IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Federal Government centralizing Cloud certifications

April 19th, 2010 · No Comments

A great amount of efficiencies exist in the Cloud solution model, but the savings can be wasted through management waste, lax business support services, and insufficient information technology controlsVivek Kundra (United States Government Federal CIO) gave a presentation to the Brookings Institution on how Clouds will be a central focus of all government information systems.  In addition he presented a method of consolidating all certifications within NIST.  This would greatly remove the waste that would exist if every institution was required to certify every vendor.  A couple of interesting points to consider:
Today organizations already rely upon NIST as their accrediting provider for many solutions, and it is foreseeable that this will extend to these cloud certifications.  The certifications will likely encompass all of the risks and required controls demanded by all government agencies, so it is reasonable to conclude these will be adequate certifications for the private sector.  Thus NIST certifications will carry massive weight in the private sector, and will equally reduce the costs of adoption by such businesses.
A repeated theme within the Cloud discussion is the ability to focus on the customer.  Similar to the thinking in how the iphone was not just a phone and the ipad is not just a tablet – Clouds provide a canvas for businesses to serve the customer.  This is achieved by the greatest benefit of Cloud solutions – the ability to fail and correct rapidly.  Extreme unit testing is the greatest opportunity and through prudent information technology controls, such employment shall be with sufficient operational integrity.

Thoughts?

James DeLuccia

Tags: Uncategorized

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment