know how many data centers it had. What's been up with the [U.S. General Services Administration] lately?

TM: Actually, the GSA has been quite active. In late October [2010], the GSA awarded 11 vendors with a place on its $77 million government-wide contract Infrastructure as a Service-related cloud computing services. Included on this list are a few names all of us will recognize, such as Amazon and Microsoft. The list also includes CGI, Verizon, AT&T and General Dynamics. The cloud offerings from these 11 vendors will be available through the apps.gov portal maintained by the GSA. But before these 11 vendors can offer up their cloud services, they'll have to go through a certification and accreditation [(C & A)] process at the "moderate" level of the Federal Information Security Management Act [(FISMA)] So there's no surprise there.

But what is surprising is the fact that the GSA will administer the C & A process, not [the Federal risk and Authorization Management Program (FedRAMP)]. Now if you recall, FedRAMP--which is also run by the GSA in conjunction with the Departments of Defense and Homeland Security--is supposed to be the consolidated government-wide security authorization point for cloud computing systems. So I really don't understand why the FISMA C & A will be provided by GSA and not by the FedRAMP.

Anyway, this is the first major award under the Federal Cloud Computing Initiative. Next in line are most likely Platform as a Service and Software as a Service. Both of these are still in the pre-RFP stage and are expected to be released [in December 2010 or early in 2011]. GSA is also considering a specialized case of its Software as a Service offering for e-mail.

As you can see, the GSA is making steady progress in its goal of making more and more cloud services available to the federal agencies under the Federal Cloud Computing Initiative.

PS: What else is going on in the federal world with clouds?

TM: We're now officially into the era of the battle for the clouds. [In October 2010], Google filed a big protest against the Department of the Interior [(DoI)] in the U.S. Court of Federal Claims. The protest seeks an injunction against the DoI from proceeding with its [request for quotation (RFQ)] for e-mail and collaboration services. This is not a small matter. We're talking about a $59 million RFQ. In my opinion, the lawsuit begins a new battle in the continuing war on cloud computing and the survival of the fittest. The lawsuit alleges that the wording of the RFQ put the spotlights squarely on Microsoft Business Productivity Online Suite [(BPOS)].

According to Google, not only does the RFQ completely exclude Google from the running, but it explicitly states that any solution has to be a part of [Microsoft's] suite, which Google says amounts to unduly restrictive competition. The DoI's rationale behind its choices of words in the RFQ seems to be the belief that Google Apps cannot meet its security requirements. That appears a bit strange to me since, so far, Google is the only commercial cloud provider to be certified and accredited under FISMA at the moderate level, which should be sufficient security for what DoI is looking for.

You can bet that a lot of companies and agencies will be following this lawsuit as it progresses to its final outcome with a particular interest to see if it sets any landmark precedents.

As I mentioned: The battle for the clouds has begun.

About the Author

Peter Schooff is a former contributing editor for ebizQ, where he also managed the ebizQ Forum for several years. Previously, Peter managed the database operations for a major cigar company, served as writer/editor of an early Internet entertainment site and developed a computer accounting system for several retail stores. Peter can be reached at pschooff@techtarget.com.

More by Peter Schooff

About ebizQ

ebizQ is the insiderís guide to next-generation business process management. We offer a growing collection of independent editorial articles on BPM trends, issues, challenges and solutions, all targeted to business and IT BPM professionals.

We cover BPM standards, governance, technology and continuous process improvement, as well as process discovery, modeling, simulation and optimization, among many other areas. We follow case management, decision management, business rules management, operational intelligence, complex event processing and other related topics. We closely track important trends such as the rise of social BPM, mobile BPM and BPM in the cloud. We also explore BPMís use in functional areas, such as supply chain and customer management, and in key verticals, such as financial services, health care, insurance and government.

ebizQ's other BPM-oriented content includes podcasts, webcasts, webinars, white papers, a variety of expert blogs, a lively online forum and much more.