BPM, SOA & Cloud Integration
Discussing government cloud computing news with Tarak Modi
By Peter Schooff, Contributing Editor, ebizQ
In a recent podcast, Peter Schooff spoke with Tarak Modi, vice president and CTO
of Calibre Systems, about the U.S. government's use of cloud computing. What follows
is a transcript of their conversation, edited for editorial style, clarity and
Peter Schooff: Could you give an update on the status of the federal data
Tarak Modi: Sure. To summarize the initiative itself, it is the latest
effort to stop and reverse the growth of federal data centers by promoting the
use of green IT. Not only would this reduce the cost of data-center hardware,
software and operations, but it would help improve the overall IT security posture
of the government and shift IT funds from the mere tactical keeping-the-lights-on
type of expenses to more strategic computing platforms and technology investments.
[Recently,] a lot has happened. All agencies have successfully created asset
inventories and data-consolidation plans. The exercise so far has had some interesting
revelations. One of the more disturbing findings is that we were way off in
terms of how many federal data centers we thought we had. We've all heard [U.S.
CIO] Vivek Kundra cite over 1,100 data centers in his speeches and interviews.
Well, the real number is [nearly] double that. That means we have almost 2,100
data centers in the federal government. By far, the worst culprit is the Department
of Defense, with 772 data centers. The Department of State follows, with 361
data centers. These two agencies alone exceed Kundra's estimate of the 1,100
As we go further down the list, you'll see that that the Department of Interior
has 210 data centers and the Department of Health and Human Services has 185.
All the remaining agencies have less than 100 each, with some of them in the
By the way, as far as this initiative is concerned, a data center is any room
that is larger than 500 square feet, is devoted to data processing and meets
one of the Uptime Institute's Tier 1, 2, 3, or 4 classifications.
This leads us to an interesting dilemma--sort of a sort of a Catch-22. On the
one hand, the much higher number of data centers further necessitates the need
for this consolidation initiative. On the other hand, it creates some interesting
One challenge is the even greater pressure on already scarce funding. Another
challenge is that the increased scope of work will make it even more difficult
for agencies to meet the already aggressive timelines. And, finally--even worse
for the initiative, but good news from the agencies' perspective--is that there
are no hard consequences for lack of compliance.
So ultimately, while no one doubts the criticality of this initiative, it remains
to be seen just how much of an impact it really will have on stopping, much
less reversing, the growth of federal data centers. My two cents to them: Start
with the small server rooms, gain some early wins by showing the reduction in
numbers, and then move on to the tougher task of optimizing the larger data
PS: I'd have to say a lot of people would not be that surprised that the
federal government didn't know how many data centers it had. What's been up
with the [U.S. General Services Administration] lately?
TM: Actually, the GSA has been quite active. In late October ,
the GSA awarded 11 vendors with a place on its $77 million government-wide contract
Infrastructure as a Service-related cloud computing services. Included on this
list are a few names all of us will recognize, such as Amazon and Microsoft.
The list also includes CGI, Verizon, AT&T and General Dynamics. The cloud
offerings from these 11 vendors will be available through the apps.gov portal
maintained by the GSA. But before these 11 vendors can offer up their cloud
services, they'll have to go through a certification and accreditation [(C &
A)] process at the "moderate" level of the Federal Information Security
Management Act [(FISMA)] So there's no surprise there.
But what is surprising is the fact that the GSA will administer the C &
A process, not [the Federal risk and Authorization Management Program (FedRAMP)].
Now if you recall, FedRAMP--which is also run by the GSA in conjunction with
the Departments of Defense and Homeland Security--is supposed to be the consolidated
government-wide security authorization point for cloud computing systems. So
I really don't understand why the FISMA C & A will be provided by GSA and
not by the FedRAMP.
Anyway, this is the first major award under the Federal Cloud Computing Initiative.
Next in line are most likely Platform as a Service and Software as a Service.
Both of these are still in the pre-RFP stage and are expected to be released
[in December 2010 or early in 2011]. GSA is also considering a specialized case
of its Software as a Service offering for e-mail.
As you can see, the GSA is making steady progress in its goal of making more
and more cloud services available to the federal agencies under the Federal
Cloud Computing Initiative.
PS: What else is going on in the federal world with clouds?
TM: We're now officially into the era of the battle for the clouds.
[In October 2010], Google filed a big protest against the Department of the
Interior [(DoI)] in the U.S. Court of Federal Claims. The protest seeks an injunction
against the DoI from proceeding with its [request for quotation (RFQ)] for e-mail
and collaboration services. This is not a small matter. We're talking about
a $59 million RFQ. In my opinion, the lawsuit begins a new battle in the continuing
war on cloud computing and the survival of the fittest. The lawsuit alleges
that the wording of the RFQ put the spotlights squarely on Microsoft Business
Productivity Online Suite [(BPOS)].
According to Google, not only does the RFQ completely exclude Google from the
running, but it explicitly states that any solution has to be a part of [Microsoft's]
suite, which Google says amounts to unduly restrictive competition. The DoI's
rationale behind its choices of words in the RFQ seems to be the belief that
Google Apps cannot meet its security requirements. That appears a bit strange
to me since, so far, Google is the only commercial cloud provider to be certified
and accredited under FISMA at the moderate level, which should be sufficient
security for what DoI is looking for.
You can bet that a lot of companies and agencies will be following this lawsuit
as it progresses to its final outcome with a particular interest to see if it
sets any landmark precedents.
As I mentioned: The battle for the clouds has begun.
About the Author
Peter Schooff is a former contributing editor for ebizQ, where he also managed the ebizQ Forum for several years. Previously, Peter managed the database operations for a major cigar company, served as writer/editor of an early Internet entertainment site and developed a computer accounting system for several retail stores. Peter can be reached at firstname.lastname@example.org.More by Peter Schooff
ebizQ is the insiderís guide to next-generation business process management. We offer a growing collection of independent editorial articles on BPM trends, issues, challenges and solutions, all targeted to business and IT BPM professionals.
We cover BPM standards, governance, technology and continuous process improvement, as well as process discovery, modeling, simulation and optimization, among many other areas. We follow case management, decision management, business rules management, operational intelligence, complex event processing and other related topics. We closely track important trends such as the rise of social BPM, mobile BPM and BPM in the cloud. We also explore BPMís use in functional areas, such as supply chain and customer management, and in key verticals, such as financial services, health care, insurance and government.
ebizQ's other BPM-oriented content includes podcasts, webcasts, webinars, white papers, a variety of expert blogs, a lively online forum and much more.