Assignment4The Federal Cloud Computing Strategy (Cloud F.docx

Assignment4
The Federal Cloud Computing Strategy (Cloud First Policy)
lists nine (9) benefits of cloud computing.
The CIO Council’s 2010 document titled State of Public Sector
Cloud Computing contains 30 illustrative case studies that are
part of a movement to leverage cloud computing across the
public sector.
You can find both documents in the Content for Week 7.
Complete the following:
1. Review the nine (9) benefits from the Cloud First Policy.
2. Review the 30 case studies from the State of Public Sector
Cloud Computing document.
3. Cut/paste the below matrix into your paper.
4. Fill in the matrix by matching at least ten (10) case study
examples with benefits (see example). Each case study will have
more than one benefit.
5. Select one of the case study examples from your list of ten
(10) and explain why you chose each of the respective benefits.
Case Study Title
Benefits
DoD US Army AEC (Example)
Assets will be Better Utilized, Efficiency Improvements will
Shift Resources Toward Higher-Value Activities (Example)
1
2

3
4
5
6
7
8
9
10
Deliverable:
Your response should be a 3 page paper, including the
cut/pasted matrix, double-spaced, 12-pitch, New Times Roman.
You should also have a cover page and reference page in
addition to the 2 – 3 page paper. In addition to your matrix,
your paper should include an introduction, conclusion, and
benefit explanations. Make sure to use appropriate sources.

State of Public Sector Cloud Computing
May 20, 2010
Vivek Kundra
Federal Chief Information Officer
1
TABLE OF CONTENTS
Executive Summary
...............................................................................................
...................2
Federal Government Approach
...............................................................................................
..3
Definition of Cloud Computing
..............................................................................................
3
Data Center Consolidation
...............................................................................................

.....6
Standards Development
...............................................................................................
..........6
Federal Budget Planning
...............................................................................................
........9
Illustrative Case Studies
...............................................................................................
..........10
Federal Cloud Computing Case Studies
.................................................................................11
Department of Defense
...............................................................................................
.........12
Department of Energy
...............................................................................................
..........14
Department of Health and Human Services
.......................................................................15
Department of the Interior
...............................................................................................
...16
General Services Administration
........................................................................................16
National Aeronautics and Space
Administration................................................................17
Social Security Administration
............................................................................................2
0
Federal Labor Relations Authority
......................................................................................20
Recovery Accountability and Transparency Board
.............................................................21

Securities and Exchange Commission
.................................................................................21
State and Local Cloud Computing Case Studies
....................................................................23
State of New Jersey
...............................................................................................
..............24
State of New Mexico
...............................................................................................
..............25
Commonwealth of Virginia
...............................................................................................
...26
State of Wisconsin
...............................................................................................
.................26
State of Utah
...................................................................................... .........
.........................27
City of Canton, Georgia
...............................................................................................
........28
City of Carlsbad, California
...............................................................................................
..29
City of Los Angeles, California
............................................................................................2
9
City of Miami, Florida
...............................................................................................
...........30
City of Orlando, Florida
...............................................................................................
........31
Klamath County, Oregon

...............................................................................................
......31
Prince George’s County, Maryland
......................................................................................32
State of Colorado
...............................................................................................
...................32
State of Michigan
...............................................................................................
..................33
References
...............................................................................................
.................................35
2
EXECUTIVE SUMMARY
The Obama Administration is changing the way business is done
in Washington and bringing a new
sense of responsibility to how we manage taxpayer dollars. We
are working to bring the spirit of
American innovation and the power of technology to improve
performance and lower the cost of
government operations.
The United States Government is the world’s largest consumer

of information technology, spending
over $76 billion annually on more than 10,000 different
systems. Fragmentation of systems, poor
project execution, and the drag of legacy technology in the
Federal Government have presented
barriers to achieving the productivity and performance gains
found when technology is deployed
effectively in the private sectors.
In September 2009, we announced the Federal Government’s
Cloud Computing Initiative. Cloud
computing has the potential to greatly reduce waste, increase
data center efficiency and utilization
rates, and lower operating costs. This report presents an
overview of cloud computing across the
public sector. It provides the Federal Government’s definition
of cloud computing, and includes
details on deployment models, service models, and common
characteristics of cloud computing.
As we move to the cloud, we must be vigilant in our efforts to
ensure that the standards are in place
for a cloud computing environment that provides for security of
government information, protects the
privacy of our citizens, and safeguards our national security
interests. This report provides details
regarding the National Institute of Standards and Technology’s
efforts to facilitate and lead the
development of standards for security, interoperability, and
portability.
Furthermore, this report details Federal budget guidance issued
to agencies to foster the adoption of
cloud computing technologies, where relevant, and provides an
overview of the Federal
Government’s approach to data center consolidation.

This report concludes with 30 illustrative case studies at the
Federal, state and local government
levels. These case studies reflect the growing movement across
the public sector to leverage cloud
computing technologies.
3
FEDERAL GOVERNMENT APPROACH
Cloud computing is still in its early stages and we have a long
journey ahead. This report provides
information on our approach to leverage cloud computing to
help close the Government’s technology
gap. Specifically, this report presents:
Definition of Cloud Computing
As defined by the National Institute of Standards and
Technology (NIST)1
Characteristics of the Cloud
, cloud computing is a

model for enabling convenient, on-demand network access to a
shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned
and released with minimal management effort or service
provider interaction. This cloud model
promotes availability and is composed of essential
characteristics, deployment models, and various
service models.
-demand self-service. A consumer can unilaterally
provision computing capabilities, such
as server time and network storage, as needed automatically
without requiring human
interaction with each service’s provider.
network and accessed through
standard mechanisms that promote use by heterogeneous thin or
thick client platforms (e.g.,
mobile phones, laptops, and PDAs).
pooled to serve multiple
consumers using a multi-tenant model, with different physical
and virtual resources
dynamically assigned and reassigned according to consumer
demand. There is a sense of
location independence in that the customer generally has no
control or knowledge over the
exact location of the provided resources but may be able to
specify location at a higher level
of abstraction (e.g., country, state, or datacenter). Examples of
resources include storage,
processing, memory, network bandwidth, and virtual machines.

city. Capabilities can be rapidly and elastically
provisioned, in some cases
automatically, to quickly scale up and rapidly released to
quickly scale down. To the
consumer, the capabilities available for provisioning often
appear to be unlimited and can be
purchased in any quantity at any time.
optimize resource use by
leveraging a metering capability at some level of abstraction
appropriate to the type of
service (e.g., storage, processing, bandwidth, and active user
accounts). Resource usage can
be monitored, controlled, and reported providing transparency
for both the provider and
consumer of the utilized service.
Benefits of Cloud Computing
There was a time when every household, town, farm or village
had its own water well. Today,
shared public utilities give us access to clean water by simply
turning on the tap; cloud computing
works in a similar fashion. Just like the water from the tap in
your kitchen, cloud computing
1 National Institute of Standards and Technology, “The NIST
Definition of Cloud Computing,” document posted October
2009,
http://csrc.nist.gov/groups/SNS/cloud-computing/.
http://csrc.nist.gov/groups/SNS/cloud-computing/�

4
services can be turned on or off quickly as needed. Like at the
water company, there is a team of
dedicated professionals making sure the service provided is safe
and available on a 24/7 basis. Best
of all, when the tap isn’t on, not only are you saving water, but
you aren’t paying for resources you
don’t currently need.
-as-you-go approach
to IT, in which a low initial
investment is required to get going. Additional investment is
incurred as system use
increases and costs can decrease if usage decreases. In this
way, cash flows better match
total system cost.
load do not have to scramble to
secure additional hardware and software. With cloud
computing, they can add and subtract
capacity as its network load dictates, and pay only for what they
use.
procurement and certification
processes, and with a near-limitless selection of services, tools,
and features, cloud computing
helps projects get off the ground in record time.
department scrambling for answers.
Cloud computing can offer a higher level of service and
reliability, and an immediate

response to emergency situations.
from the finer details of IT system
configuration and maintenance, enabling them to spend more
time on mission-critical tasks
and less time on IT operations and maintenance.
community does not need to have
its own dedicated IT infrastructure. Several groups can share
computing resources, leading
to higher utilization rates, fewer servers, and less energy
consumption.
Deployment Models
one organization. It may be
managed by the organization or a third party and may exist on
premises or off premises.
several organizations and supports
a specific community that has shared concerns (e.g., mission,
security requirements, policy,
and compliance considerations). It may be managed by the
organizations or a third party
and may exist on premises or off premises.
the general public or a large
industry group and is owned by an organization selling cloud
services.

two or more clouds (private,
community, or public) that remain unique entities but are bound
together by standardized or
proprietary technology that enables data and application
portability (e.g., cloud bursting for
load-balancing between clouds).
5
Figure 1: Cloud Sourcing Models2
Service Models
the ability to use the provider’s
applications running on a cloud infrastructure. The applications
are accessible from various
client devices through a thin client interface such as a web
browser (e.g., web-based e-mail).
The consumer does not manage or control the underlying cloud
infrastructure including
network, servers, operating systems, storage, or even individual
application capabilities,
with the possible exception of limited user-specific application
configuration settings.
the ability to deploy onto the

cloud infrastructure consumer-created or acquired applications
created using programming
languages and tools supported by the provider. The consumer
does not manage or control
the underlying cloud infrastructure including network, servers,
operating systems, or
storage, but has control over the deployed applications and
possibly application hosting
environment configurations.
consumer the ability to provision
processing, storage, networks, and other fundamental computing
resources where the
consumer is able to deploy and run arbitrary software, which
can include operating systems
and applications. The consumer does not manage or control the
underlying cloud
infrastructure but has control over operating systems, storage,
deployed applications, and
possibly limited control of select networking components (e.g.,
host firewalls).
2 General Services Administration, “Cloud Sourcing Models”
(government document, 2010).
Public Internet
Public Cloud:
The cloud infrastructure is
m ade available to the general
public or a large industry group
and is owned by an
organization selling cloud

services.
Community Cloud: The cloud infrastructure
is shared by several organizations and
supports a specific com m unity that has
shared concerns (e.g., m ission, security
requirem ents, policy, and com pliance
considerations). It m ay be m anaged by the
organizations or a third party and m ay exist
on prem ises or off prem ises.
Hybrid Cloud: The cloud infrastructure is a
com position of two or m ore clouds (private,
com m unity, or public) that rem ain unique
entities but are bound together by
standardized or proprietary technology that
enables data and application portability (e.g.,
cloud bursting).
Private Cloud Commercially Hosted:
Publically available Cloud Com puting services
offered through com mercial sources that are
dedicated and separate from the Public both
physically and logically and m ust to rem ain
within the U.S. borders to support heighted
data security and privacy requirem ents.
Access to these services are provided
through a dedicated Governm ent Intranet and
is not accessible from the Public Internet.
Government
Dedicated
Intranet
Private Government Cloud :
The cloud infrastructure is operated solely for an

organization. It m ay be m anaged by the
organization or a third party and m ay exist on
prem ises or off prem ises.
Cloud Sourcing ModelsOutsourced Government
T
ru
s
t (
S
e
c
u
ri
ty
a
n
d
D
a
ta
P
ri
va
c
y)

High
Low
Private
Government
Cloud
Private
Commercially
Hosted
Cloud
Public
Cloud
Hybrid Government Cloud
Community
Cloud
6
Data Center Consolidation
The transition to cloud computing is also supported by Federal
data center consolidation efforts. The
consolidation of Federal data centers will reduce energy
consumption, space usage, and
environmental impacts, while increasing the utilization and
efficiency of IT assets. Data center
consolidation will also play an important role in meeting the

goals of the Energy Security and
Independence Act of 20073
In February 2010, the Federal CIO issued data center
consolidation guidance
and various executive orders directing increased energy
efficiencies. The
effort will promote shared Government-wide, cost effective,
green, and sustainable Federal data
centers in support of agency missions.
4
Standards Development
to agencies regarding
creation of agency data center consolidation plans. The
guidance directed agencies to consider
agency data center performance and utilization metrics, energy
efficiency use data, physical facility,
operational cost and asset information, best practices, open
standards, and security. Agencies will
develop their data center consolidation plans and incorporate
them into their Fiscal Year 2012
budgets by August 30, 2010.
As we move to the cloud, we must be vigilant in our efforts to
ensure the standards are in place for a
cloud computing environment. As part of the Federal Cloud
Computing Initiative, the National
Institute of Standards and Technology (NIST)5
is leading and facilitating the development of cloud
computing standards which respond to high priority security,

interoperability, and portability
requirements.
Current cloud computing standards development activities,
conducted by the NIST Information
Technology Laboratory (ITL), include:
9, NIST made the widely
adopted and referenced NIST
Definition of Cloud Computing publicly available. NIST is in
the process of developing a
series of Special Publications (SP) related to cloud computing.
These Special Publications
are informed by the activities which are described below.
Computing (SAJACC): The
SAJAAC goal is to facilitate the development of cloud
computing standards. SAJACC will
include a publicly accessible NIST hosted portal which
facilitates the exchange of verifiable
information regarding the extent to which pre-standard
candidate interface specifications
satisfy key cloud computing requirements. The expectation is
that SAJACC will help to
accelerate the development of cloud computing standards and,
as a bi-product of its
information dissemination function, increase the level of
confidence to enable cloud
computing adoption.
(FedRAMP): NIST’s role is to
support the definition of a consistent technical process that will
be used by FedRAMP to
assess the security posture of specific cloud service

implementations. NIST serves as a
3 U.S. Congress. Energy Independence and Security Act of
2007. H.R. 6. 110th Cong., 1st sess. (January 2007).
http://frwebgate.access.gpo.gov/cgi-
bin/getdoc.cgi?dbname=110_cong_bills&docid=f:h6enr.txt.pdf.
4 Office of Management and Budget. “Federal Data Center
Consolidation Initiative,” CIO Council, government document
posted February 2010,
http://www.cio.gov/documents_details.cfm/uid/25A781B7-
BDBE-6B59-
F86D3F2751E5CB43/structure/OMB%20Documents%20and%20
Guidance/category/Policy%20Letters%20and%20Memos.
5 National Institute of Standards and Technology, “Summary of
NIST Cloud Computing Standards Development Efforts”
bin/getdoc.cgi?dbname=110_cong_bills&docid=f:h6enr.txt.pdf�
BDBE-6B59-
Guidance/category/Policy%20Letters%20and%20Memos�
BDBE-6B59-
7
technical advisor for the FedRAMP process that will be

implemented by the Federal CIO
Council.
Description of NIST Cloud Computing Standards Development
Activities
NIST serves as the government lead, working with other
government agencies, industry, academia,
Standards Development Organizations (SDO), and others to
leverage appropriate existing standards
and to develop cloud computing standards where gaps exist.
While cloud computing services are
currently being used, security, interoperability, and portability
are cited as major barriers to further
adoption. The expectation is that standards will shorten the
adoption cycle, enabling cost savings
and an increased ability to quickly create and deploy enterprise
applications. The focus is on
standards which support interoperability, portability, and
security to enable important usage
scenarios.
NIST scientific expertise and its diverse group of NIST IT
scientists yield a collective knowledge,
research, and technical guidance capability which is aligned
with the bureau’s mission to support
industry and advise government, acting impartially and
providing credible technical insights.
Special Publications on Cloud Computing and Selected Topics
NIST plans to issue an initial SP on cloud computing. The
purpose is to provide insight into the
benefits and considerations, and the secure and effective uses of
cloud computing. More specifically,
the document will provide guidance on key considerations of

cloud computing: interoperability,
portability, and security. To present these issues, the document
will use the broadly recognized and
adopted NIST Definition of Cloud Computing as a basis, given
informal models of the major cloud
computing service categories (Software as a Service, Platform
as a Service, and Infrastructure as a
Service). The publication will outline typical terms of use for
cloud systems, will synopsize future
research areas in cloud computing, and will provide informal
recommendations.
NIST is also in the process of developing an SP on securing
virtualization solutions for servers and
desktops which are widely used in cloud computing
technologies. The publication will provide an
overview of full virtualization technologies, discuss the security
concerns associated with full
virtualization for servers, and provide recommendations for
addressing them. The publication will
also give an overview of actions that organizations should
perform throughout the lifecycle of a
server virtualization solution.
Standards Acceleration to Jumpstart Adoption of Cloud
Computing (SAJACC)
There is often a gap between the time when formal standards for
a new technology are needed and
when they become available. The development of standards is
inherently dependent on the time
consuming process of consensus building through broad
participation. There is also a need to ensure
due diligence in producing a standard of quality and
completeness such that it will be effective and
broadly adopted.

8
Figure 2: Standards Acceleration Overview6
The SAJAAC strategy and approach is to accelerate the
development of standards and to increase
the level of confidence in cloud computing adoption during the
interim period before cloud computing
standards are formalized. SAJACC will provide information
about interim specifications and the
extent that they support key cloud computing requirements
through a NIST hosted SAJACC portal.
More specifically, SAJACC will provide a public Internet-
accessible repository of cloud computing
usage scenarios (i.e., use cases), documented cloud system
interfaces, pointers to cloud system
reference implementations, and test results showing the extent
to which different interfaces can
support individual use cases.
The project is in the process of formulating an initial set of
draft use cases and vetting these with
cloud computing stakeholders in academia, government, and
industry. The use cases are being
developed to demonstrate portability, interoperability, and
achievable security for users of cloud
systems. After the use cases have been refined, they will be

published on the portal. The project will
then identify candidate legacy cloud system interfaces, along
with their reference implementations,
for validation against the use cases. After an initial set of
legacy interfaces have been identified,
NIST will conduct validation tests and publish the results. The
process of identifying new interfaces
(with corresponding reference implementations) and new use
cases will be ongoing.
SAJACC leverages, coordinates, and is heavily dependent on
input from all stakeholders with an
interest in cloud computing standards.
Federal Risk and Authorization Management Program
(FedRAMP)
NIST, in the technical advisory role to the interagency Federal
Cloud Computing Advisory Council
(CCAC) Security Working Group will define an initial technical
approach and process for FedRAMP
consistent with NIST security guidance in the context of the
Federal Information System
Management Act (FISMA). To clarify the role of NIST with
respect to FedRAMP, while NIST is
supporting the definition of the FedRAMP process from a
technical perspective, NIST is not the
implementing organization. The governance and operational
implementation of FedRAMP will be
completed under the auspices of the Federal CIO Council.

9
Figure 3: FedRAMP Overview7
As part of its Technical Advisory effort NIST will:
groups supporting the Federal CIO
Council
authorization of cloud systems and on
the application of FISMA and 800-53 to cloud computing
Federal Budget Planning
The President’s FY 2011 Budget highlights cloud computing as
a major part of the strategy to
achieve efficient and effective IT. Federal agencies are to
deploy cloud computing solutions to
improve the delivery of IT services, where the cloud computing
solution has demonstrable benefits
versus the status quo. OMB, as part of the FY 2011 Budget
Process, requested all agencies to
evaluate cloud computing alternatives as part of their budget
submissions for all major IT
investments, where relevant. Specifically:

– all newly planned or performing major
IT investments acquisitions
must complete an alternatives analysis that includes a cloud
computing based alternative as
part of their budget submissions.
– all IT investments making
enhancements to an existing investment
must complete an alternatives analysis that includes a cloud
computing based alternative as
part of their budget submissions.
– all IT investments in steady-state must
complete an alternatives
analysis that includes a cloud computing based alternative as
part of their budget
submissions.
10
ILLUSTRATIVE CASE STUDIES
Cloud computing provides tremendous opportunities for the
public sector to improve the delivery of
services to the American people, reduce the cost of government
operations and make more effective
use of taxpayer dollars, and lower energy consumption. While

the public sector is just at the
beginning of the journey to cloud computing, we are already
seeing innovative examples at all levels
of government.
For example, on April 26, 2010, Recovery.gov became the first
Government-wide system to migrate
to a cloud-based environment. With the cost savings gained
from using a cloud computing
infrastructure, the Recovery Board plans to redirect more than
$1 million in computer equipment
and software to its accountability mission to help identify fraud,
waste, and abuse. The City of Los
Angeles is anticipating savings of $5.5 million over five years
as a result of moving e-mail and
productivity tools to the cloud for over 34,000 City employees,
and the State of Wisconsin’s
Department of Natural Resources is increasing collaboration
through a hosted online meeting space
that supports conference calls, interactive meetings, and
information sharing.
These are a handful of illustrative examples that are part of a
larger movement to leverage cloud
computing across the public sector.
11
FEDERAL CLOUD COMPUTING CASE STUDIES

The following case studies provide recent examples of how
Federal agencies are using cloud
computing technologies.
• Department of Defense (United States Army) - Army
Experience Center
• Department of Defense (Defense Information Systems
Agency) - Rapid Access Computing
Environment
• Department of Defense (Defense Information Systems
Agency) - Forge.mil
• Department of Defense (United States Air Force) - Personnel
Services Delivery
Transformation
• Department of Energy (Lawrence Berkeley National Labs) -
Cloud Computing Migration
• Department of Health and Human Services - Supporting
Electronic Health Records
• Department of the Interior - Agency-wide E-mail
• General Services Administration (Office of Citizen Services) -
USA.gov
• General Services Administration - Agency-wide E-mail
• National Aeronautics and Space Administration (Ames
Research Center) - World-Wide
Telescope

• National Aeronautics and Space Administration (Jet
Propulsion Laboratory) - Be A Martian
• National Aeronautics and Space Administration - Enterprise
Data Center Strategy
• Social Security Administration - Online Answers
Knowledgebase
• Federal Labor Relations Authority - Case Management System
• Recovery Accountability and Transparency Board -
Recovery.gov Cloud Computing Migration
• Securities and Exchange Commission - Investor Advocacy
System
12
Department of Defense
Project: Army Experience Center
(United States Army)
The Army Experience Center (AEC), located in Philadelphia,
PA, is an Army pilot program
designed to explore new technologies and techniques that the
Army can leverage to improve
the efficiency and effectiveness of its marketing and recruiting

operations. The AEC uses
touch screen career exploration kiosks, state-of-the-art
presentation facilities, community
events, virtual reality simulators, and social networking to help
potential recruits learn
about the Army and make informed decisions about enlisting.
The Army required a
customer relationship management system that would track
personal and electronic
engagements with prospects and would help recruiting staff
manage the recruiting process.
Army's legacy proprietary data system, the Army Recruiting
Information
Support System (ARISS), was over 10 years old. Despite
regular upgrades
over the years, it was infeasible to modify ARISS to meet the
AEC's
requirements; including integration with Social Networking and
other
Web 2.0 applications, real time data access from multiple
platforms
including handheld devices, ability to track AEC visitor and
engagement
data, and integration of marketing and recruiting data. Initial
bids from
traditional IT vendors to provide required functionality ranged
from
$500,000 to over $1 million.
Instead, the Army chose a customized version of the cloud-
based Customer
Relationship Management tool Salesforce.com as its pilot
solution to
manage recruiting efforts at the Army Experience Center. The
Army is

piloting this cloud-based solution at an annual cost of $54,000.
With the new system, the
Army is able to track recruits as they participate in multiple
simulations at the Army
Experience Center. The solution integrates directly with e-mail
and Facebook, allowing
recruiters to connect with participants more dynamically after
they leave the Army
Experience Center. By using Salesforce.com's mobile solution,
Army recruiters can access
recruit information from anywhere.
The Army is currently in the second year of a two year pilot of
the customized Salesforce.com
application. Using the cloud-based solution, the Army was able
to have fewer recruiters
handle the same workload as the five traditional recruiting
centers the Army Experience
Center replaced. The cloud application has resulted in faster
application upgrades,
dramatically reduced hardware and IT staff costs, and
significantly increased staff
productivity.8,9
Project: Rapid Access Computing Environment
(Defense Information Systems Agency)
The Defense Information Systems Agency (DISA) provides
Information Technology support
to the Department of Defense (DoD). DISA began leveraging
cloud computing in 2008 by
creating its own secure private cloud, the Rapid Access
Computing Environment (RACE).

8 Jeff Erlichman, “Cloud Recruiting,” On the Frontlines:
Shaping Government Clouds, Winter 2010.
http://www.mygazines.com/issue/5865.
9 United States Army G-1, May 2010.
Improving
communications and
relationship
management with
potential recruits
through a cloud-
based CRM solution
http://www.mygazines.com/issue/5865�
13
RACE, which uses virtual server technology to provide on-
demand server space for
development teams, aims to be more secure and stable than a
traditional public cloud.
RACE consists of many virtual servers inside a single physical
server. By
using virtualization technologies, DISA has divided the costs of
provisioning and operating a single physical server among the
users of the
various virtual servers. This system passes cost savings on to
individual
teams. Within this virtual environment, users can use a self-
service portal

to provision computing resources in 50 GB increments with the
guarantee
that the environment will be secure to DoD standards. At DoD,
a
dedicated server environment used to take three to six weeks to
provision
due to lengthy procurement processes. However, RACE is able
to
provision functional server space to users in 24 hours. The cost
for a user
to obtain an environment on RACE is reasonable and can be set
up with
an approved Government credit card.
According to DISA, personnel can expect the same level of
service and availability when
using RACE over a traditional environment. Additionally, for
security purposes RACE has
built-in application separation controls so that all applications,
databases and Web servers
are separate from each other. DISA also has a strict data
cleansing process for when an
application needs to be removed completely from the RACE
platform. Since the inception of
this cloud-based solution, hundreds of military applications
including command and control
systems, convoy control systems, and satellite programs have
been developed and tested on
RACE.10
Project: Forge.mil
(Defense Information Systems Agency)

Typical implementation of new software and systems at DoD
requires large amounts of time
and money due to licensing, acquisition, and support demands.
Non-cloud based software
development does not typically allow for the utilization of
economies of scale, ubiquitous
delivery, or cross collaboration on projects. Recognizing that
such benefits can be found in
the cloud, DISA established the software development
environment Forge.mil. Through
Forge.mil, DISA provides the entire Department of Defense
with the tools
and services necessary for rapid development, testing, and
deployment of
new software and systems.
Forge.mil teamed with cloud provider CollabNet to provide for
a software
development platform to allow users to reuse and collaborate on
software
code. Currently, Forge.mil has over 5,000 users, with over 300
open
source projects, over 500 file release posts, and over 30,000
downloads.
Forge.mil’s collaborative environment and open development
platform
allow DISA to avoid large start-up costs and enable additional
return on
investment (ROI) through software reuse.
With rapid project start-ups at minimal cost, Forge.mil
estimates new
projects developed in its environment save DISA between
$200,000 and $500,000 per project.
Also, DISA estimates about $15 million in cost avoidance by

utilizing an open source
philosophy that allows for software reuse and collaborative
development. This open source
10 Defense Information Systems Agency, May 2010.
Using cloud
computing technology
to provide on-demand
virtual server space
for development
teams
Software development
environment for rapid
access to the tools and
services needed to
quickly develop, test
and deploy software
and systems
14
philosophy of Forge.mil not only saves money on licensing and
support, but provides
improved software by giving version control, traceability, and
having multiple stakeholders
from various projects work on the same software code.
Forge.mil hosts an array of projects for different areas of DoD
including the Army, Navy, Air

Force, Marine Corps and the Joint Chiefs, all within a secure
environment that
appropriately protects DoD software assets. Forge.mil allows
DISA and its customers to
reduce their costs and shorten the time required to develop new
software and systems by
using a cloud environment that promotes collaboration, reuse of
developed software, rapid
delivery, and shortened time-to-market for projects.11
Project: Personnel Services Delivery Transformation (PSDT)
(United States Air Force)
Faced with a mandate to reshape the personnel community, the
Air Force Personnel Center
needed to reduce the time spent searching for documentation
and allow personnel to support
war-fighting missions. The Air Force Personnel Center created
a program to transform the
way Human Resource tools and services were delivered. The
primary goal was to create a
better customer experience by providing self-service solutions
and tracking
customer service needs.
The Air Force implemented the Software as a Service (SaaS)
solution by
RightNow to support its knowledge management, case tracking,
contact
center tracking and customer survey mission needs. Using tools
available
in the RightNow solution the Air Force focused on solving
fundamental

problems, with the way information was organized.
RightNow empowered the Air Force to complete its manpower
reduction
initiative and save over $4 million annually. Searches on the
knowledge
base have increased to nearly 2 million per week and customer
engagement has increased 70 percent. By using a cloud-based
solution,
the site has been able to scale to meet fluctuating demand
without
compromising the customer experience. Customers can now
find answers
from over 15,000 documents within two minutes, an
improvement on the
20 minute wait they faced before the implementation of this
solution.12
Department of Energy
Project: Cloud Computing Migration
(Lawrence Berkeley National Labs)
The Department of Energy is exploring cost and energy
efficiencies that can result from
leveraging cloud computing. This initiative explores how to use
cloud computing to address
needs across the enterprise, in specific business services, and in
scientific study. Although
started in 2009, these efforts at Lawrence Berkeley National
Labs (LBL) are already showing
promise.

11 Defense Information Systems Agency, May 2010.
12 Air Force Office of the Chief Information Officer, May
2010.
Improving operations
of human resources
management through
a cloud-based CRM
solution that includes
knowledge
management, case
tracking, contact
center tracking and
customer survey tools
15
LBL has already deployed over 2,300 mailboxes on Google
Federal
Premier Apps, and will end up with 5,000 e-mail accounts
deployed by
August 2010. This solution uses a LBL Identity Management
System to
provide authentication. Additionally, Google Docs and Google
Sites have
already been deployed and are being used by small and medium-
sized
scientific research teams to foster collaboration and community
documentation.
Presently, LBL is evaluating the use of Amazon’s EC2 to handle
excess capacity for mid-

range computers during peak usage periods. LBL is also
investigating the use of a federated
identity to provide access for the scientific community to a wide
range of cloud computing
offerings. LBL estimates they will save $1.5 million over the
next five years in hardware,
software and labor costs from the deployments they have
already made.13,14
Department of Health and Human Services
Project: Supporting Electronic Health Records
The Department of Health and Human Services (HHS) is
leveraging cloud computing to
support the implementation of Electronic Health Records (EHR)
systems. HHS is planning
for 70 Regional Extension Centers which will assist over
100,000 Primary
Care Practitioners. To coordinate healthcare providers’
implementation of
new EHR systems, HHS is deploying a cloud-based customer
relationship
and project management solution provided by Salesforce.com.
The
solution will support HHS’s Regional Extension Centers in the
selection,
implementation, and meaningful use of EHRs. Various
implementation
approaches can be analyzed to quickly identify best practices
for EHR
implementation as they emerge.
After reviewing internal and cloud-based solutions, the Office

of the
National Coordinator (ONC) decided that Salesforce.com
offered the best
CRM solution for a quick, inexpensive, and rapidly scalable
implementation. The review process concluded that it would
have taken
over a year to implement an internally-based system.
Leveraging the
cloud solution, ONC was able to stand up the first phase of the
Salesforce
solution in less than three months after the award.
One of the advantages ONC anticipates from deploying a cloud-
based CRM system is the
ability to update the system as Regional Extension Centers start
using it. More
implementation phases are already planned to ensure that users’
needs are met. ONC
expects to be able to quickly update future phases of the system
in substantially less time,
while doing it collaboratively with end users.15
13 Department of Energy Office of the Chief Information
Officer, May 2010.
14 Lawrence Berkeley National Labs Office of the Chief
Information Officer, May 2010.
15 Department of Health and Human Services, May 2010.
Leveraging cloud-
based CRM tools to
support HHS in
allocating grant

funding for
implementation of
electronic health
records
Exploring cost and
energy efficiencies of
cloud computing
solutions
16
Department of the Interior
Announced Project: Agency-wide E-mail
The Department of the Interior is pursuing a Software as a
Service (SaaS) cloud computing
model for e-mail. DOI has 80,000 e-mail users who are widely
dispersed across the United
States. They are currently supported by a very complex
messaging
infrastructure comprised of more than a dozen different e-mail
systems.
The Department had already determined that a single e-mail
infrastructure would reduce the complexity of the overall
system and
improve the level of service provided to their users when it
decided to
explore cloud-based solutions.

When considering how best to deliver a single e-mail system,
the
Department analyzed the opportunities for cost savings
presented by cloud
computing. The numbers were compelling: by implementing e-
mail using
an external commercial SaaS model, the Department expects to
provide
improved service to its 80,000 users for one-third the amount of
money that it spends today.
The Department is moving forward with this project with a
completion date in Fiscal Year
2011.16
General Services Administration
Project: USA.gov
(Office of Citizen Services)
As the Federal Government’s primary information portal,
USA.gov, presents the American
people with a vast body of information and resources including
topics like benefits and
grants, taxes, jobs, education, health, voting, technology, and
business and nonprofit guides.
As the Federal Government encourages citizens to become more
involved and active with
local, state, and federal politics, key sites like USA.gov see
vastly increasing and decreasing
website traffic as key issues are debated in the national public
forum, natural disasters come
and go, and voting season approaches. These spikes in traffic
made a cloud computing-based

solution very attractive, as a cloud infrastructure is much better
able to deal with on-demand
scalability than most traditional IT infrastructures. This
increased flexibility positions
USA.gov to better serve emerging needs.
By moving to Terremark’s Enterprise Cloud service, the
General Services
Administration (GSA) reduced site upgrade time from nine
months
(including procurement) to a maximum of one day. Monthly
downtime
moved from roughly two hours with the traditional hosting
setup to near
zero with the cloud solution (99.9 percent availability). With
its legacy
setup, GSA paid $2.35 million annually for USA.gov, including
total
hardware refresh and software relicensing costs of $2 million,
in addition
to personnel costs of $350,000. By moving to a cloud service,
GSA now
pays an annual total of $650,000 for USA.gov and all associated
costs, a
costs savings of $1.7 million, or 72 percent.17
16 Department of the Interior Office of the Chief Technology
Officer, April 2010.
17 General Services Administration, May 2010.
Migrating 80,000

mailboxes (from 13
specific systems) to
one unified cloud
provider
Reducing costs and
improving service by
moving USA.gov to a
cloud-based hosting
environment
17
Announced Project: Agency-wide E-mail
GSA’s current environment lacks the level of integrated
features commercially available.
GSA requires a greater use of features such as integrated
messaging and collaborative tools
to support its mission. E-mail archiving is currently
implemented inconsistently, is difficult
to use, and does not meet information retrieval (e-discovery)
requirements.
The storage associated with e-mail archiving continues to grow
and is
costly to manage. Recent regulations for handling e-mail
litigation hold
and discovery demand that GSA implement a more effective and
expedient
process. Additionally, GSA is seeking a solution that will
reduce it’s in-

house system maintenance burden and provide GSA users with
more
timely implementations of new versions and features.
GSA’s e-mail effort will migrate over 15,000 mailboxes to a
cloud-based
solution, eliminating the redundant and disparate infrastructure
presently
housed at 17 different locations around the world.
Although still in the information gathering phase, initial
estimates
indicate that over the first two years, GSA will realize a 30
percent cost savings.18
National Aeronautics and Space Administration
Project: World-Wide Telescope
(Ames Research Center)
Nebula, NASA’s cloud-computing platform, is helping NASA to
engage the public through
the viewing and exploration of the Moon and Mars in
unprecedented resolution. Nebula
allows NASA to process, store and upload thousands of high-
resolution images and over 100
terabytes of data. In a traditional IT environment, it would have
taken several months to
procure new infrastructure and another one to two months of
full-time work by two full-time
employees to configure the new equipment to handle this data.
By utilizing Nebula, NASA
saved four to five months of time and roughly 800 hours of
labor, allowing the agency to focus

on expanding the content accessible to the public instead of
building IT
infrastructure.
The nature of NASA's activities requires strict security policies,
creating a
challenge in providing a collaborative environment to share data
with
outside partners or the public. Nebula's architecture is designed
from the
ground up for interoperability with commercial cloud service
providers,
offering NASA researchers the ability to port data sets and code
to run on
commercial clouds. Nebula provides a secure way for NASA to
make its
data accessible to partners, avoiding the need to grant access to
internal
networks. Each researcher needs a varying amount of storage
space and
compute power to process his or her data sets. In the old
operational
model, these resources took months to procure and configure
and required
constant monitoring and frequent upgrades. Using Nebula's
cloud computing infrastructure,
researchers will be able to provision these services in just a
matter of minutes.
NASA space exploration missions can take over 10 years to
develop and the resources needed
to process the data coming back are usually scheduled and
procured well before launch.

18 General Services Administration, May 2010.
Migrating over 15,000
mailboxes to a cloud
solution with features
commonly available
in commercially
solutions
Using NASA’s Nebula
cloud platform to
store, process and
provide access to
high-resolution
images of the Moon
and Mars
18
Missions, however, have a varying degree of success: some are
delayed at a late stage, some
are cancelled altogether, and some last much longer than
originally anticipated. Nebula's
cloud services allow NASA to be much more flexible and
responsive to actual mission needs,
scaling resources up or down as the actual requirements of the
mission develop. In addition
to supporting NASA’s missions, the Nebula cloud-computing
platform has demonstrated
additional versatility and has become the home of the Federal
Government’s flagship
transparency website USAspending.gov. USAspending.gov 2.0

was completely reengineered
to leverage the cloud-computing platform at Nebula, and
growing the amount of storage as
Federal spending data grows will now be a quick and easy
process.19,20
Project: Be A Martian
(Jet Propulsion Laboratory)
NASA's Jet Propulsion Laboratory (JPL) brings science to the
American people by inspiring
interest in the planet Mars. The laboratory sought to increase
the impact of its education
and outreach program by using technology. It wanted not just
to give Mars data to the
public, but rather to excite the public about Mars.
To meet this challenge, JPL developed an interactive website,
BeAMartian.jpl.nasa.gov,
using the Microsoft Azure cloud computing platform. An
application programming interface
(API) connects website visitors with 250,000 pictures of Mars,
available without having to
store any additional data on JPL computers. On the cloud,
individuals can virtually explore
the planet by browsing pictures, watching videos, and creating
tags. They can post
questions, read responses, and send messages to Mars. The
more
content a visitor contributes to the site, the more reputation
points they
earn in their account. For participants, this is a fun way to
learn more

about Mars.
"JPL chooses to keep it real through early exploration of
multiple
clouds.” said Tom Soderstrom, Chief Technology Officer of
NASA's JPL.
"In other words, JPL wants to be an intelligent user of clouds
and the
only way we can do that is by being proactive and trying them
out, end-
to-end with real mission data. We’ve been exploring the clouds
by
partnering with JPL missions and industry partners for about
two
years now and have several very good use cases and stories."
With this cloud computing solution, NASA has successfully
engaged a crowd of users. Users
have created over 2,000 pieces of social media and inspired 200
stories on TV, radio, and in
print. There have been 2.5 million API queries from NASA
crowd-sourcing applications and
500,000 API queries from developers. The Town Hall area of
the website has received over
40,000 votes and 5,000 individuals and teams have registered
for a NASA sponsored
competition. This crowd has also helped NASA identify craters
and other features of the
Martian surface. JPL has benefited from this outreach by
having engaged users and by
exploring and learning about new cloud-based technologies.21
19 National Aeronautics and Space Administration, May 2010.

20 National Aeronautics and Space Administration Office of the
Chief Technology Officer, “WWT Case Study” (government
document, 2010).
21 National Aeronautics and Space Administration Jet
Propulsion Laboratory Office of the Chief Technology Officer,
May 2010.
Engaging the public
in citizen science with
social media and
crowd-sourcing on a
scalable cloud
platform
19
Announced Project: Enterprise Data Center Strategy
NASA recently announced that it is re-evaluating its enterprise
data center strategy and has
halted a request for proposals that would have yielded an
indefinite delivery/indefinite
quantity contract with a maximum value up to $1.5 billion for
outsourced data center
services over multiple years.
Concurrently, a number of organizations within NASA are
evaluating the use of Nebula,
NASA’s scientific cloud solution for possible application in
satisfying their mission data
center needs:

The Flight Vehicle Research & Technology Division at Ames
Research Center is
exploring using Nebula for their Message Passing Interface
(MPI) implementation. This
group performs flight vehicle air flow computation. Data from
each piece of the aircraft
surface runs on a different compute node and each node
communicates edge conditions to
its neighboring nodes using MPI. Currently, it takes a very
expensive suite of equipment
to do that work: NASA’s 60000-core Pleiades computer.
Although Nebula does not
compete on performance with Pleiades, the setup time and
money saved by self-
provisioning compute power makes Nebula an attractive
alternative.
A second mission organization with enormous memory and
storage
requirements is interested in Nebula because the Infrastructure
as a
Service (IaaS) beta version, scheduled for release June 2010,
will allow
them to specify the amount of memory and storage needed for
their virtual
machines. One of the group's storage-heavy applications
requires 12 GB
of memory, which can be accommodated on the Nebula IaaS
cloud
solution.
A third organization is evaluating Nebula to create virtual
workstations
for software developers to write and test-compile their code.
Nebula would

give them more fine-grained control over the development
environment
and allow developers to share the many modules and libraries
currently
running on their local desktops.
And yet another organization is evaluating Nebula as a service
platform for interaction with
non-NASA partners. Nebula would enable anonymous but
controlled FTP for large file
transfers and run an in-house, web-based java application that
analyzes and visualizes data
produced by NASA’s Airspace Concept Evaluation System.22
22 National Aeronautics and Space Administration Office of
Legislative and Intergovernmental Affairs, May 2010.
Cancelled proposal
requests that would
have yielded up to
$1.5 billion in
enterprise data center
contracts and now
exploring cloud
alternatives
20

Social Security Administration
Project: Online Answers Knowledgebase (SOASK)
The Social Security Administration (SSA) handles millions of
questions and inquiries from
citizens every year. For example, inquirers want to know what
they can do online, or how to
get a social security number, file for benefits, locate a field
office, get a retirement estimate,
or request a proof of income letter. In order to provide the
public with a convenient means to
answer to their questions, anytime and anywhere Internet access
is available, the agency
provides an online database of Frequently Asked Questions.
The SSA is leveraging a cloud-based solution from RightNow
Technologies to provide this
service. Visitors to socialsecurity.gov can search for answers
by category,
keyword or phrase, which helps them quickly find the
information they are
looking for. Over a thousand questions and answers are
included in the
knowledge base. SSA keeps the information contained in the
knowledgebase up-to-date and relevant, eliminating the need to
call or
visit SSA for basic information.
In 2009, the number of answers provided through SSA’s
Frequently Asked
Questions grew to over 34 million. Given current agency
staffing levels, it
would not have been possible for office staff and 800-number
agents to

answer even 10 percent of these additional inquiries. By
contrast, the
Internet solution is highly scalable, allowing SSA to meet
increasing
demand for online information without impacting service in the
office and
on the phone.23
Federal Labor Relations Authority
Project: Case Management System
The Federal Labor Relations Authority (FLRA) recognized that
its decade-old case
management system was not supporting its mission to the fullest
extent possible. FLRA’s
users regularly experienced delays in searching and the system
couldn’t keep up with
expected growth. Additionally, the internal system had
expensive
software licensing costs.
Strategically, FLRA wanted to implement a shared electronic
case
management tracking system that would allow citizens to file
cases and
obtain documents electronically and then check the status of
their cases.
By using the cloud, FLRA intended to improve infrastructure
and make
existing IT and operations support more responsive to business
needs
while meeting regulatory compliance.

The FLRA selected Intuit’s Quickbase system as its platform to
implement
this new system. From requirements-gathering to completed
development, the project took less than 10 months to
implement. The
cloud-based solution has provided FLRA with more rapid
development at
25 percent of the original time to deploy. Users now use a
modern
browser-based user interface, and information collaboration
capabilities
23 Social Security Administration, May 2010.
Providing efficient
and cost-effective
access to case
information by
migrating the legacy,
in-house case
management system
to a cloud-based
platform
Helping the public
easily and efficiently
find answers to
questions through
cloud-based
knowledge
management and
CRM tools

21
have improved work efficiency. FLRA estimates that the total
cost of ownership of its case
management system has been reduced by nearly $600,000 over
five years.24
Recovery Accountability and Transparency Board
Project: Recovery.gov Cloud Computing Migration
Launched in February of 2009 after the passage of the American
Recovery and Reinvestment
Act (Recovery Act), Recovery.gov is designed to “foster greater
accountability in the use of
funds made available by this Act.”25
On April 26, 2010, Recovery.gov became the first Government-
wide system to migrate to a
cloud-based environment. The Amazon EC2 infrastructure will
provide
added security, as the vendor’s security will supplement
existing measures
previously put in place by the Board. The elastic nature of this
commercial cloud system means that Recovery.gov is a fully
scalable site,
ready to handle spikes in usage as needed. In-house personnel
currently
dedicated to management of the site’s associated data center and
corresponding hardware will be able to redirect their resources
to
oversight and fraud detection.

The Recovery Accountability and Transparency Board
created this public-facing site to allow citizens to track how
stimulus funds are spent. The
site includes a number of tools including graphs, charts, and
maps which are continuously
updated and refined to properly reflect stimulus spending. As
such, a Government-wide
system relies on an agile and substantial infrastructure to ensure
that information is
accessible, secure, and easy to update with current information.
Moving Recovery.gov to the cloud means a projected cost
savings of
$334,800 in FY 2010 and $420,000 in FY 2011. This represents
4 percent
of the Board’s $18 million total budget provided by Congress.
Additionally, the Board plans to reallocate more than $1 million
worth of hardware and
software to its accountability mission to help identify fraud,
waste, and abuse. Relocating
Recovery.gov to the cloud ensures nearly 100 percent uptime
and the ability to continuously
backup site information. By implementing cloud technologies,
the Board better meets its
obligations laid out under Section 1526 of the Recovery Act,
and is able to refocus efforts on
its mission of transparency and accountability.26
Securities and Exchange Commission
Project: Investor Advocacy System
The Office of Investor Education and Advocacy (OIEA) serves
individual investors who

complain to the SEC about investment fraud or the mishandling
of their investments by
securities professionals. The staff responds to a broad range of
investor contacts through
phones, email, web-forms, and US mail with volumes close to
90,000 contacts annually. Case
files were previously tracked in a 10 year old in-house system.
Like many older systems
24 Federal Labor Relations Authority, April 2010.
25 U.S. Congress. American Recovery and Reinvestment Act of
2009. H.R. 1. 111th Cong., 1st sess. (January 2009).
bin/getdoc.cgi?dbname=111_cong_bills&docid=f:h1enr.pdf.
26 Recovery Accountability and Transparency Board,
“Recovery.gov Moves to Cloud Computing Infrastructure,” May
2010.
http://www.recovery.gov/News/mediakit/Pages/PressRelease051
32010.aspx.
Leveraging a
commercial cloud
computing provider to
ensure accessibility,
security and
scalability
bin/getdoc.cgi?dbname=111_cong_bills&docid=f:h1enr.pdf�
32010.aspx�
22

there were several limitations including the inability attach
documents, handle paper files,
and provide accurate reports. The older system was also
intermittent in regards to up-time
and system speed.
To address these issues, the SEC implemented a cloud-based
CRM tool called Salesforce.com.
The implementation of Software as a Service (SaaS) solution
that took less
than 14 months from inception to deployment. Since the
implementation
of OIEA, the SEC has realized improvements in system
reliability,
efficiency and accuracy. Paper files are scanned into the system
and
worked electronically. All investor contact channels (email,
web-form, US
mail, fax, and phone) are brought into a single queue to be
assigned and
worked electronically. All documentation can now be attached
to case
files, which allows staff member to build complete chronology
of events.
Using this new paperless environment, the time required to
complete files
has significantly been reduced. In many cases it was decreased
up to 75
percent. Lifecycle tracking is now also available, allowing
management the
ability see at what stage and the chain of events for every case
file. The
system now also tracks information that is useful for assisting

investors as
well as reporting on data that is valuable to other SEC
divisions.
Having this new solution better equips SEC in assisting
investors efficiently and accurately,
which is even more important as we are still dealing with the
financial crisis.27
27 Securities and Exchange Commission Office of Investor
Education and Advocacy, May 2010.
Improving service for
over 90,000 consumer
contacts annually by
migrating 10-year old
legacy investor
advocacy system to
cloud-based CRM
solution
23
STATE AND LOCAL CLOUD COMPUTING CASE STUDIES
The following case studies provide recent examples of how state
and local governments are using
cloud computing technologies.

• State of New Jersey (New Jersey Transit Authority) -
Customer Relationship Management
• State of New Mexico (Attorney General’s Office) - E-mail &
Office Productivity
• Commonwealth of Virginia (Virginia Information
Technologies Agency) - Application
Development Platform
• State of Wisconsin (Department of Natural Resources) -
Collaboration
• State of Utah (Department of Technology Services) - Cloud
Computing Services
• City of Canton, Georgia- E-mail
• City of Carlsbad, California - Communication & Collaboration
Services
• City of Los Angeles, California - E-mail & Office Productivity
• City of Miami, Florida - 311 Service
• City of Orlando, Florida - E-mail
• Klamath County, Oregon - Office Productivity
• Prince George’s County, Maryland - School District E-mail
• State of Colorado (Office of Information Technology) -
Launching an Enterprise Cloud
• State of Michigan (Department of Technology Management
and Budget) - MiCloud

24
State of New Jersey
Project: Customer Relationship Management
(New Jersey Transit Authority)
NJ Transit is the nation's largest statewide public transportation
system providing bus, rail,
and light rail services of over 900,000 daily trips on 247 bus
routes, 26 bus stations, 11
commuter rail lines, and three light rail lines. NJ Transit links
major points in New Jersey,
New York, and Philadelphia, serving 164 rail stations, 60 light
rail stations and 19,800 bus
stops. NJ Transit relies upon its ability to field and respond to
customer feedback, and
requires a robust customer service system. The agency
transformed its customer feedback
process from one where issues went unresolved, with no
tracking and, in some cases, with
multiple executives seeing and responding to the same inquiry
to a streamlined, faster, more
accurate, and more efficient response system. The legacy
infrastructure for tracking
customer information and inquiries had limited functionality
and not all customer inquiries
were properly documented for future use. In addition, customer

service representatives were
responsible for a wide variety of inquiries, limiting the depth of
knowledge they could apply
to any given inquiry.
When NJ Transit began the search for a new customer system,
the organization found that a
hosted CRM system from Salesforce.com service fit its needs.
To take full advantage of the
software’s capabilities, NJT realigned its customer service
department to
make each member of the staff the expert for a specific
customer service
area, which decreased communications overhead and improved
productivity. The cloud-based system provides workflow rules
that route
incoming customer questions to the subject area experts. It also
enabled
customers and internal users the ability to ask questions and
submit
issues on the existing site via an online “Contact Us” web form,
which
flows into the solution’s central customer information
warehouse. The
system’s applications are linked to a data warehouse, employee
information, an e-mail management system, and a data quality
system.
Under the new system, the same number of staff handled 42,323
inquiries in 2006, compared
with 8,354 in 2004. During its use, and without an increase in
staff, the average response
time to inquiries dropped by more than 35 percent and
productivity increased by 31 percent.
The web form cut down on the time spent handling free-form e-

mail; approximately 50
percent of all customer feedback is captured via the online
form. Salesforce has allowed NJ
Transit to make significant improvements in their customer
service capabilities while
simultaneously reducing cost, infrastructure, and response
time.28,29
28 Tom C. Feeney, “NJ Transit to test online suggestion box for
riders,” Nj.com, May 2008.
http://www.nj.com/news/index.ssf/2008/05/nj_transit_to_test_o
nline_sugg.html.
29 New Jersey Transit, May 2010.
Improving
responsiveness to
citizen inquiries
through cloud-based
CRM tools
nline_sugg.html�
25
State of New Mexico
Project: E-mail & Office Productivity Tools
(Attorney General’s Office)

The New Mexico Attorney General’s Office (NMAGO) has
nearly 200 full-time employees,
including 120 attorneys. Most work in the office revolves
around creating, storing, and
accessing documents in a secure IT environment. The office
had historically relied upon the
case management functionality of its e-mail system to track
official documents ranging from
legal briefs to news releases. However, this system did not
offer a secure back-up function,
leaving vital and sensitive documents exposed to possible loss
in case of a server failure. One
possible solution, migrating to a system of in-house servers,
was cost-prohibitive in the short
and long term, with the upfront investment calculated at
$300,000. For this reason, the
office explored alternative IT upgrades.
When investigating alternative email systems, NMAGO selected
Google
Apps Premier Edition to meet its needs. This solution provides
the
necessary backup capabilities, and the mail search function also
eases the
difficulty of locating specific files. Without the need for in-
house
hardware, employees now have an unlimited ability to access,
save, and
archive their emails and documents. This transition has also
been
beneficial from an environmental perspective, as it has reduced
the need
for paper versions of files. NMAGO is now able to avoid costs
such as the
$50,000 spent a few years ago for replication software to store

data to a
disaster recovery site. The office has reduced costs and energy
use through reduced
hardware acquisitions and reduced workloads for IT staff.
Additionally, the office has
reduced time and money spent on licensing.
NMAGO’s successful migration to the cloud is an example of
what the office’s CIO calls a
“fundamental shift in the way information is transported to
users.” The CIO and his team
believe that the sharing platform offered by cloud-based
solutions is easily replicable and can
be used to meet various government needs. They “believe cloud
computing offers a new way
for government to be more responsive and helpful to the public,
and save more money than
ever before.”30,31
30 James Ferreira, message entitled “Microsoft Exchange or
Google Apps? One government agency goes Google,” the
Google
Enterprise Blog, message posted November 2009.
http://googleenterprise.blogspot.com/2009/11/microsoft-
exchange-or-google-
apps-one.html.
31 New Mexico Attorney General’s Office of the Chief
Information Officer, May 2010.
Providing 120
attorneys and 200
full-time employees

cloud-based e-mail
exchange-or-google-apps-one.html�
26
Commonwealth of Virginia
Project: Enterprise Application Development Platforms
(Virginia Information Technologies Agency)
The Virginia Information Technologies Agency (VITA) is the
Commonwealth's consolidated
information technology organization with responsibility for
governance of IT investments
and the security, technology procurement, and operations of IT
infrastructure. The Agency
Outreach group of the Enterprise Applications Division (EAD)
at VITA provides software
development and integration support and services to small
agencies, the secretariat, and
projects that require cross-agency collaboration.
In the spring of 2009 this group received a request from the
Secretary of the Commonwealth
to build and host an online solution for Notary and eNotary
applications. At the same time it
also received a request from Virginia’s Workforce One Stop
councils to create and host a low

cost solution for a common intake form for the centers. Given
the limited
resources available, under the constraints of traditional
technologies,
these custom development projects would have been cost
prohibitive.
To meet this challenge, EAD leveraged cloud computing to
quickly
provision a virtualized software development platform. Using
Amazon
EC2 services, the group was able to add and remove
development or
testing environments with ease. Even after full release to a
production
environment, EAD uses cloud computing to scale the production
environment up as needed and for disaster recovery backups
through
RackSpace virtual storage services.
Virginia used cloud computing to develop new applications that
would have otherwise been
cost prohibitive. Instead of going through a process that
typically lasts months, EAD was
able to stand up a virtualized development platform from the
cloud in less than two hours.
VITA is still evaluating cloud computing at the agency level,
reflecting on this group’s recent
success delivering service with the speed and flexibility its
customers need.32
State of Wisconsin
Project: Collaboration
(Department of Natural Resources)

The Wisconsin Department of Natural Resources (DNR) has 200
locations scattered across
the State, including some in remote areas. In the past, the
department typically conducted
business through conference calls and face-to-face meetings
with staff from various locations.
Outside of e-mail, there were no ad-hoc collaboration tools
available to department staff to
review documents which required multiple revisions by
different staff members. The
department’s available video-conferencing system ran using
outdated technology and cost the
DNR $1,330 per month.
The DNR evaluated server-based collaboration software, but
due to a recent migration of all
of the department’s servers to the State’s new data center, there
were no resources available
to purchase an on-premises solution. The DNR began using
Microsoft Live Meeting as a web
conferencing solution and immediately realized cost savings and
improved efficiencies. Staff
32 Virginia Information Technologies Agency, “Cloud
computing: Commonwealth of Virginia” (government document,
2010).
Improving the
application
development process
through use of virtual
environments

27
members are now able to interact and can use dynamic solutions
including a 360 degree
panoramic video camera to conduct meetings together. The cost
of
running a web conference is only a fraction of the cost required
to use a
traditional conference call bridge and the DNR has the
flexibility to
purchase additional user licenses as needed for other
departments.
The DNR has used this cloud-based solution to completely
replace on-site
meetings, training, and telephone and conference calls among
internal
staff and with outside agencies. This solution allows remote
users to
participate in meetings even if they are not at one of the DNR’s
office
locations. The staff is now more efficient because they spend
significantly
less time on the road travelling to meetings. Since this
migration in 2009,
the DNR estimates that staff members have participated in
nearly 3,500
meetings, saving the department more than $320,000. In the
coming
years, the DNR expects the return on investment to grow from
270 percent
for the first year to over 400 percent in future years.33

State of Utah
Project: Cloud Computing Services
(Department of Technology Services)
The State of Utah began an effort to standardize and unify its IT
services in 2005 when it
merged its technology assets into a single department, moving
all IT staff under the state
Chief Information Officer. To develop a suitable cloud
strategy, the State needed to fulfill
specific security requirements unique to the State. If these
security challenges were met,
Utah could take advantage of an array of cloud benefits
including elastic expansion of
services, rapidly provisioned computing capabilities, and shared
services across multiple
users and platforms based on customer demand.
After a wave of data center consolidation, in 2009 Utah decided
that a hybrid cloud approach
would work best for the State’s needs. A hybrid approach
combines access to public cloud
services that add to or replace existing state infrastructure with
private cloud services
meeting specialized access and security requirements. This
cloud environment includes
services hosted both by third-party providers and in-state data
centers.
The move to cloud-based solutions has benefited local public
sector actors
across the state. Although many of the public cloud provisioned

services
are free, the State of Utah also supports a growing number of
paid services
where individual county and city governments pay only for their
usage.
These currently include Force.com for Customer Relationship
Management, Google Earth Professional for shared Geographic
Information System (GIS) planning, and Wikispaces where there
are an
increasing number of self-provisioned wikis. Contracts for
these services
are centrally managed through the Department of Technology
Services
(DTS) and make it easy for agencies to use.
Having provided its agencies and local governments with
centralized access to the public
cloud, the State of Utah is now focused on completing its
private cloud. The State’s
33 State of Wisconsin, May 2010.
Increasing
collaboration through
a hosted online
meeting space that
supports conference
calls, interactive
meetings, and
information sharing
Launching cloud
environment to
provide enterprise
services across the

state and local
governments at
competitive prices
28
applications previously resided on about 1,800 physical servers
in over 35 locations. By
December 2010, the State plans to move these applications to a
virtual platform of 400
servers. This initiative is currently over 70 percent complete
and is expected to save $4
million in annual costs for a state IT budget of only $150
million. Going forward, DTS plans
to extend virtualization to desktops across the state.
By implementing a vast strategy for migrating services to the
cloud, the State has created an
enterprise where public or private services can be reused and
provisioned on demand to meet
agency needs as cost-effectively as possible. This effort has
had an immediate impact on
State agencies and is expected to result in significant future
savings.34, 35
City of Canton, Georgia
Project: E-mail
The City of Canton, GA, approximately 40 miles north of
Atlanta, has a population of 21,000

and was recently recognized as the fastest growing city in
Georgia and America’s 5th fastest
growing city. The City’s 185 employees were looking to reduce
the cost and effort of
maintaining an IT infrastructure and increase the reliability of
business e-mail and
productivity solutions. The legacy e-mail system was difficult
to maintain and keep up-to-
date.
The City decided to migrate to Google Apps to provide staff
members with a more reliable
and feature-rich system. Staff members immediately benefited
from gaining access to e-mail
at home and on mobile devices, and from the increased
collaboration available with tools
such as group calendar, instant messaging, and shared
documents and
spreadsheets.
With this cloud-based solution, the City’s IT staff no longer has
to handle
spam filters, a task that took 20 hours a week to manage prior to
migration. IT staff members are also able to use powerful e-
mail discovery
tools in the new cloud-based solution so that e-mails potentially
related to
legal investigations are securely archived but easily accessible
to approved
personnel. The City estimates an annual savings of $10,000 by
migrating to cloud
computing.36

34 State of Utah Department of Technology Services,
“Implementing Utah’s cloud computing strategy: A case study
on
bringing cloud-based IT services to government” (government
document, 2010).
35 State of Utah, May 2010.
36 City of Canton, May 2010.
Migrating 185 city
employees to cloud-
based e-mail
29
City of Carlsbad, California
Project: Communication & Collaboration Services
The City of Carlsbad, California has 1,100 employees across 22
departments who work in 30
different facilities across the city. Until recently, the City’s
employees used a 15 year-old,
non-standard IT system. The City’s IT department knew it had
to simultaneously
standardize its IT infrastructure and cut costs without
sacrificing its high level of service.
When the City began the process of standardizing its IT
infrastructure, officials decided to
review options for migrating from an on-premise e-mail and
collaboration system to one

hosted in the cloud.
The City ended up selecting a cloud-based version of the
Microsoft
productivity suite, hosted in Microsoft’s data centers outside of
Carlsbad.
It was able to eliminate the costs of maintaining equipment,
paying only
monthly user fees for this new environment. While the City
considered
using an on-premises version of the productivity suite instead
due to data
security concerns, it realized that from a disaster recovery
standpoint,
their data was more secure being hosted outside of the City’s
data center.
The City has already realized a 25 percent savings over the past
year
using the new off-site solution, as there is no longer a need to
maintain
servers, manage upgrades, implement hardware replacements, or
hire a
systems administrator. The City realized other immediate
benefits after
the migration, including better access to e-mail from mobile
devices and
new, integrated instant messaging and web collaboration for
meetings and video
conferences.37
City of Los Angeles, California

Project: E-mail & Office Productivity
The City of Los Angeles has 34,000 employees across 40+
departments. In 2009, the city
faced a $400 million deficit. This budgetary crisis and the
resulting IT staff layoffs
exacerbated existing frustrations with the city’s in-house IT
systems. The city’s Information
Technology Agency sought to find a new e-mail and IT provider
which would streamline
productivity and create more efficiencies in day-to-day
operations. The city received 15
proposals for possible replacements to its in-house system.
In October 2009, the City of Los Angeles announced plans to
transition to Google Apps with
the help of systems integrator, with a five year services
contract. The city plans on having
all employees on cloud-based e-mail by June 30, 2010 and has
begun
initial use of other products within the Google Apps Premier
Edition suite
and to the cloud as city employees have become more familiar
with using
the Cloud for workplace productivity.
The City’s Chief Technology Officer estimated a direct savings
of $5.5
million over five years as a result of the implementation, with
the
potential ROI for increased productivity possibly reaching $20
to $30
million as city employees become fully trained on cloud-based
applications.
The city is now able to offer each city employee 25 times more

storage
37 City of Carlsbad, May 2010.
Serving the city’s
needs for desktop and
mobile e-mail, online
collaboration tools,
and web conferencing
through hosted
communication and
collaboration services
Providing over 34,000
employees cloud-
based e-mail and
productivity tools
30
space, and can provide much more capability and add new users
without ever needing to
worry about hardware availability on city servers. City
employees will also benefit from
cloud-based integrated instant messaging, video conferencing,
simultaneous review and
editing of documents by multiple people, and the ability to
access their e-mail and work data
from any computer or mobile device.
While at first some city council members and staff were

skeptical about moving city data
outside of direct city control, the vendors have ensured that
from a security and disaster
recovery standpoint, data being stored in the cloud environment
exceeds both the City's
contractual requirements and current environment. The city’s
new system and its data will
be safe from earthquakes and other potential natural disasters
that could and have affected
the city. In addition, the City of Los Angeles retains full
ownership of all data on the servers
and the vendors must request access to see City data, stored in
the clear. These were critical
hurdles the system had to clear before being recommended by
staff and accepted
unanimously by the City Council. With these protections and
the productivity benefits,
moving to cloud computing was a natural step for Los Angeles
and in keeping with our focus
on innovation as well as fiscal responsibility.38,39, 40
City of Miami, Florida
Project: 311 Service
The City of Miami, with a population of nearly 5.5 million, has
3,600 employees who work in
83 locations. When the City’s centralized IT department needed
to cut its budget by nearly
18 percent and was forced to drop nearly 20 percent of its
already small staff, continuing to
deliver quality and innovative services became a challenge. At
the same time, the city
sought to supplement its 311 phone line, used by citizens to
report non-emergency situations,

with an interactive online platform for tracking service requests
and mapping them
geographically.
The 311 website proposal posed several challenges to the city
and its IT staff. The city
needed to be sure it had adequate processing power to support
its new, processing power-
intensive mapping application. The city also needed to take
into account disaster recovery
measures, since the Miami area is frequently hit with
hurricanes. Overall, the city was
unsure it could provide the necessary resources to manage the
311 website in-house, so
moving to the cloud was the logical next choice.
The City decided to leverage a scalable, cloud-based Windows
Azure
platform that provides developers with on-demand hosting in
Microsoft
data centers. From a technical standpoint, the City was able to
seamlessly
integrate existing technologies in use by development teams on
other
projects with the cloud-based platform. Also, the pay-as-you-
go platform
allowed the City to test out the application and only pay for
actual usage,
which was also beneficial when the application become more
popular.
Moreover, IT staff members were able to streamline
development of the
application and move from testing to production simply and
quickly. The
deployment of the 311 website application on the cloud-based

platform was
38 City of Los Angeles Information Technology Agency, “Los
Angeles Google Enterprise Email & Collaboration System”
(presentation, 2010).
39 City of Los Angeles, May 2010.
40 City of Los Angeles, “City of L.A. CSC/Google Project
Highlights – as of 12/18/09,” the LA GEECS Google Site,
document
posted February 2010,
https://sites.google.com/a/lageecs.lacity.org/la-geecs-
blog/home.
Improving the ability
for citizens to report
and track requests for
city services through
its “311” cloud-hosted
web application
blog/home�
31
successful and the City is planning additional service offerings
to citizens based on the
overall value and efficiency of cloud computing.41, 42
City of Orlando, Florida

Project: E-mail
To address recent budget and human resource challenges, the
City of Orlando moved its e-
mail and productivity solution to the cloud. Preparing for the
Fiscal Year 2010, the City
faced a 12 percent budget cut and the retirement of two mail
administrators and an
information security officer. As the license renewal deadline
approached, the City’s CIO
confronted these business challenges by leading Orlando into
the cloud.
After evaluating several providers, Orlando chose to contract
with Google to provide an e-
mail solution for all 3,000 City workers. City leadership
supported the transition based on
several decision factors including projected cost savings of
$262,500 per year, centralized
document storage and collaboration, increased mail storage
from 100MB to 25GB per user,
and enhanced support for mobile devices.
Although the City’s contract includes Google Docs, the City
also retained
the Microsoft Office productivity suite in order to avoid the
cost to retrain
employees.
After piloting with a small number of users, the full roll-out of
the solution
occurred on January 7, 2010. The City has realized a 65 percent
reduction
in e-mail costs and provided additional features to increase the
productivity of workers. Google is now responsible for the
City’s e-mail

server maintenance and IT support. Security functions and
features such as virus checking
and spam control are also performed by Google through their
Postini services.43,44
Klamath County, Oregon
Project: Office Productivity
Klamath County, Oregon is one of Oregon’s geographically
largest counties spanning 6,000
square miles. The county has about 70,000 residents and a staff
of 600 employees spread
across the expansive county. County employees typically
leverage video conferencing on a
regular basis. When the county’s director of IT realized that the
need to
upgrade IT capacity was imminent, coupled with the fact that
the county
faced a budget crunch, he began evaluating cloud-based
solutions.
After considering the options, the county decided to migrate to
a hosted
solution, and selected Microsoft Online Business Productivity
Suite. This
would not only free up valuable human resources from
managing the
server environment, but also cut costs. The county also noted
the
potential for dependability of the system to improve since
performance was

41 Rutrell Yasin, “City of Miami takes citizen services to
cloud,” Government Computer News, March 2010.
http://gcn.com/articles/2010/03/10/city-of-miami-microsoft-
azure.aspx.
42 City of Miami, May 2010.
43 Mark Schlueb, “Orlando goes Google for cheaper e-mail,”
Orlando Sentinel, January 2010.
http://articles.orlandosentinel.com/2010-01-
09/news/1001080262_1_google-e-mail-google-enterprise-
google-docs.
44 City of Orlando, “Orlando Goes Google” (government
document, 2010).
Providing 3,000 city
employees cloud-
based e-mail services
Providing county of
6,000 square miles
with cloud-based
collaboration tools
azure.aspx�
google-docs�
32
not tied to county IT staff’s ability to keep the servers
optimized.

With this migration, the county was able to keep costs low and
ensure that IT personnel and
other resources were used appropriately amidst the flat county
revenues. The personnel
required to manage the e-mail solution decreased by 1.5 full
time equivalents, an 86 percent
reduction. The county also managed to implement new features
including integrated
messaging, collaborative tools to increase productivity for the
entire county, and the ability
to archive emails for a longer period of time.45
Prince George’s County, Maryland
Project: School District E-mail
The Prince George’s County, MD school district is the 18th
largest school district in the
country, with over 200 schools, 129,000 students and nearly
28,000 faculty/staff. For the
2008-2009 school year, the school district was facing budget
cuts of $185 million and
projected that a needed upgrade to their on-premises e-mail
system would cost $1 million.
The existing system required the support of multiple dedicated
members of the district’s IT
staff, and due to the lack of an e-mail archiving system, IT
personnel spent
an excessive amount of time tracking down electronic records
for legal
purposes.
The district decided to migrate staff e-mail accounts to the

Google Apps
platform, which is offered to public schools at no cost. The
school district’s
faculty and staff are now leveraging Google’s cloud computing
platform for
messaging and collaboration. More than 13,000 of the staff
members also
use Google Message Discovery, powered by Postini, for
archiving and
discovery. Due to the cost effectiveness of the cloud computing
solution,
the district was able to also add the Message Discovery add-on,
which
costs only a few dollars per user per year, allowing authorized
users to locate e-mail
messages within minutes. With the success of this cloud
computing experience the school
district is also considering phasing in a cloud-based solution for
use by students throughout
the school district.46,47
State of Colorado
Announced Project: Launching an Enterprise Cloud
(Office of Information Technology)
In 2008, Colorado’s Governor’s Office of Information
Technology (OIT) began to consolidate
the IT systems from 17 Executive Branch agencies. Prior to
consolidation, the State was
responsible for 40 data centers consisting of 1,800 servers, of
which 122 alone powered
different versions of Lotus Notes, Microsoft Exchange, and
Novell GroupWise for e-mail. The

goal of consolidation was to achieve cost savings through
standardization while reducing the
complexity of administering multiple platforms, and improving
service delivery. OIT also
envisioned gaining the ability to share resources with local
jurisdictions and schools across
the State.
45 Klamath County Oregon, May 2010.
46 Prince George’s County Public Schools. “Googlizing the
Masses” (presentation, School Board of Prince George’s County
Public Schools, MD, 2010).
http://docs.google.com/present/view?id=dxjw4sx_14gvr3r7fz.
47 Prince George’s County Public Schools, May 2010.
Migrating staff e-
mails to a cloud-
based solution that is
offered to public
schools free-of-charge
http://docs.google.com/present/view?id=dxjw4sx_14gvr3r7fz�
33
Colorado decided to implement a hybrid cloud solution to meet
the diverse needs of its 17
state agencies. Each agency has its own applications which
required
different levels of security, so the State’s plan includes three
elements: a
private cloud for line-of-business/highly secure data and

systems, a virtual
private cloud for archival storage/disaster recovery, and a
public cloud for
e-mail office productivity applications and websites.
For Colorado’s private cloud, the State will use an existing data
center and
begin to leverage server virtualization. All production data will
remain
on-site while virtualized instances of the production server can
be stored
off-site, increasing disaster recovery capabilities at reduced
cost.
Colorado’s virtual private cloud allows for additional
scalability on a pay-
as-you-go model for large systems. Colorado has recently
started
transitioning systems to the virtual private cloud.
Colorado’s usage of the public cloud will initially be a pilot of
Google Apps for e-mail and
office productivity. Using cloud-based e-mail provides
Colorado with increased mobility,
disaster recovery, storage, better document sharing, and
collaboration. The pilot will test the
migration of e-mail from three different agencies, focusing on
security and workflow
processing. If the pilot is successful and the cost-benefit
analysis proves positive, the State
plans to transition all 27,600 Executive Branch employees to
the new system.
By shifting e-mail to the cloud, Colorado will be able to take all
122 existing e-mail servers
out of production and experience significant operational cost
savings. An initial cost-benefit

analysis of the migration to cloud-based e-mail estimates annual
savings of $8 million. In
addition, Colorado will avoid additional expenses of up to $20
million over the next three
years.48
State of Michigan
Announced Project: MiCloud
(Department of Technology Management and Budget)
In March 2010, Michigan’s Department of Information
Technology consolidated with the
State’s Department of Management and Budget. The new
Department of Technology,
Management & Budget (DTMB) is now building a full array of
services to provide across
governments and the private sector. Michigan is moving toward
leveraging cloud-based
solutions to provide clients with rapid, secure, and lower cost
services
though a program dubbed “MiCloud.”
One key area of current action is the State’s strategic
investment in
storage virtualization technologies, expected to go live in
October 2010.
Michigan is actively piloting MiCloud “Storage for Users” and
“Storage for
Servers” as internal government cloud functions delivered by
DTMB. The
consumption expectation is more than 250 terabytes in the first
year of
operation at a projected storage cost that is 90 percent lower

than today’s
lowest-cost storage tier. MiCloud provides self-service and
automated
delivery within 10 minutes of submitting an online request. The
following
table expresses projected savings based on migration rates. It is
48 State of Colorado Government Office of Information
Technology, “Moving Colorado to the cloud: A business case”
Making strategic
investments in
virtualization
technologies and
developing a cloud
platform to support
state-wide services
Implementing a
hybrid cloud strategy
to increase offerings
and reduce costs
while meeting the
diverse security needs
of 17 agencies
34
important to note that this low-cost option represents a service
alternative that is only

appropriate for data that do not require 24x7 availability or
real-time, block-level replication.
The State of Michigan’s 2010-2014 strategic plan
also outlines critical future investments in virtual
server hosting and process automation. The State
is in the proof-of-concept phase for the MiCloud
“Hosting for Development” and “Process
Orchestrator” functions in the internal
government cloud. The hosting for development
function automates the delivery of virtual servers
within 30 minutes of submitting an online
request. Michigan will also explore a hybrid cloud
to deliver a more complex Application Platform as
a Service (APaaS). The process orchestrator
function enables agency business users,
regardless of IT skill level, to create and test
simple process definitions. Business users will be
able to publish processes and related forms to the
service catalog and over time analyze related metrics.
Ultimately, the shift to cloud
computing will allow Michigan to improve services to citizens
and business while freeing up
scarce capital, staff resources, and IT assets for critical
investments.49
49 State of Michigan Department of Technology, Management
& Budget, “Governing in the cloud – a government case study
from Michigan” (government document, 2010).
Migration
Rate

Potential Annual
Savings or Cost
Avoidance
10% $228,000
20% $456,000
30% $684,000
40% $912,000
50% $1,140,000
60% $1,368,000
35
REFERENCES
Air Force Office of the Chief Information Officer. May 2010.
City of Canton. May 2010.
City of Carlsbad. May 2010.
City of Los Angeles. May 2010.
City of Los Angeles Information Technology Agency. “Los
Angeles Google Enterprise Email &
Collaboration System.” presentation, 2010.

City of Miami. May 2010.
City of Orlando. “Orlando Goes Google.” government
document, 2010.
Defense Information Systems Agency. May 2010.
Defense Information Systems Agency. May 2010.
Department of Energy Office of the Chief Information Officer.
May 2010.
Department of Health and Human Services. May 2010.
Department of the Interior Office of the Chief Technology
Officer. April 2010.
Erlichman, Jeff. “Cloud Recruiting.” On the Frontlines: Shaping
Government Clouds, (Winter 2010).
http://www.mygazines.com/issue/5865.
Federal Labor Relations Authority. April 2010.
Feeney, Tom C. “NJ Transit to test online suggestion box for
riders.” Nj.com, (May 14, 2008).
nline_sugg.html.
General Services Administration. May 2010.
General Services Administration. “Cloud Sourcing Models.”
government document, 2010.
General Services Administration. “FDCCI – Initial Data Center
Inventory.” government document,

2010.CIO Council.
BDBE-6B59-
Guidance/category/Policy%2
0Letters%20and%20Memos.
Google Enterprise Blog, The.
exchange-or-
google-apps-one.html.
Klamath County Oregon. May 2010.
LA GEECS Google Site, The.
blog/home.
Lawrence Berkeley National Labs Office of the Chief
Information Officer. May 2010.
National Aeronautics and Space Administration. March 2010.
http://www.mygazines.com/issue/5865�
nline_sugg.html�
BDBE-6B59-
BDBE-6B59-
BDBE-6B59-

blog/home�
36
National Aeronautics and Space Administration Jet Propulsion
Laboratory Office of the Chief
Technology Officer. May 2010.
National Aeronautics and Space Administration Office of the
Chief Technology Officer. “WWT Case
Study.” government document, 2010.
National Aeronautics and Space Administration Office of
Legislative and Intergovernmental Affairs.
May 2010.
National Institute of Standards and Technology.
http://csrc.nist.gov/groups/SNS/cloud-computing/.
National Institute of Standards and Technology. “Summary of
NIST Cloud Computing Standards
Development Efforts.” government document, 2010.
New Jersey Transit. May 2010.
New Mexico Attorney General’s Office of the Chief Information

Officer. May 2010.
Prince George’s County Public Schools. May 2010.
Prince George’s County Public Schools. “Googlizing the
Masses.” presentation, School Board of
Prince George’s County Public Schools, MD, 2010.
http://docs.google.com/present/view?id=dxjw4sx_14gvr3r7fz.
Recovery Accountability and Transparency Board.
“Recovery.gov Moves to Cloud Computing
Infrastructure.” May 2010.
32010.aspx.
Schlueb, Mark. “Orlando goes Google for cheaper e-mail.”
Orlando Sentinel, (January 2010).
09/news/1001080262_1_google-e-mail-google-
enterprise-google-docs.
Securities and Exchange Commission Office of Investor
Education and Advocacy. April 2010.
Social Security Administration. May 2010.
State of Colorado Government Office of Information
Technology. “Moving Colorado to the cloud: A
business case.” government document, 2010.
State of Michigan Department of Technology, Management &
Budget. “Governing in the cloud – a
government case study from Michigan.” government document,
2010.
State of Utah. May 2010.

State of Utah Department of Technology Services.
“Implementing Utah’s cloud computing strategy:
A case study on bringing cloud-based IT services to
government.” government document,
2010.
State of Wisconsin. May 2010.
United States Army G-1. May 2010.
U.S. Congress. American Recovery and Reinvestment Act of
2009. H.R. 1. 111th Cong., 1st sess.
(January 2009). http://frwebgate.access.gpo.gov/cgi-
bin/getdoc.cgi?dbname=111_cong_bills&docid=f:h1enr.pdf.
http://csrc.nist.gov/groups/SNS/cloud-computing/�
http://docs.google.com/present/view?id=dxjw4sx_14gvr3r7fz�
32010.aspx�
google-docs�
google-docs�
37

U.S. Congress. Energy Independence and Security Act of 2007.
H.R. 6. 110th Cong., 1st sess.
(January 2007). http://frwebgate.access.gpo.gov/cgi-
bin/getdoc.cgi?dbname=110_cong_bills&docid=f:h6enr.txt.pdf.
Virginia Information Technologies Agency. “Cloud computing:
Commonwealth of Virginia.”
government document, 2010.
Yasin, Rutrell. “City of Miami takes citizen services to cloud.”
Government Computer News, (March
2010). http://gcn.com/articles/2010/03/10/city-of-miami-
microsoft-azure.aspx.
azure.aspx�Executive SummaryFederal Government
ApproachDefinition of Cloud ComputingCharacteristics of the
CloudBenefits of Cloud ComputingDeployment ModelsService
ModelsData Center ConsolidationStandards
DevelopmentSpecial Publications on Cloud Computing and
Selected TopicsStandards Acceleration to Jumpstart Adoption of
Cloud Computing (SAJACC)Federal Risk and Authorization
Management Program (FedRAMP)Federal Budget
PlanningIllustrative Case StudiesFederal Cloud Computing Case
StudiesDepartment of DefenseDepartment of EnergyDepartment
of Health and Human ServicesDepartment of the InteriorGeneral
Services AdministrationNational Aeronautics and Space
AdministrationSocial Security AdministrationFederal Labor
Relations AuthorityRecovery Accountability and Transparency
BoardSecurities and Exchange CommissionState and Local

Cloud Computing Case StudiesState of New JerseyState of New
MexicoCommonwealth of VirginiaState of WisconsinState of
UtahCity of Canton, GeorgiaCity of Carlsbad, CaliforniaCity of
Los Angeles, CaliforniaCity of Miami, FloridaCity of Orlando,
FloridaKlamath County, OregonPrince George’s County,
MarylandState of ColoradoState of MichiganReferences
F E B R U A R Y 8 , 2 0 1 1
Vivek Kundra
U.S. Chief Information Officer
F E D E R A L C L O U D
C O M P U T I N G S T R AT E G Y
i★ ★
TABLE OF CONTENTS
Executive Summary
1
I Unleashing the Power of Cloud
5
1 Defining cloud computing
5
2 Cloud is a fundamental shift in IT
6

3 Cloud computing can significantly improve public sector IT
6
II Decision Framework for Cloud Migration
11
1 Selecting services to move to the cloud
11
2 Provisioning cloud services effectively
15
3 Managing services rather than assets
16
III Case Examples to Illustrate Framework
19
1 Tailoring solution to protect security and maximize value
19
2 Provisioning to ensure competitiveness and capture value
20
3 Re-defining IT from an asset to a service
22
IV Catalyzing Cloud Adoption
25
1 Leveraging cloud computing accelerators
25
2 Ensuring a secure, trustworthy environment
26

3 Streamlining procurement processes
28
4 Establishing cloud computing standards
29
5 Recognizing the international dimensions of cloud computing
30
6 Laying a solid governance foundation
31
V Conclusion
33
Appendix 1: Potential Spending on Cloud Computing By
Agency 35
Appendix 2: Agency Resources for Cloud Computing
37
1★ ★
EXECUTIVE SUMMARY
The Federal Government’s current Information Technology (IT)
environment is characterized by low
asset utilization, a fragmented demand for resources,
duplicative systems, environments which are dif-
ficult to manage, and long procurement lead times These
inefficiencies negatively impact the Federal
Government’s ability to serve the American public

Cloud computing has the potential to play a major part in
addressing these inefficiencies and improving
government service delivery The cloud computing model can
significantly help agencies grappling with
the need to provide highly reliable, innovative services quickly
despite resource constraints
Commercial service providers are expanding their available
cloud offerings to include the entire tradi-
tional IT stack of hardware and software infrastructure,
middleware platforms, application system com-
ponents, software services, and turnkey applications The
private sector has taken advantage of these
technologies to improve resource utilization, increase service
responsiveness, and accrue meaningful
benefits in efficiency, agility, and innovation Similarly, for the
Federal Government, cloud computing
holds tremendous potential to deliver public value by increasing
operational efficiency and responding
faster to constituent needs
An estimated $20 billion of the Federal Government’s $80
billion in IT spending is a potential target for
migration to cloud computing solutions (Appendix 1) 1
Figure 1: Estimated portion of Federal IT spend able to move to
the cloud
1 Based on agency estimates as reported to the Office of
Management and Budget (OMB)

F E d E R A L C L O U d C O M p U T I N g S T R AT E g Y
2★ ★
To harness the benefits of cloud computing, we have instituted a
Cloud First policy This policy is intended
to accelerate the pace at which the government will realize the
value of cloud computing by requiring
agencies to evaluate safe, secure cloud computing options
before making any new investments
By leveraging shared infrastructure and economies of scale,
cloud computing presents a compelling
business model for Federal leadership Organizations will be
able to measure and pay for only the IT
resources they consume, increase or decrease their usage to
match requirements and budget con-
straints, and leverage the shared underlying capacity of IT
resources via a network Resources needed
to support mission critical capabilities can be provisioned more
rapidly and with minimal overhead and
routine provider interaction
Cloud computing can be implemented using a variety of
deployment models – private, community,
public, or a hybrid combination
Cloud computing offers the government an opportunity to be
more efficient, agile, and innovative
through more effective use of IT investments, and by applying
innovations developed in the private
sector If an agency wants to launch a new innovative program,
it can quickly do so by leveraging cloud
infrastructure without having to acquire significant hardware,
lowering both time and cost barriers to
deployment

This Federal Cloud Computing Strategy is designed to:
• Articulate the benefits, considerations, and trade-offs of
cloud computing
• Provide a decision framework and case examples to support
agencies in migrating towards
cloud computing
• Highlight cloud computing implementation resources
• Identify Federal Government activities and roles and
responsibilities for catalyzing cloud
adoption
Following the publication of this strategy, each agency will re-
evaluate its technology sourcing strategy
to include consideration and application of cloud computing
solutions as part of the budget process
Consistent with the Cloud First policy, agencies will modify
their IT portfolios to fully take advantage
of the benefits of cloud computing in order to maximize
capacity utilization, improve IT flexibility and
responsiveness, and minimize cost
E X E C U T I V E S U M M A R Y
3★ ★
Figure 2: Cloud benefits: Efficiency, Agility, Innovation
EFFICIENCY
Cloud Benefits Current Environment

• Improved asset utilization (server utilization >
60-70%)
• Aggregated demand and accelerated system con-
solidation (e g , Federal Data Center Consolidation
Initiative)
• Improved productivity in application develop-
ment, application management, network, and
end-user
• Low asset utilization (server utilization < 30%
typical)
• Fragmented demand and duplicative systems
• Difficult-to-manage systems
AGILITY
• Purchase “as-a-service” from trusted cloud
providers
• Near-instantaneous increases and reductions in
capacity
• More responsive to urgent agency needs
• Years required to build data centers for new
services
• Months required to increase capacity of existing
services

INNOVATION
• Shift focus from asset ownership to service
management
• Tap into private sector innovation
• Encourages entrepreneurial culture
• Better linked to emerging technologies (e g ,
devices)
• Burdened by asset management
• De-coupled from private sector innovation
engines
• Risk-adverse culture
5★ ★
I. UNLEASHINg THE
pOWER OF CLOUd
Cloud computing describes a broad movement to treat IT
services as a commodity with the ability to
dynamically increase or decrease capacity to match usage needs
By leveraging shared infrastructure
and economies of scale, cloud computing presents Federal
leadership with a compelling business
model It allows users to control the computing services they

access, while sharing the investment in
the underlying IT resources among consumers When the
computing resources are provided by another
organization over a wide-area network, cloud computing is
similar to an electric power utility The pro-
viders benefit from economies of scale, which in turn enables
them to lower individual usage costs and
centralize infrastructure costs Users pay for what they
consume, can increase or decrease their usage,
and leverage the shared underlying resources With a cloud
computing approach, a cloud customer can
spend less time managing complex IT resources and more time
investing in core mission work
1. Defining cloud computing
Cloud computing is defined by the National Institute of
Standards and Technology (NIST)2 as “a model for
enabling convenient, on-demand network access to a shared
pool of configurable computing resources
(e g , networks, servers, storage, applications, and services) that
can be rapidly provisioned and released
with minimal management effort or service provider interaction
”3 NIST has identified five essential
characteristics of cloud computing: on-demand service, broad
network access, resource pooling, rapid
elasticity, and measured service 4
Cloud computing is defined to have several deployment models,
each of which provides distinct
trade-offs for agencies which are migrating applications to a
cloud environment NIST defines the cloud
deployment models as follows:
• Private cloud. The cloud infrastructure is operated solely for
an organization It may be managed
by the organization or a third party and may exist on premise or

off premise
• Community cloud. The cloud infrastructure is shared by
several organizations and supports a
specific community that has shared concerns (e g , mission,
security requirements, policy, and
compliance considerations) It may be managed by the
organizations or a third party and may
exist on premise or off premise
• Public cloud. The cloud infrastructure is made available to
the general public or a large industry
group and is owned by an organization selling cloud services
• Hybrid cloud The cloud infrastructure is a composition of
two or more clouds (private, com-
munity, or public) that remain unique entities but are bound
together by standardized or
proprietary technology that enables data and application
portability (e g , cloud bursting for
load-balancing between clouds)
2 http://csrc nist gov/groups/SNS/cloud-computing/cloud-def-
v15 doc
v15 doc
v15 doc
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-
v15.doc
v15.doc
v15.doc

6★ ★
Cloud computing can also categorized into service models
These are defined by NIST to be:
• Cloud Software as a Service (SaaS). The capability provided
to the consumer is to use the pro-
vider’s applications running on a cloud infrastructure The
applications are accessible from
various client devices through a thin client interface such as a
web browser (e g , web-based
email) The consumer does not manage or control the underlying
cloud infrastructure including
network, servers, operating systems, storage, or even individual
application capabilities, with
the possible exception of limited user-specific application
configuration settings
• Cloud Platform as a Service (PaaS) The capability provided
to the consumer is the ability to
deploy onto the cloud infrastructure consumer-created or
acquired applications created using
programming languages and tools supported by the provider
The consumer does not manage
or control the underlying cloud infrastructure including
network, servers, operating systems,
or storage, but has control over the deployed applications and
possibly application hosting
environment configurations
• Cloud Infrastructure as a Service (IaaS). The capability
provided to the consumer is to provision
processing, storage, networks, and other fundamental computing

resources where the con-
sumer is able to deploy and run arbitrary software, which can
include operating systems and
applications The consumer does not manage or control the
underlying cloud infrastructure
but has control over operating systems, storage, deployed
applications, and possibly limited
control of select networking components (e g , host firewalls)
2. Cloud is a fundamental shift in IT
Cloud computing enables IT systems to be scalable and elastic
End users do not need to determine
their exact computing resource requirements upfront Instead,
they provision computing resources as
required, on-demand Using cloud computing services, a Federal
agency does not need to own data
center infrastructure to launch a capability that serves millions
of users
3. Cloud computing can significantly improve public sector IT
A number of government agencies are adopting cloud
technologies and are realizing considerable
benefits For instance, NASA Nebula,5 through a community
cloud, gives researchers access to IT services
relatively inexpensively in minutes Prior to adopting this
approach, it would take researchers months
to procure and configure comparable IT resources and
significant
5 http://nebula nasa gov/services/
http://nebula nasa gov/blog/
http://nebula.nasa.gov/services
http://nebula.nasa.gov/blog

I . U N L E A S H I N g T H E p O W E R O F C L O U d
7★ ★
management oversight to monitor and upgrade systems
Applying cloud technologies across the entire
Federal Government can yield tremendous benefits in
efficiency, agility, and innovation These benefits
are described below
Efficiency improvements will shift resources towards higher-
value activities
In FY2010, approximately thirty cents of every dollar invested
in Federal IT was spent on data center infra-
structure 6 Unfortunately, only a fraction of this investment
delivers real, measurable impact for American
citizens By using the cloud computing model for IT services,
we will be able to reduce our data center
infrastructure expenditure by approximately 30%7 (which
contributes to the estimated $20 billion of IT
spending that could be migrated to cloud computing solutions)
Similar efficiency improvements will
be seen in software applications and end-user support These
savings can be used to increase capacity
or be re invested in agency missions, including citizen-facing
services and inventing and deploying new
innovations Cloud computing can allow IT organizations to
simplify, as they no longer have to maintain
complex, heterogeneous technology environments Focus will
shift from the technology itself to the
core competencies and mission of the agency
Assets will be better utilized
Across the public and private sectors, data center infrastructure
investments are not utilized to their

fullest potential For example, according to a recent survey,
many agencies are not fully utilizing their
available storage capacity and are utilizing less than 30% of
their available server capacity 8 Low utiliza-
tion is not necessarily a consequence of poor management, but,
instead, a result of the need to ensure
that there is reserve capacity to meet periodic or unexpected
demand for key functions
With cloud computing, IT infrastructure resources are pooled
and shared across large numbers of
applications and organizations Cloud computing can
complement data center consolidation efforts
by shifting workloads and applications to infrastructures owned
and operated by third parties Capacity
can be provisioned to address the peak demand across a group
of applications, rather than for a single
application When demand is aggregated in this fashion and
properly managed, the peaks and troughs
of demand smooth out, providing a more consistent and
manageable demand profile
As utilization is improved, more value is derived from the
existing assets, reducing the need to continu-
ously increase capacity Fewer machines mean less spending on
hardware, software, and operations
maintenance, real estate, and power consumption
Demand aggregation will reduce duplication
The shift to cloud computing can help to mitigate the
fragmented data, application, and infrastructure
silo issues associated with federated organizational and funding
models by focusing on IT services as
a utility IT services become candidates for more cost effective
procurement and management, similar
to the model currently used for buildings and utility services

6 President’s FY2011 Budget
7 Gartner IT Key Metrics Data 2009, Bloomberg, McKinsey
analysis
8 Agency Data Center Consolidation Plans submitted to OMB,
August 2010
8★ ★
Cloud computing has the potential to provide a more
interoperable and portable environment for data
and systems With the appropriate standards, over time,
organizations may be able to move to common
services and platforms
Data center consolidation can be accelerated
In February 2010, we launched the Federal Data Center
Consolidation Initiative (FDCCI) to con-
solidate the Federal Government’s fragmented data center
environment Through the FDCCI,
agencies have formulated detailed consolidation plans and
technical roadmaps to eliminate a
minimum of 800 data centers by 2015 9
Cloud computing can accelerate data center consolidation
efforts by reducing the number of applica-
tions hosted within government-owned data centers For those
that continue to be owned and operated
directly by Federal agencies (e g , by implementing private IaaS
clouds), environments will be more
interoperable and portable, which will decrease data center
consolidation and integration costs because

it reduces unnecessary heterogeneity and complexity in the IT
environment
IT will be simpler and more productive
Cloud computing also provides an indirect productivity benefit
to all services in the IT stack For example,
less effort will be required to stand up and develop software
testing environments, enabling application
development teams to integrate and test frequently in
production-representative environments at a
fraction of the cost of providing this infrastructure separately
Agility improvements will make services more responsive
The impact of cloud computing will be far more than economic
Cloud computing will also allow agen-
cies to improve services and respond to changing needs and
regulations much more quickly
With traditional infrastructure, IT service reliability is strongly
dependent upon an organization’s ability
to predict service demand, which is not always possible For
example, the IT system used in the Car
Allowance and Rebate System (CARS, more commonly known
as “Cash-For-Clunkers”) had numerous
failures because the load was considerably higher than what its
system could handle The sponsor for
“Cash-for-Clunkers,” the National Highway Traffic Safety
Administration (NHTSA) anticipated a demand
of 250,000 transactions over a four month period, but within
just 90 days, the system processed approxi-
mately 690,000 CARS transactions Within three days of the
first dealer registrations, the system was
overwhelmed, leading to numerous outages and service
disruptions The $1 billion appropriated for the
program was nearly exhausted within one week and an

additional $2 billion dollars was appropriated
to triple the potential number of transactions just nine days after
the program began NHTSA deployed
a customized commercial application hosted in a traditional data
center environment, but the CARS
system presented a very good example of an unpredictable
service demand and a short development
window that could have been more efficiently handled using a
cloud computing approach Cloud
computing will allow agencies to rapidly scale up to meet
unpredictable demand thus minimizing
9 OMB, 25-point implementation plan to reform Federal
information technology management, December 9, 2010,
http://www cio gov/documents/25-Point-Implementation-Plan-
to-Reform-Federal%20IT pdf
http://www.cio.gov/documents/25-Point-Implementation-Plan-
to-Reform-Federal%20IT.pdf
I . U N L E A S H I N g T H E p O W E R O F C L O U d
9★ ★
similar disruptions Notably, cloud computing also provides an
important option for agencies in meeting
short-term computing needs such as the one above; agencies
need not invest in infrastructure in cases
where service is needed for a limited period of time
Services will be more scalable
With a larger pool of resources to draw from, individual cloud
services are unlikely to encounter capac-
ity constraints As a result, government services such as “Cash-
for-Clunkers” would be able to more

rapidly increase capacity and avoid service outages Given
appropriate service level agreements and
governance to ensure overall capacity is met, cloud computing
will make the government’s IT invest-
ments less sensitive to the uncertainty in demand forecasts for
individual programs, which frequently
emerge rapidly in response to national program needs which
cannot be foreseen in the early stages of
the Federal budget cycle
Innovation improvements will rapidly enhance service
effectiveness
Cloud computing will not only make our IT services more
efficient and agile, it will also serve as an
enabler for innovation Cloud computing allows the Federal
Government to use its IT investments in a
more innovative way and to more easily adopt innovations from
the private sector Cloud computing
will also help our IT services take advantage of leading-edge
technologies including devices such as
tablet computers and smart phones
IT innovation has transformed how the private sector operates
and revolutionized the efficiency, con-
venience, and effectiveness with which it serves its customers
In our everyday lives, we can track the
status of a shipment; order a pizza or a pair of shoes; make
travel, hotel, and restaurant reservations;
and collaborate with friends and colleagues – all online,
anytime, and anywhere Yet, when it comes to
dealing with the Federal Government, we too often need to
stand in line, hold on the phone, or mail in
a paper form For many reasons such as policy and other
constraints, the Federal Government has not
innovated as quickly as the private sector and has consequently

missed out on many of the benefits
offered through IT
Encourage entrepreneurial culture by reducing risk
Cloud-based projects can be conceived, developed, and tested
with smaller initial investments than
traditional IT investments Rather than laboriously building data
center capacity to support a new
development environment, capacity can be provisioned in small
increments through cloud comput-
ing technologies After the small initial investment is made, the
project can be evaluated for additional
investment or cancellation Projects that show promise can gain
valuable insights through the evalua-
tion process Less promising projects can be cancelled with
minimal losses This “start small” approach
collectively reduces the risk associated with new application
development Reducing the minimum
required investment size will also provide a more experimental
development environment in which
innovation can flourish
11★ ★
II. dECISION FRAMEWORK
FOR CLOUd MIgRATION
The broad scope and size of the cloud transformation will
require a meaningful shift in how government
organizations think of IT Organizations that previously thought
of IT as an investment in locally owned
and operated applications, servers, and networks will now need

to think of IT in terms of services, com-
moditized computing resources, agile capacity provisioning
tools, and their enabling effect for American
citizens This new way of thinking will have a broad impact
across the entire IT service lifecycle – from
capability inception through delivery and operations
The following structured framework presents a strategic
perspective for agencies in terms of thinking
about and planning for cloud migration
Figure 3: Decision Framework for Cloud Migration
A broad set of principles and considerations for each of these
three major migration steps is presented
below Please refer to Section 3 for an illustration of how these
considerations can be applied, using
Federal case study examples
1. Selecting services to move to the cloud
Successful organizations carefully consider their broad IT
portfolios and create roadmaps for cloud
deployment and migration These roadmaps prioritize services
that have high expected value and
high readiness to maximize benefits received and minimize
delivery risk Defining exactly which cloud
services
required
ensure compliance and

continuous improvement
- evaluate vendor and
service models periodically to
maximize benefits and
minimize risks
move and when
– Identify sources of value
for cloud migrations:
efficiency, agility,
innovation
– Determine cloud
readiness: security, market
availability, government
readiness, and technology
lifecycle
Select
? Aggregate demand at
Department level where
possible
and integration with IT
portfolio
ontract effectively to ensure
agency needs are met
or decommissioning legacy

assets and redeploying freed
resources
Provision Manage
Framework is flexible and can be adjusted to meet individual
age ncy needs Framework is flexible and can be adjusted to
meet individual age ncy needs
to services
required
ensure compliance and
continuous improvement
- evaluate vendor and
service models periodically to
maximize benefits and
minimize risks
move and when
– Identify sources of value
for cloud migrations:
efficiency, agility,
innovation
– Determine cloud
readiness: security, market
availability, government
readiness, and technology

lifecycle
Select
Aggregate demand at
Department level where
possible
and integration with IT
portfolio
agency needs are met
or decommissioning legacy
assets and redeploying freed
resources
Provision Manage
Framework is flexible and can be adjusted to meet individual
age Framework is flexible and can be adjusted to meet
individual agency needs
12★ ★

services an organization intends to provide or consume is a
fundamental initiation phase activity in
developing an agency roadmap
The chart shown below uses two dimensions to help plan cloud
migrations: Value and Readiness The
Value dimension captures cloud benefits in the three areas
discussed in Section 1 (i e , efficiency, agil-
ity, and innovation) The Readiness dimension broadly captures
the ability for the IT service to move
to the cloud in the near-term Security, service and market
characteristics, government readiness, and
lifecycle stage are key considerations As shown below,
services with relatively high value and readiness
are strong candidates to move to the cloud first
Figure 4: Selecting Services for Cloud Migration
The relative weight of the value and readiness dimensions can
be adjusted to meet the individual needs
of agencies Some agencies may stress innovation and security
while others may stress efficiency and
government readiness However, the logic and structure of the
framework should be applicable for all
agencies
Described below are a number of considerations for value and
readiness that agencies may find helpful
when completing this evaluation
I I . d E C I S I O N F R A M E W O R K F O R C L O U d
M I g R AT I O N

13★ ★
Identify sources of value
As described in Section 1, cloud computing provides three
primary sources of business value: efficiency,
agility, and innovation Listed below are a number of
considerations for each value category
Agencies should feel free to stress one or more of these sources
of value according to their individual
needs and mission goals For instance, some agencies may place
a higher value on agility, while others
may stress cost savings brought about by greater computing
efficiency
Efficiency: Efficiency gains can come in many forms, including
higher computer resource utilization due
to the employment of contemporary virtualization technologies,
and tools that extend the reach of the
system administrator, lowering labor costs Efficiency
improvements can often have a direct impact on
ongoing bottom line costs Further, the nature of some costs
will change from being capital investment
in hardware and infrastructure (CapEx) to a pay-as-you go
(OpEx) model with the cloud, depending on
the cloud deployment model being used Services that have
relatively high per-user costs, have low
utilization rates, are expensive to maintain and upgrade, or are
fragmented should receive a relatively
high priority for consideration
Agility: Many cloud computing efforts support rapid automated
provisioning of computing and storage
resources In this way, cloud computing approaches put IT

agility in the hands of users, and this can be
a qualitative benefit Existing services that require long lead
times to upgrade or increase / decrease
capacity should receive a relatively high priority for
consideration, and so should new or urgently
needed services to compress delivery timelines as much as
possible Services that are easy to upgrade,
are not sensitive to demand fluctuations, or are unlikely to need
upgrades in the long-term can receive
a relatively low priority
Innovation: Agencies can compare their current services to
contemporary marketplace offerings, or
look at their customer satisfaction scores, overall usage trends,
and functionality to identify the need for
potential improvements through innovation Services that would
most benefit from innovation should
receive a relatively high priority
Determine cloud readiness
It is not sufficient to consider only the potential value of
moving to cloud services Agencies should make
risk-based decisions which carefully consider the readiness of
commercial or government providers
to fulfill their Federal needs These can be wide-ranging, but
likely will include: security requirements,
service and marketplace characteristics, application readiness,
government readiness, and program’s
stage in the technology lifecycle Similar to the value
estimation, agencies should be free to stress one
or more of these readiness considerations according to their
individual needs
Security Requirements: Federal Government IT programs have a
wide range of security requirements

Federal Information Security Management Act (FISMA)
requirements include but are not limited to:
compliance with Federal Information Processing Standards
agency specific policies; Authorization to
Operate requirements; and vulnerability and security event
monitoring, logging, and reporting It is
essential that the decision to apply a specific cloud computing
model to support mission capability
considers these requirements Agencies have the responsibility
to ensure that a safe, secure cloud solu-
tion is available to provide a prospective IT service, and should
carefully consider agency security needs
across a number of dimensions, including but not limited to:
14★ ★
• Statutory compliance to laws, regulations, and agency
requirements
• Data characteristics to assess which fundamental protections
an application’s data set requires
• Privacy and confidentiality to protect against accidental and
nefarious access to information
• Integrity to ensure data is authorized, complete, and accurate
• Data controls and access policies to determine where data can
be stored and who can access
physical locations
• Governance to ensure that cloud computing service providers

are sufficiently transparent, have
adequate security and management controls, and provide the
information necessary for the
agency to appropriately and independently assess and monitor
the efficacy of those controls
For additional discussion and considerations regarding trust and
security in the context of cloud com-
puting, please refer to the online NIST cloud computing
resources 10
Service characteristics: Service characteristics can include
service interoperability, availability, perfor-
mance, performance measurement approaches, reliability,
scalability, portability, vendor reliability, and
architectural compatibility
Storing information in the cloud will require a technical
mechanism to achieve compliance with records
management laws, policies and regulations promulgated by both
the National Archives and Records
Administration (NARA) and the General Services
Administration (GSA) The cloud solution has to sup-
port relevant record safeguards and retrieval functions, even in
the context of a provider termination
Depending on the organizational missions supported by the
cloud capability, Continuity of Operations
(COOP) can be a driving solution requirement The purpose of a
COOP capability is to ensure that
mission-essential functions continue to be available in times of
crisis or against a spectrum of threats
Threats can include a wide range of potential emergencies,
including localized acts of nature, accidents,
and technological and/or attack-related emergencies

The organization should consider scalability requirements
concerning the ability of the cloud solution
architecture to either grow or shrink over time, with varying
levels of processing, storage, or service
handling capability They should also consider both the impact
on their business processes if network
connectivity to their cloud provider fails, resulting in a loss of
IT capability, and the possibility (likelihood)
of this occurrence
Requirements concerning administrative support should be
included as well, covering topics such as the
daily hours of prime support, problem escalation times,
resolution of recurring problems, and trouble
ticket submission methods
Market Characteristics: Agencies should consider the cloud
market competitive landscape and matu-
rity, including both fully commercial and government-provided
cloud services Agencies can consider
whether cloud markets are sufficiently competitive and are not
dominated by a small number of players
Agencies can consider whether there is a demonstrated
capability to move services from one provider
10 http://csrc nist gov/groups/SNS/cloud-computing/
http://www nist gov/itl/cloud/index cfm
http://csrc.nist.gov/groups/SNS/cloud-computing/
http://www.nist.gov/itl/cloud/index.cfm
M I g R AT I O N
15★ ★

to another, and whether there is a demonstrated capability to
distribute services between two or more
providers in response to service quality and capacity Agencies
should consider the availability of techni-
cal standards for cloud interfaces which reduce the risk of
vendor lock-in
Network infrastructure, application and data readiness: Before
migrating to the cloud agencies
must ensure that the network infrastructure can support the
demand for higher bandwidth and that
there is sufficient redundancy for mission critical applications
Agencies should update their continuity
of operations plans to reflect the increased importance of a
high-bandwidth connection to the Internet
or service provider Another key factor to assess when
determining readiness for migration to the cloud
is the suitability of the existing legacy application and data to
either migrate to the cloud (i e , rehost
an application in a cloud environment) or be replaced by a cloud
service (i e , retire the legacy system
and replace with commercial SaaS equivalent) If the candidate
application has clearly articulated and
understood interfaces and business rules, and has limited and
simple coupling with other systems and
databases, it is a good candidate along this dimension If the
application has years of accumulated and
poorly documented business rules embedded in code, and a
proliferation of subtle or poorly understood
interdependencies with other systems, the risks of “breakage”
when the legacy application is migrated
or retired make this a less attractive choice for early cloud
adoption
Government readiness: In addition, agencies should consider

whether or not the applicable orga-
nization is pragmatically ready to migrate their service to the
cloud Government services which have
capable and reliable managers, the ability to negotiate
appropriate SLAs, related technical experience,
and supportive change management cultures should receive a
relatively high priority Government
services which do not possess these characteristics but are
otherwise strong cloud candidates should
take steps to alleviate any identified concerns as a matter of
priority
Technology lifecycle: Agencies should also consider where
technology services (and the underlying
computing assets) are in their lifecycle Services that are
nearing a technology refresh, approaching the
conclusion of their negotiated contract, or are dependent upon
inefficient legacy software or hardware
should receive a relatively high priority Technology services
that were recently upgraded, locked within
contract, and are based on leading-edge technology may want to
wait before migrating to the cloud
2. Provisioning cloud services effectively
To effectively provision selected IT services, agencies will need
to re think their processes as provision-
ing services rather than simply contracting assets Contracts
that previously focused on metrics such
as number of servers and network bandwidth now should focus
on the quality of service fulfillment
Organizations that are most successful in cloud service
provisioning carefully think through a number
of factors, including:
Aggregate demand: When considering “commodity” and

common IT services, agencies should pool
their purchasing power by aggregating demand to the greatest
extent possible before migrating ser-
vices to the cloud Where appropriate, demand should be
aggregated at the departmental level and as
part of the government-wide shared services initiatives such as
government-wide cloud-based email
16★ ★
Integrate services: Agencies should ensure that the provided IT
services are effectively integrated into
their wider application portfolio In some cases, technical
experts may be required to evaluate architec-
tural compatibility of the provided cloud service and other
critical applications Rather than a one-time
event, this principle should be followed over time to guarantee
that systems remain interoperable as
individual IT services evolve within the portfolio Business
process change may similarly be required to
properly integrate the systems (e g , adjusting call center
processes)
Contract effectively: Agencies should also ensure that their
contracts with cloud service providers set
the service up for success Agencies should minimize the risk of
vendor lock-in, for instance, to ensure
portability and encourage competition among providers
Agencies should include explicit service level
agreements (SLAs) for security, continuity of operations, and
service quality that meet their individual
needs Agencies should include a contractual clause enabling

third parties to assess security controls
of cloud providers The SLA should specify the support steps
that the consumer can take when the
service is failing to meet the terms specified in the agreement,
and should include points-of-contact
and escalation procedures It is important to be precise in the
definition of metrics and specify when and
where they will be collected For example, performance is
different when measured from the consumer
or provider due to the network delays Metrics should measure
characteristics under the control of the
vendor Finally, the SLA should describe a mutual management
process for the service levels, including
periodic reporting requirements and meetings for management
assessments
Realize value: Agencies should take steps during migration to
ensure that they fully realize the expected
value From an efficiency standpoint, legacy applications and
servers should be shut down and decom-
missioned or repurposed Data center real estate used to support
these systems should be closed down
or used to support higher value-add activities Where possible,
staff supporting these systems should be
trained and re-deployed to higher-value activities From an
agility and innovation standpoint, processes
and capabilities may also need to be refined in order to fully
capture the value of the investment
3. Managing services rather than assets
To be successful, agencies must manage cloud services
differently than traditional IT assets As with
provisioning, cloud computing will require a new way of
thinking to reflect a service-based focus rather
than an asset-based focus Listed below are a few considerations
for agencies to effectively manage

their cloud services
Shift mindset: Organizations need to re-orient the focus of all
parties involved – providers, government
agencies, and end users – to think of services rather than assets
Organizations that successfully make
this transition will effectively manage the system towards
output metrics (e g , SLAs) rather than input
metrics (e g , number of servers)
Actively monitor: Agencies should actively track SLAs and hold
vendors accountable for failures
Agencies should stay ahead of emerging security threats and
ensure that their security outlook is
constantly evolving faster than potential attacks Agencies may
also consider incorporating business
user feedback into evaluation processes Finally, agencies
should track usage rates to ensure charges
do not exceed funded amounts
M I g R AT I O N
17★ ★
It can be advantageous for a consumer to “instrument” key
points on the network to measure perfor-
mance of cloud service providers For example, commercial
tools can report back to a centralized data
store on service performance, and instrumentation agents can be
placed with participating consumers
and at the entry point of the service provider on the network By
gathering data across providers on
the performance of pre-planned instrumented service calls

throughout typical work periods, service
managers can better judge where performance bottlenecks arise
Agencies should include requirements
for service instrumentation where appropriate
Re-evaluate periodically: Agencies should periodically re-
evaluate the choice of service and vendor
to ensure that efficiency, agility, and innovation are maximized
Agencies should ensure portability and
hold competitive bids for cloud services at regular intervals
Agencies should also consider increasing
the scope of cloud-provided services as markets mature (e g ,
moving from IaaS solutions to PaaS and
SaaS solutions) Opportunities to consolidate and standardize
solutions between agencies should be
periodically evaluated as well, particularly for “commodity”
services To effectively conduct re-evaluations,
agencies should maintain awareness of changes in the
technology landscape, in particular, the readiness
of new cloud technologies, commercial innovation, and new
cloud vendors
19★ ★
III. CASE EXAMpLES TO
ILLUSTRATE FRAMEWORK
Many Federal agencies have already taken their first steps
towards cloud computing In each case,
the agency achieved considerable benefits to efficiency, agility,
or innovation in support of its unique
mission The following case studies illustrate how these Federal

agencies successfully migrated toward
cloud services consistent with the select / provision / manage
framework outlined in Section 2
1. Tailoring solution to protect security and maximize value
In 2008, the Army Experience Center (AEC) realized that it
needed a new Customer Relationship
Management (CRM) system to track personal and electronic
engagements with prospects and help
recruiting staff manage the recruitment process
After considering several options including upgrading their 10-
year-old legacy proprietary data system,
the Army chose a customized version of a commercially-
available SaaS solution This solution met their
unique security needs, fulfilled all of their functionality
requirements, and was delivered at a fraction of
the time and expense required to upgrade their legacy system
The Army followed many of the key factors outlined in Section
2 when migrating toward their cloud
solution:
Selecting a cloud solution
The Army placed a very high priority on security when
considering its CRM solution Before choosing
a cloud solution, the AEC carefully weighed the sources of
value and readiness of potential solutions
Efficiency: The AEC compared the cost of upgrading their
existing system to configuring a new SaaS
solution Initial bids to upgrade the existing system, ARISS,
which relied on traditional infrastructure,
ranged from $500,000 to over $1 million Initial pilots of the
SaaS solution cost as little as $54,000, just

over 10% of the minimum cost of an ARISS system upgrade
Agility: The AEC also considered the time required to deploy
the system Despite regular upgrades over
the years, it was infeasible to modify ARISS to meet the Army
Experience Center’s requirements The
SaaS solution could be provisioned in a fraction of the time
required to upgrade the ARISS system The
SaaS solution was also more scalable and would be far easier to
upgrade over time
Innovation: The SaaS solution integrated directly with e-mail
and Facebook, allowing recruiters to
connect with participants more dynamically after they left the
AEC Army recruiters could also access
information from anywhere These advancements would have
been very costly and time-consuming
to achieve with ARISS system upgrades In effect, the SaaS
solution allowed the AEC to take advantage
of the cloud vendor’s innovation engine without owning or
managing heavy IT assets
20★ ★
Security: The AEC ensured the cloud solution would be
sufficiently secure The SaaS solution was flex-
ible and could be configured to securely manage access,
sovereignty, and data retention requirements
Market availability: The SaaS solution was able to meet all of
the AEC’s requirements including the
ability to track AEC visitor and engagement data, compatibility

with handheld devices, and real-time
integration with marketing and recruitment data
Government readiness: The AEC ensured that it was both
capable and ready to migrate their services
to the cloud The AEC had experience implementing new
technologies, had a culture that supported
experimentation and improvement, and possessed the skills and
capacity to manage the transition well
Technology lifecycle: The AEC also evaluated the lifecycle of
its legacy solution The legacy ARISS system
was more than 10 years old in 2008 and was not burdened by
contract lock-down
Provisioning IT services
During provisioning, the AEC took an approach which was
distinctly different from the Army’s former
approach with ARISS This approach reflected the service-based
rather than asset-based nature of the
cloud service
Integrate services: As the Army transferred its recruitment
system to the cloud, it carefully engineered
its relationship with the vendor to ensure a successful migration
Realize value: With the cloud-based solution, the AEC has been
able to handle the workload of five
traditional recruitment centers The system has also resulted in
dramatically reduced hardware costs and
IT staff costs The Army has decommissioned, or re-purposed
for other systems, all hardware related to
the legacy ARISS system Its people have been spending more
time on more rewarding and higher-value
activities, shifting time from filing reports to engaging with

potential recruits
2. Provisioning to ensure competitiveness and capture value
USDA recently launched a broad initiative to modernize and
streamline USDA’s IT infrastructure As part
of this initiative, USDA aimed to consolidate 21 fragmented e-
mail systems and improve the productiv-
ity of its workers Rather than continuing efforts to consolidate
the fragmented environment internally,
the USDA chose a proven cloud-based email solution to
accelerate consolidation and take advantage
of the latest communication and collaboration tools
Effective provisioning was critical for the USDA to realize the
value of cloud migration Previously, the
USDA had focused on contracting for its 21 email systems As a
provisioner, the USDA needed to care-
fully aggregate demand, ensure integration with downstream
applications, reflect its priorities in its
contracts, and retire legacy systems to capture value
The USDA followed many of the key factors outlined in Section
2 when migrating toward their cloud
solution:
I I I . C A S E E X A M p L E S T O I L L U S T R AT E F
R A M E W O R K
21★ ★
The USDA carefully evaluated the sources of value and service
readiness before choosing the cloud-

based solution:
Efficiency: Financially, the motivation to move to cloud was
compelling Eliminating the 21 fragmented
e-mail systems would drastically reduce duplication, not only
with software and hardware assets, but
also by reducing the number of system interfaces that need to be
maintained on a regular basis USDA
estimates that the cloud solution will save up to $6 million per
year, to include ongoing costs for hard-
ware refreshment and software upgrades
Agility: Consolidating and upgrading their fragmented
traditional environment would have taken years
to complete With the cloud solution, USDA was able to access
the cloud provider’s existing capacity
to accommodate its 120,000 users Migration would require
months rather than years Once complete,
the solution would be more scalable to the needs of USDA
Innovation: The cloud solution allowed USDA to make the
latest communication and collaboration
tools available to its workers including SharePoint, Office
Communications, and Live Meeting online
services In addition, USDA was able to incorporate e-discovery
and archive features
Market availability: The functionality offered by the cloud
solution met the needs of USDA The cloud
provider also had experience hosting very large email systems,
including 300,000 users from a large
private sector client Cloud-provided e-mail is a vibrant,
competitive market with several capable market
incumbents
Government readiness: Senior leadership was actively involved

and highly motivated to improve
the efficiency and quality of the email services The USDA CIO
was personally involved in many of the
decisions The broader transformation program also provided
valuable delivery resources to execute
the migration
Technology lifecycle: The 21 email systems were approaching
the end of their usable lifecycle and
were not burdened by inflexible contracts
Provisioning IT services
USDA’s provisioning approach reflected a service-based
mindset rather than an asset-based mindset
Aggregate demand: USDA implemented their cloud email
solution on an agency-wide level This
approach maximized benefits and addressed their primary,
fundamental concern – fragmented email
systems The approach also allowed USDA to take full
advantage of the momentum created by the
broader transformation agenda
Integrate services: An auxiliary contract was awarded to a
systems integrator to ensure the e-mail
system was properly integrated with the various interfacing
USDA systems Seven hundred applications
reliant upon email were analyzed – only four had to be recoded
to maintain operations
Contract effectively: USDA benchmarked their cloud provider
against the industry to ensure competi-
tive market rates USDA also embedded explicit SLAs into the
contract, according to its mission needs

22★ ★
Realize value: Previously used IT assets are on track to be
decommissioned and/or re-deployed as part
of the wider IT modernization strategy Individuals formerly
working on email have been reassigned
to higher-value projects and activities, with some continuing to
coordinate service delivery of email
Managing cloud services
USDA has revised its management approach to reflect a service-
based rather than asset-based mindset
Build new management skills: USDA built up its contract
management and performance manage-
ment capabilities to support the new cloud environment USDA
also relied on a system integrator to
temporarily provide the skills and expertise to successfully
complete the migration
Active monitoring: USDA will continuously monitor the SLAs
outlined in their cloud service contract
This includes security issues such as domestic storage of data
and performance metrics such as minimum
uptime, recovery speed, and bandwidth latency
3. Re-defining IT from an asset to a service
The Defense Information Systems Agency (DISA) provides
global infrastructure services to support US
and coalition fighting forces To better meet the needs of
defense-related computing needs domestically

and in the field, DISA decided to deploy its own Infrastructure-
as-a-Service (IaaS) solution
DISA’s Rapid Access Computing Environment (RACE) has
redefined defense infrastructure from an
asset management function to a service provisioning function
Since the inception of the cloud-based
solution, hundreds of military applications including command
and control systems, convoy control
systems, and satellite programs have been developed and tested
on RACE
DISA followed many of the key factors outlined in Section 2
when implementing their cloud solution:
DISA determined that a private IaaS solution would realize the
desired improvements in efficiency,
agility, and innovation while maintaining strict security controls
Efficiency: RACE has been able to reach higher utilization
levels through cloud technologies than
previously available via traditional infrastructure by
aggregating demand and thus smoothing out peak
loads These improvements in utilization divide the costs of
provisioning and operating infrastructure
among a broader group of consumers
Agility: Using traditional infrastructure, provisioning a
dedicated server environment required 3 to 6
weeks With RACE, the time required to provision functional
service space for users is now 24 hours
Security: RACE has built-in application separation controls so
that all applications, databases, and

web servers are separate from each other DISA also has a strict
cleansing process, to be used when an
application needs to be removed from the RACE platform
I I I . C A S E E X A M p L E S T O I L L U S T R AT E F
R A M E W O R K
23★ ★
Managing cloud services
As DoD organizations obtain infrastructure through RACE, they
are able to shift focus toward software
design while interfacing with RACE staff through SLAs
Shift mindset: RACE has actively encouraged a service-based
mindset from its users DISA created a
self-service portal through which users can provision services in
50GB increments through a government
credit card Project and software designers have increasingly
used RACE to meet their infrastructure
needs rather than relying on custom infrastructure
configurations
Build new management skills: DISA built new capabilities to
support their operations On the supply
side, a single operational manager is ultimately responsible for
meeting cost and performance metrics
A new demand manager has also been added to solicit,
prioritize, and coordinate user needs for service
improvements
Actively monitor: DISA monitors and continuously improves a
number of SLAs focused on service

quality Performance dashboards include average and maximum
wait times for provisioning services
in the field
Re-evaluate periodically: Less than one year after launching the
IaaS service, DISA announced that it
would provide private SaaS services, such as the RightNow
installation for the Air Force
25★ ★
IV. CATALYZINg CLOUd AdOp TION
As agencies develop plans to migrate services to cloud
computing options, there are a number of
activities that Federal Government leadership can take to
facilitate adoption and mitigate risk Cloud
computing “accelerators,” described below, can help improve
the pace of evaluating candidate ser-
vices and acquisitions Government-wide Certification and
Accreditation (C&A) and security efforts
at the Department of Homeland Security (DHS) and NIST can
help agencies efficiently acquire cloud
computing capabilities and mitigate threats Procurement efforts
can be streamlined through the use
of government-wide procurement vehicles and storefronts such
as those found at Apps gov Further,
NIST is driving a standards effort that is focused on
requirements to ensure security, interoperability,
and portability among cloud service providers
1. Leveraging cloud computing accelerators
Cloud computing accelerators are resources available to

agencies to expedite the process of evaluating
cloud candidates, acquiring the cloud capability, and mitigating
risk 11
Cloud computing business case templates and examples
The Federal CIO Council has developed cloud computing
business cases and will continue to build this
library to support agencies in their cloud computing decisions
Agencies should seek out business cases of similar scope or
purpose to speed up the development of
their own cloud computing business cases (e g , decision criteria
for moving cloud email, cloud CRM,
cloud storage)
Government cloud computing community and resources
Agencies should participate in government cloud computing
working groups at NIST and GSA on topics
such as standards, reference architecture, taxonomy, security,
privacy and business use cases 12 Agencies
can also leverage portals, such as NIST’s Collaboration site,
which provides access to useful information
for cloud adopters 13 More cloud computing resources are
included in Appendix 2
Despite the resources discussed above, agencies may face a
number of issues that can impede their
ability to fully realize the benefits from a cloud computing
approach As in the case of all technology
advancement, these challenges will change over time, as the
cloud computing marketplace evolves In
the near-term, organizations within the Federal Government,
including OMB, NIST, GSA, and DHS, have
developed and continue to develop practical guidance on issues

related to security, procurement, and
standards and are establishing the governance foundation
required to support delivery
11 Adopted from Raines and Pizette, A Decision Process for
Applying Cloud Computing in Federal Environments, 2010
12 http://collaborate nist gov/twiki-cloud-
computing/bin/view/CloudComputing/WebHome,
http://www info apps gov/node/2
13 http://collaborate nist gov/twiki-cloud-
computing/bin/view/CloudComputing/WebHome
http://www.apps.gov/cloud/advantage/main/start_page.do
http://collaborate.nist.gov/twiki-cloud-
http://www.info.apps.gov/node
26★ ★
2. Ensuring a secure, trustworthy environment
As the Federal Government moves to the cloud, it must be
vigilant to ensure the security and proper
management of government information to protect the privacy
of citizens and national security
The transition to outsourced, cloud computing environment is in
many ways an exercise in risk manage-
ment Risk management entails identifying and assessing risk,
and taking the steps to reduce it to an
acceptable level Throughout the system lifecycle, risks that are

identified must be carefully balanced
against the security and privacy controls available and the
expected benefits Too many controls can
be inefficient and ineffective Federal agencies and
organizations should work to ensure an appropriate
balance between the number and strength of controls and the
risks associated with cloud computing
solutions
The Federal Government will create a transparent security
environment between cloud providers and
cloud consumers The environment will move us to a level
where the Federal Government’s under-
standing and ability to assess its security posture will be
superior to what is provided within agencies
today The first step in this process was the 2010 Federal Risk
and Authorization Management Program
(FedRAMP) FedRAMP defined requirements for cloud
computing security controls, including vulner-
ability scanning, and incident monitoring, logging and reporting
14 Implementing these controls will
improve confidence and encourage trust in the cloud computing
environment
To strengthen security from an operational perspective, DHS
will prioritize a list of top security threats
every 6 months or as needed, and work with a government-wide
team of security experts to ensure that
proper security controls and measures are implemented to
mitigate these threats
NIST will issue technical security guidance,15 such as that
focused on continuous monitoring for cloud
computing solutions, consistent with the six step Risk
Management Framework (Special Publication
800-37, Revision 1) 16

14 http://www fedramp gov
15 Ref National Institute of Standards and Technology (NIST)
statutory responsibilities for developing standards
and guidelines, Federal Information Security Management Act
(FISMA) of 2002, Public Law 107-347
16 http://www nist gov/itl/csd/guide_030210 cfm
http://www.fedramp.gov
http://www.nist.gov/itl/csd/guide_030210.cfm
I V. C ATA LY Z I N g C L O U d A d O p T I O N
27★ ★
Figure 5: NIST Risk Management Framework
Agencies assessing risk in the context of cloud computing
should consider both the potential security
benefits and potential vulnerabilities
Potential security benefits of using cloud computing services
include:
• the ability to focus resources on areas of high concern as
more general security services are
assumed by the cloud provider
• potential platform strength resulting from greater uniformity
and homogeneity, and result-
ing improved information assurance, security response, system
management, reliability, and
maintainability

• improved resource availability through scalability,
redundancy and disaster recovery capabili-
ties; improved resilience to unanticipated service demands
• improved backup and recovery capabilities, policies,
procedures and consistency
• ability to leverage alternate cloud services to improve the
overall security posture, including
that of traditional data centers
28★ ★
Agencies should also weigh the additional potential
vulnerabilities associated with various cloud
computing service and deployment models, such as:
• the inherent system complexity of a cloud computing
environment, and the dependency on
the correctness of these components and the interactions among
them
• the dependency on the service provider to maintain logical
separation in a multi-tenant
environment (n b , not unique to the cloud computing model)
• the need to ensure that the organization retains an appropriate
level of control to obtain
situational awareness, weigh alternatives, set priorities, and
effect changes in security and

privacy that are in the best interest of the organization
Key security considerations include the need to:
• carefully define security and privacy requirements during the
initial planning stage at the
start of the systems development life cycle
• determine the extent to which negotiated service agreements
are required to satisfy
security requirements; and the alternatives of using negotiated
service agreements or cloud
computing deployment models which offer greater oversight and
control over security and
privacy
• assess the extent to which the server and client-side
computing environment meets
organizational security and privacy requirements
• continue to maintain security management practices, controls,
and accountability over the
privacy and security of data and applications
In the short and long-term, these actions will continue to
improve our confidence in the use of cloud
services by helping to mitigate security risks
3. Streamlining procurement processes
Currently, the government often purchases commodities in a
fragmented non-aggregated fashion,
operating more like a federation of small businesses than an $80
billion enterprise To improve readiness
for cloud computing, the Federal Government will facilitate an
“approve once and use often” approach
to streamline the approval process for cloud service providers

For instance, a government-wide risk and
authorization program for IaaS solutions will allow agencies to
rely on existing authorizations so only
additional, agency-specific requirements will need to be
authorized separately The GSA’s IaaS contract
award is an example of this “approve once and use often”
approach It offers 12 approved cloud vendors
to provide agencies with cloud storage, virtual machines, and
web hosting services Approaches such
as this will eliminate unnecessary cost and delivery delays
associated with duplication of effort
As the number of government cloud providers increases, GSA
will provide comparison tools to transpar-
ently compare cloud providers side-by-side These tools will
allow agencies to quickly and effectively
select the best offering for their unique needs Examples include
Apps gov, which provides a centralized
storefront where agencies can easily browse and compare cloud
SaaS and IaaS offerings from previous
http://www.apps.gov/cloud/advantage/main/start_page.do
29★ ★
Multiple Award Schedule (MAS) 70 contract holders Tools
such as these will reduce the burden on agen-
cies to conduct their own RFP processes and will concentrate
investments in the highest-performing
cloud providers
Furthermore, GSA will establish contract vehicles for
government-wide commodity services (e g , email)

These contract vehicles will reduce the burden on agencies for
the most common IT services GSA will
also create working groups to support commodity service
migration These working groups will develop
technical requirements for shared services to reduce the
analytical burden on individual government
agencies For example, the SaaS E-mail working group
established in June 2010 is synthesizing require-
ments for government-wide e-mail services Working groups
will also create business case templates
for agencies that are considering transitioning to cloud
technologies
Federal Government contracts will also provide riders for state
and local governments These riders will
allow all of these governments to realize the same procurement
advantages of the Federal Government
Increasing membership in cloud services will further drive
innovation and cost efficiency by increasing
market size and creating larger efficiencies-of-scale
4. Establishing cloud computing standards
Standards will be critical for the successful adoption and
delivery of cloud computing, both within the
public sector and more broadly Standards encourage
competition by making applications portable
across providers, allowing Federal agencies to shift services
between providers to take advantage of cost
efficiency improvements or innovative new product
functionality Standards are also critical to ensure
clouds have an interoperable platform so that services provided
by different providers can work together,
regardless of whether they are provided using public, private,
community, or a hybrid delivery model
NIST will play a central role in defining standards, and

collaborating with Agency CIOs, private sector
experts, and international bodies to identify, prioritize, and
reach consensus on standardization priori-
ties 17 In 2010, NIST conducted engagement workshops to
identify and prioritize needs Going forward,
NIST will generate, assess, and revise a cloud computing
roadmap on a periodic basis This roadmap will
iteratively define and track the agreed-upon cloud computing
priorities in order to coordinate cloud
efforts across stakeholders
NIST will maintain a leadership role in prioritizing, developing,
evolving and refining standards over
time as the collective requirements for standards evolve in
response to operationally driven innovation
and technology evolution NIST has already helped to establish
broadly adopted definitions for the four
commonly recognized cloud deployment models (i e , private,
public, hybrid, and community) and three
service models (i e , Infrastructure as a Service, Platform as a
Service, and Software as a Service), as dis-
cussed in Section 1 However, these definitions need to be
expanded to more comprehensively define a
reference architecture and taxonomy to provide a common frame
of reference for communication NIST
is currently working with industry and other cloud computing
stakeholders to define a neutral reference
architecture that is not tied to a specific set of vendor solutions
or products or constrained in such a
17 Ref National Institute of Standards and Technology (NIST)
is directed to bring together Federal agencies, as
well as State and local governments, to achieve greater reliance
on voluntary standards and decreased dependence on
in-house standards , National Technology Transfer and
Advancement Act (NTTAA) 1995, Public Law 104 -113

30★ ★
way that it will inhibit innovation As cloud providers create
new solutions, this reference architecture
will serve as the basis for an “apples to apples” comparison of
cloud computing services This will help
agencies to understand how various services fit together
Similarly, NIST will need to expand these
definitions as new deployment models arise
NIST will work with agencies to define a set of “target”
business use cases that pose the greatest chal-
lenges by risks, concerns, or constraints NIST will help to
identify operationally driven priorities for
cloud computing standards and guidance by working with
Federal agencies and other stakeholders to
define a set of mission driven scenarios for cloud computing
implementation and operations These will
be used to focus and help to translate mission requirements into
technical portability, interoperability,
reliability, maintainability and security requirements For
example, a business use case may reflect the
migration of patent application software to cloud IaaS Once
identified, NIST will work with agencies and
industry to model, using a vendor neutral reference architecture
and taxonomy as a frame of reference,
various options for addressing these challenges Ultimately, this
research will result in the definition of
new standards, guidance, and technology requirements 18
NIST will continue to execute the tactical Standards

Acceleration to Jumpstart Adoption of Cloud
Computing (SAJACC) project, which plays a role in validating
key cloud specifications and sharing
information, in order to build confidence in cloud computing
technology before formalized standards
are available To date, SAJACC has defined 24 generic
technical use cases that can be used to validate key
interoperability, security, and portability requirements One
example is the ability to move data in to and
out of a cloud provider’s environment, and to verify that data is
adequately deleted when removed using
commonly available interfaces defined by industry SAJACC
will support industry in moving forward
with standardization in parallel with the formal consensus based
standards organizations’ processes
5. Recognizing the international dimensions of cloud computing
The growth of any new technology presents two fundamental
dynamics: (1) the power to transform
and (2) the need to examine existing paradigms in that same
field Cloud computing has brought to the
forefront several international policy issues that need to be
addressed over the next decade as cloud
computing matures Issues to consider include:
• Data sovereignty, data in motion, and data access: How do
countries strike the proper balance
between privacy, security and intellectual property of national
data?
• Are there needs for international cloud computing legal,
regulatory, or governance frameworks?
• Cloud computing codes of conducts for national governments,
industry, and non-governmental
organizations

• Data interoperability and portability in domestic and
international settings
• Ensuring global harmonization of cloud computing standards
18 www nist gov/itl/cloud/bususecases cfm
www.nist.gov/itl/cloud/bususecases.cfm
31★ ★
6. Laying a solid governance foundation
This strategy is the first step in the process of migrating
towards cloud technologies, both within the
public and private sector The Federal Government will play a
vital role throughout this process to
identify and resolve cloud issues of national importance As
issues are increasingly resolved, the Federal
Government will re-focus its priorities towards more pressing
issues
To effectively manage these governance issues in the long-term,
the Federal Government needs to lay
a stable governance foundation that will outlast single
individuals or administrations To the best extent
possible, individuals or committees should have explicitly
defined roles, non-overlapping responsibilities,
and a clear decision-making hierarchy These steps will
empower the government for action, minimize
unnecessary bureaucracy, and ensure accountability for results
The following bodies will therefore have these roles and

responsibilities:
• National Institute of Standards and Technology (NIST) will
lead and collaborate with Federal, State,
and local government agency CIOs, private sector experts, and
international bodies to identify
and prioritize cloud computing standards and guidance
• General Service Administration (GSA) will develop
government-wide procurement vehicles and
develop government-wide and cloud-based application solutions
where needed
• Department of Homeland Security (DHS) will monitor
operational security issues related to the
cloud
• Agencies will be responsible for evaluating their sourcing
strategies to fully consider cloud
computing solutions
• Federal CIO Council will drive government-wide adoption of
cloud, identify next-generation
cloud technologies, and share best practices and reusable
example analyses and templates
• The Office of Management and Budget (OMB) will coordinate
activities across governance bodies,
set overall cloud-related priorities, and provide guidance to
agencies
33★ ★

V. CONCLUSION
Cheaper processors, faster networks, and the rise of mobile
devices are driving innovation faster than
ever before Cloud computing is a manifestation and core
enabler of this transformation Just as the
Internet has led to the creation of new business models
unfathomable 20 years ago, cloud computing
will disrupt and reshape entire industries in unforeseen ways
To paraphrase Sir Arthur Eddington – the
physicist who confirmed Einstein’s Theory of General
Relativity – cloud computing will not just be more
innovative than we imagine; it will be more innovative than we
can imagine
IDC predicted that by this year, the digital universe would be 10
times the size it was in 2006 – that is, nine
times more digital content would be created within five years
than all of history before 19 This explosion
of data, combined with the mobilization of digital access,
portends major improvements in on-the-go
intelligence Examples of transformative changes exist across
all government agencies and it is the
responsibility of those in government to be in the forefront of
bringing these innovative services to the
American people It is very easy to envision new services such
as personalized flu outbreak warnings
for expectant mothers and real-time traffic advisories performed
by Federal and local governments
Cloud computing will enable a fundamental shift in how we
serve the American people Citizens empow-
ered to see their homes’ electricity use in real-time will be able
to make more intelligent consumption
choices Citizens able to access their health records
electronically will be able to easily share them with

doctors and providers, and thus improve their healthcare
Citizens able to create and share performance
dashboards will be able to shine a light on the government’s
performance as easily as they create and
share YouTube videos today
Our responsibility in government is to achieve the significant
cost, agility and innovation benefits of
cloud computing as quickly as possible The strategy and
actions described in this paper are the means
for us to get started immediately Given that each agency has
unique mission needs, security require-
ments, and IT landscape, we ask that each agency think through
the attached strategy as a next step
Each agency will evaluate its technology sourcing strategy so
that cloud computing options are fully
considered, consistent with the Cloud First policy
19 Gantz, John The Diverse and Exploding Digital Universe:
An Updated Forecast on Worldwide Information Growth
through 2011 March 2008
35★ ★
AppENdIX 1: pOTENTIAL
SpENdINg ON CLOUd
COMpUTINg BY AgENCY
Source: Agency estimates reported to the Office of Management
and Budget (OMB).

37★ ★
AppENdIX 2: AgENCY RESOURCES
FOR CLOUd COMpUTINg
General
• The ABCs of Cloud Computing: A comprehensive cloud
computing portal where agencies
can get information on procurement, security, best practices,
case studies and technical
resources (GSA / http://www info apps gov)
• Cloud Computing Migration Framework: A series of technical
white papers on cloud
computing, including a decision-making framework,
cost/business case considerations,
service level agreement provisions, information security, a PaaS
analysis and a survey of
market segments and cloud products categories (MITRE /
http://www mitre
org/work/info_tech/cloud_computing/technical_papers/index
html)
• Successful Case Studies: A report which details 30
illustrative cloud computing case studies
at the Federal, state and local government levels (CIO Council
/
http://www info apps
gov/sites/default/files/StateOfCloudComputingReport-

FINALv3_508 pdf )
• Cloud Computing Definition: Includes essential
characteristics as well as service and
deployment models (NIST /
http://csrc nist gov/publications/drafts/800-145/Draft-SP-800-
145_cloud-definition pdf )
Security
• Centralized Cloud Computing Assessment and Authorization:
The Federal Risk and
Authorization Management Program (FedRAMP) has been
established to provide a standard,
centralized approach to assessing and authorizing cloud
computing services and products
FedRAMP will permit joint authorizations and continuous
security monitoring services for
government and commercial cloud computing systems intended
for multi-agency use It will
enable the government to buy a cloud solution once, but use it
many times (CIO Council /
http://www fedramp gov)
• Primer on Cloud Computing Security: A white paper that
seeks to clarify the
variations of cloud services and examine the current and near-
term poten-
tial for Federal cloud computing from a cybersecurity
perspective (DHS /
http://www info apps
gov/sites/default/files/Cloud_Computing_Security_Perspective
doc)
• Privacy Recommendations for Cloud Computing: A paper
which highlights potential

privacy risks agencies should consider as they migrate to cloud
computing (CIO Council /
http://www cio gov/Documents/Privacy-Recommendations-
Cloud-Computing-8-19-2010 docx)
http://www.info.apps.gov
http://www.mitre.org/work/info_tech/cloud_computing/technica
l_papers/index.html
http://www.info.apps.gov/sites/default/files/StateOfCloudComp
utingReport-FINALv3_508.pdf
http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-
145_cloud-definition.pdf
http://www.fedramp.gov
http://www.info.apps.gov/sites/default/files/Cloud_Computing_
Security_Perspective.doc
http://www.cio.gov/Documents/Privacy-Recommendations-
Cloud-Computing-8-19-2010.docx
38★ ★
• Guide for Applying the Risk Management Framework to
Federal
Information Systems, A Security Life Cycle Approach (NIST /
http://csrc nist gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final pdf )
• Guidelines on Security and Privacy in Public Cloud
Computing: This draft publica-
tion provides an overview of the security and privacy challenges
pertinent to public
cloud computing and points out considerations organizations
should take when out-
sourcing data, applications, and infrastructure to a public cloud

environment (NIST /
http://csrc nist gov/publications/drafts/800-144/Draft-SP-800-
144_cloud-computing pdf )
Acquisition/Procurement
• Cloud Computing Procurement Assistance: Apps gov is an
online cloud computing (SaaS,
IaaS, PaaS) storefront that encourages and enable the adoption
of cloud computing solutions
across the Federal Government Apps gov offers a
comprehensive set of business, infrastruc-
ture, productivity and social media applications It eliminates
unnecessary research, analysis
and redundant approvals, requisitions and service level
agreements across the government
by providing agencies a fast, easy way to buy the tools they
need (GSA / https://apps gov/ )
Standards
• Federal Cloud Computing Collaboration Page: The National
Institute of Standards
and Technology (NIST) has been designated by the Federal CIO
to accelerate the Federal
Government’s secure adoption of cloud computing by leading
efforts to develop standards
and guidelines in close consultation and collaboration with
standards bodies, the private
sector, and other stakeholders This site provides an avenue for
interested stakeholders to
collaborate with NIST in developing interoperability, portability
and security standards, busi-
ness and technical use cases, and a cloud computing reference
architecture and taxonomy
(http://collaborate nist gov/twiki-cloud-

computing/bin/view/CloudComputing/WebHome)
Technical Resources
• CIO Council Executive Cloud Computing Executive Steering
Committee (CCESC): The
CCESC was established by the Federal CIO Council to provide
strategic direction and over-
sight for the Federal Cloud Computing Initiative Under the
CCESC, there exists a Cloud
Computing Advisory Council and multiple working groups that
further enable the adoption
of cloud computing across the government (Chaired by
USAID)
− CIO Council Cloud Computing Advisory Council (CCAC):
The CCAC was established at the
behest of the CCESC to serve as a collaborative environment for
senior IT experts from
across the Federal Government CCAC members serve as
agency resources best practices
dissemination, consensus building for key Federal Cloud
Computing initiatives, and the
sharing of existing/planned cloud computing projects (Chaired
by USAID)
http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final.pdf
http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-
144_cloud-computing.pdf
Apps.gov
Apps.gov
https://apps.gov

A p p E N d I X 2 : A g E N C Y R E S O U R C E S F O R
C L O U d C O M p U T I N g
39★ ★
− CIO Council Cloud Computing E-mail Working Group: The
E-mail Working Group will be
the source of SaaS email information, solutions, and processes
that foster adoption of SaaS
email across the Federal Government (Chaired by DOI)
− CIO Council Cloud Computing Security Working Group:
The Security Working Group sup-
ports FedRAMP, a centralized cloud computing assessment and
authorization body that
can be leveraged by multiple agencies (Chaired by GSA)
− CIO Council Cloud Computing Standards Working Group:
The Standards Working Group
will lead government-wide efforts to define cloud computing
security, portability and
interoperability standards, target Federal business and technical
use cases, and a reference
architecture (Chaired by NIST)
Additional workgroups will be stood up by the CIO Council as
the work of the Federal Cloud Computing
Initiative evolves

Assignment4The Federal Cloud Computing Strategy (Cloud F.docx

Assignment4The Federal Cloud Computing Strategy (Cloud F.docx

More Related Content

Similar to Assignment4The Federal Cloud Computing Strategy (Cloud F.docx (20)

More from ssuser562afc1 (20)

Recently uploaded (20)

Assignment4The Federal Cloud Computing Strategy (Cloud F.docx