MA

NIST Forum Examines the Convergence of Cloud and Mobility

Published: March 26, 2014

Cloud ComputingDOCCybersecurityDEFENSEMobility

Cloud and mobility are two of the fastest growing new technologies in federal IT. To get a handle on these trends, NIST recently hosted a forum and workshop to consider the intersection of cloud and mobility. Speakers presented thoughts and ideas on a number of topics relevant to interoperability, security, and the way ahead.

Of the more than 500 cloud computing efforts across the federal government being tracked by Deltek’s Federal Industry Analysis team, roughly 14% are related to communications and collaboration capabilities. Most of the efforts in this sub-group are for tools like email and SharePoint. A few, however, are for capabilities like unified communications and mobile device management.  That a small number of early adopters are dipping their toes into the water of cloud-based communications/mobility solutions indicates growing interest among federal agency customers. This interest recently coalesced into a 2.5 day long forum and workshop on the intersection of cloud and mobility hosted by the National Institute of Standards and Technology. NIST’s purpose in bringing together members of industry, academia, and government was to get ahead of what it expects will be a rapid convergence of cloud and mobile technologies in the next few years. This convergence is already taking place in the commercial world, a fact that has alerted NIST to the need for a standards-based ‘roadmap’ that outlines a path forward for federal agencies.

To that end, NIST invited speakers from the defense, civilian, and intelligence sectors of the federal government to discuss with industry and academia both the current status of cloud and mobility, and what they see coming in the future.  Although speaker comments touched on a wide number of subjects, this post will focus on three specifically: interoperability, security, and the path ahead.

Interoperability

Multiple speakers expressed concern that agency plans to use cloud are not adequately taking into account the need for interoperability between systems, applications, and platforms. In her morning keynote, Pamela Wise-Martinez, Senior Strategic Enterprise Architect at the Office of the Director of National Intelligence, explained that current limitations to interoperability are inhibiting the agility of cloud solutions being employed by the federal government. Stovepiped data and legacy systems are part of the problem, but lack of training is also a challenge as too many federal personnel don’t understand why increased interoperability is needed. Discussion of interoperability inevitably led to comments on data standardization and open architecture. Speakers agreed that both of these things are required to allow data to move freely, thereby enhancing agency efforts to share data.

Security

Liberated, standardized data in the cloud enables to greater movement of it throughout the enterprise, leading to greater concerns about security. This may sound ironic, especially given that departments like the DoD have justified their efforts to implement a Joint Information Environment by claiming that non-stovepiped data is more secure. Jacob West, Chief Technology Officer for HP Enterprise Security Solutions, noted in his post-lunch keynote, however, that the growth of mobile and cloud solutions has dramatically increased the attack surface of most networks. Coimbatore S. Chandersekaran, Distributed Systems Chief Engineer at the Institute for Defense Analyses, echoed West’s observation, stating that edge (i.e., mobile) devices are typically weaker than machines in the data center, making them preferred attack vectors for those who would seek to steal data or harm Defense systems.

If adding endpoint devices and putting data in the cloud actually increases agency vulnerability, what’s the solution? Several were proposed, including increasing the use of analytics. Automating the process of identifying attacks can mitigate the effect of those attacks much quicker than when a human being is in the loop, HP’s West argued. However, automation can only be achieved with more extensive use of open architecture and standards. Conveniently, using analytics for continuous monitoring is a process well-suited for the cloud. Just take a look at the Defense Information Systems Agency’s new NSA-inspired Acropolis analytics cloud, for instance.
Speakers also noted a need for shared threat notifications to alert the government community (something that in itself needs to evolve and coalesce), as well as a need for agencies to implement credentialing strategies that provide visibility into who is on government networks, and to engineer systems with security as a core competency.

The Path Ahead

Lastly, several speakers took a shot at explaining what they see is on the horizon for cloud and mobility. Here are a few highlights.

Pamela Wise-Martinez (ODNI) argued that ‘boundary-less’ cloud computing is coming, particularly as analytics evolve, sensor clouds develop, and the ‘Internet of Things’ expands. The result will be the transformation of government into more a service provider than ‘big brother.’

Jacob West stated that industry needs a better way of collaborating to defeat cyber threats. Therefore, work should progress toward creating a community of trusted partners linked via an automated platform that catches a large number of threats and shares relevant information.

Finally, Dawn Leaf, Deputy Chief Information Officer at the Department of Labor, expressed her opinion that the shift of IT to a cloud-based services model is a mini-revolution. It will be this continued shift that drives the use of new technologies, not the development of the technologies themselves.