Cloud computing is a new name for an old concept: the delivery of computing services from a remote location, analogous to the way electricity, water, and other utilities are provided to most customers. Cloud computing services are delivered through a network, usually the Internet. Some cloud services are adaptations of familiar applications, such as e-mail and word processing. Others are new applications that never existed as a local application, such as online maps and social networks. Since 2009, the federal government has been shifting its data storage needs to cloud-based services and away from agency-owned data centers. This shift is intended to reduce the total investment by the federal government in information technology (IT) (data centers), as well as realize other stated advantages of cloud adoption: efficiency, accessibility, collaboration, rapidity of innovation, reliability, and security. In December 2010, the U.S. Chief Information Officer (CIO) released "A 25-Point Implementation Plan to Reform Federal IT Management" as part of a comprehensive effort to increase the operational efficiency of federal technology assets. One element of the 25-Point Plan is for agencies to shift to a "Cloud First" policy, which is being implemented through the Federal Cloud Computing Strategy. The Cloud First policy means that federal agencies must (1) implement cloud-based solutions whenever a secure, reliable, and cost-effective cloud option exists; and (2) begin reevaluating and modifying their individual IT budget strategies to include cloud computing. However, there are challenges facing agencies as they make this shift. For example, some agency CIOs have stated that in spite of the stated security advantages of cloud computing, they are, in fact, concerned about moving their data from their data centers, which they manage and control, to outsourced cloud services. This and other concerns must be addressed to build an agency culture that trusts the cloud. Congress has a number of means to monitor the status of the Federal Cloud Computing Initiative (FCCI). Individual committees may wish to monitor agencies under their jurisdiction by holding hearings; requesting review of an agency's status through the agency itself or a GAO study; and/or assessing an agency's progress and projected goals against the stated goals of the FCCI.

This report explains what cloud computing is, including cloud deployment models and service models, discusses issues that should be considered when adopting cloud services, and presents the federal government's planning for IT reform. It also provides information on assessments that have been conducted on agency cloud adoption and discusses both the challenges and drivers of cloud adoption. Finally, the report provides possible mechanisms for Congress to monitor agencies as they implement cloud computing.

Cloud computing is a new name for an old concept; the delivery of computing services from a remote location, analogous to the way electricity, water, and other utilities are provided to most customers. Cloud computing services are delivered through a network, usually the Internet. Some cloud services are adaptations of familiar applications, such as e-mail and word processing. Others are new applications that never existed as a local application, such as on-line maps and social networks. Since 2009, the federal government has been shifting its data storage needs to cloud-based services and away from agency-owned data centres. This shift is intended to reduce the total investment by the federal government in information technology (IT) (data centres), as well as realise other stated advantages of cloud adoption: efficiency, accessibility, collaboration, rapidity of innovation, reliability, and security. This book examines current elements, issues and implementation challenges in federal cloud computing with a focus on federal information technology reform management.

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis. This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing. - Provides a common understanding of the federal requirements as they apply to cloud computing - Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) - Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

An essential, in-depth analysis of the key legal issues that governments face when adopting cloud computing services.

Introduction to Homeland Security: Principles of All-Hazards Risk Management, Fifth Edition, provides users with a substantially updated version of previous versions, clearly delineating the bedrock principles of preparing for, mitigating, managing, and recovering from emergencies and disasters, while also offering a balanced account of all aspects of homeland security. This new edition features coverage of the Boston Marathon bombing, analysis of the NIST Cybersecurity Framework for critical infrastructure protection, and examines the DHS "Blue Campaign to stop human trafficking. To provide added perspective, this edition features additional "another voice sections and examines the emergence of social media as a tool for reporting on homeland security issues. - Provides users with a comprehensive understanding of the bedrock principles of preparing for, mitigating, managing, and recovering from emergencies and disasters - Features coverage of the Boston Marathon bombing and analysis of the NIST Cybersecurity Framework for critical infrastructure protection - Examines the emergence of social media as a tool for reporting on homeland security issues

Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to (1) identify the models of cloud computing, (2) identify the information security implications of using cloud computing services in the federal government, and (3) assess federal guidance and efforts to address information security when using cloud computing. To do so, GAO reviewed relevant publications, white papers, and other documentation from federal agencies and industry groups; conducted interviews with representatives from these organizations; and surveyed 24 major federal agencies.