The following is an excerpt from Federal Cloud Computing by author Matthew Metheny and published by Syngress. This section from chapter three explores open source software in the federal government.
Open source software (OSS) and cloud computing are distinctly different concepts that have independently grown in use, both in the public and private sectors, but have each faced adoption challenges by federal agencies. Both OSS and cloud computing individually offer potential benefits for federal agencies to improve their efficiency, agility, and innovation, by enabling them to be more responsive to new or changing requirements in their missions and business operations. OSS improves the way the federal government develops and also distributes software and provides an opportunity to reduce costs through the reuse of existing source code, whereas cloud computing improves the utilization of resources and enables a faster service delivery.
In this chapter, issues faced by OSS in the federal government will be discussed, in addition to the relationship of the federal government's adoption of cloud computing technologies. However, this chapter does not present a differentiation of OSS from proprietary software, rather focuses on highlighting the importance of the federal government's experience with OSS in the adoption of cloud computing.
Over the years, the private sector has encouraged the federal government to consider OSS by making a case that it offers an acceptable alternative to proprietary commercial off-the-shelf (COTS) software. Regardless of the potential cost-saving benefits of OSS, federal agencies have historically approached it with cautious interest. Although, there are other potential issues in transitioning from an existing proprietary software, beyond cost. These issues include, a limited in-house skillset for OSS developers within the federal workforce, a lack of knowledge regarding procurement or licensing, and the misinterpretation of acquisition and security policies and guidance. Although some of the challenges and concerns have limited or slowed a broader-scale adoption of OSS, federal agencies have become more familiar with OSS and the marketplace expansion of available products and services, having made considerations for OSS as a viable alternative to enterprise-wide COTS software. This renewed shift to move toward OSS is also being driven by initiatives such as the 18F and the US Digital Service, and the publication of the guidance such as the Digital Services Playbook, which urges federal agencies to "consider using open source, cloud based, and commodity solutions across the technology stack".
Interoperability, portability, and security standards have already been identified as critical barriers for cloud adoption within the federal government. OSS facilitates overcoming standards obstacles through the development and implementation of open standards. OSS communities support standards development through the "shared" development and industry implementation of open standards. In some instances, the federal government's experience with standards development has enabled the acceptance and use of open standards-based, open source technologies and platforms.
The federal government's use of OSS has its beginning in the 1990s. During this period, OSS was used primarily within the research and scientific community where collaboration and information sharing was a cultural norm. However, it was not until 2000 that federal agencies began to seriously consider the use of OSS as a model for accelerating innovation within the federal government. As illustrated in Fig. 3.1, the federal government has developed a list of OSS-related studies, policies, and guidelines that have formed the basis for the policy framework that has guided the adoption of OSS. This framework tackles critical issues that have inhibited the federal government from attaining the full benefits offered by OSS. Although gaps still exist in specific guidelines relating to the evaluation, contribution, and sharing of OSS, the policy framework serves as a foundation for guiding federal agencies in the use of OSS. In this section, we will explore the policy framework with the objective of describing how the current policy framework has led to the broader use of OSS across the federal government, and more importantly how this framework has enabled the federal government's adoption of cloud computing by overcoming the challenges with acquisition and security that will be discussed in detail in the next section.
The President's Information Technology Advisory Committee (PITAC), which examined OSS, was given the goal of:
The PITAC published a report concluding that the use of the open source development model (also known as the Bazaar model) was a viable strategy for producing high-quality software through a mixture of public, private, and academic partnerships. In addition, as presented in Table 3.1, the report also highlighted several advantages and challenges. Some of these key issues have been at the forefront of the federal government's adoption of OSS.
Over the years since the PITAC report, the federal government has gained significant experience in both sponsoring and contributing to OSS projects. For example, one of the most widely recognized contributions by the federal government specifically related to security is the Security Enhanced Linux (SELinux) project. The SELinux project focused on improving the Linux kernel through the development of a reference implementation of the Flask security architecture for flexible mandatory access control (MAC). In 2000, the National Security Agency (NSA) made the SELinux available to the Linux community under the terms of the GNU's Not Unix (GNU) General Public License (GPL).
Starting in 2001, the MITRE Corporation, for the US Department of Defense (DoD), published a report42 that built a business case for the DoD's use of OSS. The business case discussed both the benefits and risks for considering OSS. In MITRE's conclusion, OSS offered significant benefits to the federal government, such as improved interoperability, increased support for open standards and quality, lower costs, and agility through reduced development time. In addition, MITRE highlighted issues and risks, recommending any consideration of OSS should be carefully reviewed.
Shortly after the MITRE report, the federal government began to establish specific policies and guidance to help clarify issues around OSS. The DoD Chief Information Officer (CIO) published the Department's first official DoD-wide memorandum to reiterate existing policy and to provide clarifying guidance on the acquisition, development, and the use of OSS within the DoD community. Soon after the DoD policy, the Office of Management and Budget (OMB) established a memorandum to provide government-wide policy regarding acquisition and licensing issues.
Since 2003, there were multiple misconceptions, specifically within the DoD, regarding the use of OSS. Therefore, in 2007, the US Department of the Navy (DON) CIO released a memorandum that clarified the classification of OSS and directed the Department to identify areas where OSS can be used within the DON's IT portfolio. This was followed by another DoD-wide memorandum in 2009, which provided DoD-wide guidance and clarified the use and development of OSS, including explaining the potential advantages of the DoD reducing the development time for new software, anticipating threats, and response to continual changes in requirements.
In 2009, OMB released the Open Government Directive, which required federal agencies to develop and publish an Open Government Plan on their websites. The Open Government Plan provided a description on how federal agencies would improve transparency and integrate public participation and collaboration. As an example response to the directive support for openness, the National Aeronautics and Space Administration (NASA), in furtherance of its Open Government Plan, released the "open. NASA" site that was built completely using OSS, such as the LAMP stack and the WordPress content management system (CMS).
On May 23, 2012, the White House released the Digital Government Strategy that complements other initiatives and established principles for transforming the federal government. More specifically, the strategy outlined the need for a "Shared Platform" approach. In this approach, the federal government would need to leverage "sharing" of resources such as the "use of open source technologies that enable more sharing of data and make content more accessible".
The Second Open Government Action Plan established an action to develop an OSS policy to improve access by federal agencies to custom software to "fuel innovation, lower costs, and benefit the public". In August 2016, the White House published the Federal Source Code Policy, which is consistent with the "Shared Platform" approach in the Digital Government's Strategy, by requiring federal agencies make available custom code as OSS. Further, the policy also made "custom-developed code available for Government-wide reuse and make their code inventories discoverable at https://www.code.gov ('Code.gov')".
In this section, we discussed key milestones that have impacted the federal government's cultural acceptance of OSS. It also discussed the current policy framework that has been developed through a series of policies and guidelines to support federal agencies in the adoption of OSS and the establishment of processes and policies to encourage and support the development of OSS. The remainder of this chapter will examine the key issues that have impacted OSS adoption and briefly examine the role of OSS in the adoption of cloud computing within the federal government.
About the author:
Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an information security executive and professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing. He currently is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA's enterprise-wide information security and risk management program, and cyber security operations.
Read more here:
Federal Cloud Computing - TechTarget
- Open source cloud computing slow to catch on, survey finds [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle CFO: no acquisitions needed to compete in cloud [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- IDC Survey: U.S. Corporations Aim to Tackle IT Challenges with Cloud Computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Where does the ICO's new cloud guidance take you? [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- ChinaSoft International Signs Strategic Cooperation Agreement with Alibaba Cloud Computing to Develop PaaS Platform [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- IT Leaders Forum: Shedding light on cloud computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle Public Cloud Computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing 101 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Lenovo Gets Into Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing Certification Training | Cloud Computing Training By Simplilearn - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Succeeding or Failing with Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Demystifying the Cloud - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- N: Cloud Computing, Syria PM Defects, US to Clean Agent Orange and MORE! - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing - Tv9 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- AWS 101 Cloud Computing Seminar-Bangalore - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Trust - The Key to Cloud Computing Growth in Europe [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Cloud Computing Saves Health Care Industry Time And Money [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Synnex CEO Kevin Murai: Tablets, Mobile, Cloud Computing (p3) - Video [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Enterprise computing IS the cloud [Last Updated On: October 8th, 2012] [Originally Added On: October 8th, 2012]
- 44 Percent Of US Execs To Tackle IT Challenges Through Cloud [Last Updated On: October 8th, 2012] [Originally Added On: October 8th, 2012]
- ZapThink Announces Expansion of Cloud Computing for Architects Course [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Euro Zone Eyes Cloud Computing to Kick Start Economy [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Advantages, challenges of cloud computing discussed Oct. 10 at NJIT [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- Dell Expands Cloud Client Computing Solutions for VMware View®, Desktop as a Service and Channel Offerings to Europe [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- Cloud West to Focus on Entertainment Delivery, Network Infrastructure, and Investment, More at Nov. 8-9th Forum [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- IBM, AT&T Offer Secure Passage to the Cloud [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing company hits new fundraising heights [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing firm hits new fundraising heights [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing: here we go again [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Chinese Want to Put Computer 'Brains' in the Cloud [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- CenturyLink Unveils Cloud Product [Last Updated On: October 12th, 2012] [Originally Added On: October 12th, 2012]
- Cloud Security Evolves in Wellington [Last Updated On: October 14th, 2012] [Originally Added On: October 14th, 2012]
- 2X ApplicationServer XG Joins the Intel AppUp SMB Service Hybrid Cloud [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- Piston Cloud to Exhibit and Present at the 2012 OpenStack Summit in San Diego [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- How to get your first cloud computing job [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- DreamHost Adds Public Cloud Computing Service: DreamCompute [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- Aryaka Receives 2012 Cloud Computing Excellence Award [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Making a Europe fit for the cloud [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Cisco Execs Plumb The Limits Of Cloud Computing [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Cloud firm invests in new network [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- AirWatch Receives 2012 Cloud Computing Excellence Award [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Dell Extends Cloud Client Computing Portfolio with New Solutions Validated by Citrix [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Pano Logic and Alliance InfoSystems Join Forces to Deliver Zero Client Computing [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- 5 Cloud Business Benefits [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Alteva Receives 2012 Cloud Computing Excellence Award [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Open Text profit beats estimates on cloud services [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing improves nurse call system [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing: Top five tax considerations for your business [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- OKI and ISID to Provide Chemical Information System as Cloud Computing Services [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- As Mobile Grows, So Does Cloud Computing [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- IBM Analytical Decision Management SaaS - IBM Cloud TechTalk October 2012 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- JAX London 2012: Achieving genuine elastic multitenancy with Waratek Cloud VM for Java - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Microsoft 2020 technology future vision - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Infinity Cloud Point of Sale and Complete Retail Suite.mp4 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Small Business IT Support, Computer Support, Web Design Atlanta - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing - Simplified - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- How Allied Valve Used the Cloud to Expand in Bakken Oilfield - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing in the Public Sector - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing | Sacramento | Data Protection | IT Consulting | Symmetry Managed Servces - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- The Business Value of Cloud Computing - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- GYMNAZO Owner/Coach Michael Hughes is excited about edufii - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Automation in the age of cloud computing - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing.mp4 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing in 2013: a conversation with Appcore's CEO [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Cloud adoption growing in India: study [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Eastday-Microsoft picks city for cloud computing [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Towards a blue sky: How SMEs can avoid Cloud Computing confusion [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Consultancy Services - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Axxis Solutions Sponsors FIBA Technical Seminar on Cloud Computing - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- RightScale Webinar: 451 Research Webinar: Cloud Dos and Don'ts - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Apple Technology (Vishwa Bandhu Gupta) - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Mind Tree Ltd. - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- BIM Cloud Computing [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Entreda discusses cloud services for small and medium businesses - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Austin IT Company | Computer Networking [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Cloud Computing and Services - After Effects Template - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- FieldStorm App Tour - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- The Hon Brendan O'Connor's speech: AccountRight Live launch event - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]