The following is an excerpt from Federal Cloud Computing by author Matthew Metheny and published by Syngress. This section from chapter three explores open source software in the federal government.
Open source software (OSS) and cloud computing are distinctly different concepts that have independently grown in use, both in the public and private sectors, but have each faced adoption challenges by federal agencies. Both OSS and cloud computing individually offer potential benefits for federal agencies to improve their efficiency, agility, and innovation, by enabling them to be more responsive to new or changing requirements in their missions and business operations. OSS improves the way the federal government develops and also distributes software and provides an opportunity to reduce costs through the reuse of existing source code, whereas cloud computing improves the utilization of resources and enables a faster service delivery.
In this chapter, issues faced by OSS in the federal government will be discussed, in addition to the relationship of the federal government’s adoption of cloud computing technologies. However, this chapter does not present a differentiation of OSS from proprietary software, rather focuses on highlighting the importance of the federal government’s experience with OSS in the adoption of cloud computing.
Over the years, the private sector has encouraged the federal government to consider OSS by making a case that it offers an acceptable alternative to proprietary commercial off-the-shelf (COTS) software. Regardless of the potential cost-saving benefits of OSS, federal agencies have historically approached it with cautious interest. Although, there are other potential issues in transitioning from an existing proprietary software, beyond cost. These issues include, a limited in-house skillset for OSS developers within the federal workforce, a lack of knowledge regarding procurement or licensing, and the misinterpretation of acquisition and security policies and guidance. Although some of the challenges and concerns have limited or slowed a broader-scale adoption of OSS, federal agencies have become more familiar with OSS and the marketplace expansion of available products and services, having made considerations for OSS as a viable alternative to enterprise-wide COTS software. This renewed shift to move toward OSS is also being driven by initiatives such as the 18F and the US Digital Service, and the publication of the guidance such as the Digital Services Playbook, which urges federal agencies to “consider using open source, cloud based, and commodity solutions across the technology stack”.
Interoperability, portability, and security standards have already been identified as critical barriers for cloud adoption within the federal government. OSS facilitates overcoming standards obstacles through the development and implementation of open standards. OSS communities support standards development through the “shared” development and industry implementation of open standards. In some instances, the federal government’s experience with standards development has enabled the acceptance and use of open standards-based, open source technologies and platforms.
The federal government’s use of OSS has its beginning in the 1990s. During this period, OSS was used primarily within the research and scientific community where collaboration and information sharing was a cultural norm. However, it was not until 2000 that federal agencies began to seriously consider the use of OSS as a model for accelerating innovation within the federal government. As illustrated in Fig. 3.1, the federal government has developed a list of OSS-related studies, policies, and guidelines that have formed the basis for the policy framework that has guided the adoption of OSS. This framework tackles critical issues that have inhibited the federal government from attaining the full benefits offered by OSS. Although gaps still exist in specific guidelines relating to the evaluation, contribution, and sharing of OSS, the policy framework serves as a foundation for guiding federal agencies in the use of OSS. In this section, we will explore the policy framework with the objective of describing how the current policy framework has led to the broader use of OSS across the federal government, and more importantly how this framework has enabled the federal government’s adoption of cloud computing by overcoming the challenges with acquisition and security that will be discussed in detail in the next section.
The President’s Information Technology Advisory Committee (PITAC), which examined OSS, was given the goal of:
The PITAC published a report concluding that the use of the open source development model (also known as the Bazaar model) was a viable strategy for producing high-quality software through a mixture of public, private, and academic partnerships. In addition, as presented in Table 3.1, the report also highlighted several advantages and challenges. Some of these key issues have been at the forefront of the federal government’s adoption of OSS.
Over the years since the PITAC report, the federal government has gained significant experience in both sponsoring and contributing to OSS projects. For example, one of the most widely recognized contributions by the federal government specifically related to security is the Security Enhanced Linux (SELinux) project. The SELinux project focused on improving the Linux kernel through the development of a reference implementation of the Flask security architecture for flexible mandatory access control (MAC). In 2000, the National Security Agency (NSA) made the SELinux available to the Linux community under the terms of the GNU’s Not Unix (GNU) General Public License (GPL).
Starting in 2001, the MITRE Corporation, for the US Department of Defense (DoD), published a report42 that built a business case for the DoD’s use of OSS. The business case discussed both the benefits and risks for considering OSS. In MITRE’s conclusion, OSS offered significant benefits to the federal government, such as improved interoperability, increased support for open standards and quality, lower costs, and agility through reduced development time. In addition, MITRE highlighted issues and risks, recommending any consideration of OSS should be carefully reviewed.
Shortly after the MITRE report, the federal government began to establish specific policies and guidance to help clarify issues around OSS. The DoD Chief Information Officer (CIO) published the Department’s first official DoD-wide memorandum to reiterate existing policy and to provide clarifying guidance on the acquisition, development, and the use of OSS within the DoD community. Soon after the DoD policy, the Office of Management and Budget (OMB) established a memorandum to provide government-wide policy regarding acquisition and licensing issues.
Since 2003, there were multiple misconceptions, specifically within the DoD, regarding the use of OSS. Therefore, in 2007, the US Department of the Navy (DON) CIO released a memorandum that clarified the classification of OSS and directed the Department to identify areas where OSS can be used within the DON’s IT portfolio. This was followed by another DoD-wide memorandum in 2009, which provided DoD-wide guidance and clarified the use and development of OSS, including explaining the potential advantages of the DoD reducing the development time for new software, anticipating threats, and response to continual changes in requirements.
In 2009, OMB released the Open Government Directive, which required federal agencies to develop and publish an Open Government Plan on their websites. The Open Government Plan provided a description on how federal agencies would improve transparency and integrate public participation and collaboration. As an example response to the directive support for openness, the National Aeronautics and Space Administration (NASA), in furtherance of its Open Government Plan, released the “open. NASA” site that was built completely using OSS, such as the LAMP stack and the WordPress content management system (CMS).
On May 23, 2012, the White House released the Digital Government Strategy that complements other initiatives and established principles for transforming the federal government. More specifically, the strategy outlined the need for a “Shared Platform” approach. In this approach, the federal government would need to leverage “sharing” of resources such as the “use of open source technologies that enable more sharing of data and make content more accessible”.
The Second Open Government Action Plan established an action to develop an OSS policy to improve access by federal agencies to custom software to “fuel innovation, lower costs, and benefit the public”. In August 2016, the White House published the Federal Source Code Policy, which is consistent with the “Shared Platform” approach in the Digital Government’s Strategy, by requiring federal agencies make available custom code as OSS. Further, the policy also made “custom-developed code available for Government-wide reuse and make their code inventories discoverable at https://www.code.gov (‘Code.gov’)”.
In this section, we discussed key milestones that have impacted the federal government’s cultural acceptance of OSS. It also discussed the current policy framework that has been developed through a series of policies and guidelines to support federal agencies in the adoption of OSS and the establishment of processes and policies to encourage and support the development of OSS. The remainder of this chapter will examine the key issues that have impacted OSS adoption and briefly examine the role of OSS in the adoption of cloud computing within the federal government.
About the author:
Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an information security executive and professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing. He currently is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA’s enterprise-wide information security and risk management program, and cyber security operations.
Read more here:
Federal Cloud Computing – TechTarget
- Cloud - Wikipedia - February 19th, 2019
- Cloud computing: A complete guide | IBM - February 7th, 2019
- FusionCloud Full-Stack Private Cloud - Huawei Enterprise - February 4th, 2019
- What is cloud computing? | IBM - January 24th, 2019
- What Is Cloud Computing? | The Basics of Digital Outsourcing - January 22nd, 2019
- Cloud Computing - Yahoo - January 13th, 2019
- Best Sellers in Cloud Computing - amazon.com - January 2nd, 2019
- Cloud Computing Explained by Common Craft (VIDEO) - January 2nd, 2019
- Cloud Computing Trends: 2017 State of the Cloud Survey - December 25th, 2018
- Cloud Computing Overview - tutorialspoint.com - December 25th, 2018
- 15 Top Cloud Computing Service Provider Companies - December 25th, 2018
- Cloud computing: Hardware & Software Security: Online ... - December 23rd, 2018
- Cloud Solutions from Cisco - Cisco - December 23rd, 2018
- Cloud Computing | The MIT Press - December 23rd, 2018
- Learn Cloud Computing Tutorial - javatpoint - December 23rd, 2018
- Standards - IEEE Cloud Computing - December 23rd, 2018
- Benefits of cloud computing | IBM Cloud - November 10th, 2018
- Cloud Computing Trends: 2018 State of the Cloud Survey - November 10th, 2018
- What is cloud computing? - LinkedIn - November 5th, 2018
- What is cloud computing? | TechRadar - September 25th, 2018
- Cloud Computing 2nd Edition: 2018: Mr. Ray Rafaels ... - September 23rd, 2018
- Cloud Computing - Articles & Whitepapers | Oracle Technology ... - September 23rd, 2018
- Cloud Computing: Theory and Practice: Dan C. Marinescu ... - September 23rd, 2018
- Programming Lesson Plan: Program Your Partner - September 5th, 2018
- Cloud Computing | Definition of Cloud Computing by Merriam ... - July 26th, 2018
- Cloud computing information, news and tips ... - April 30th, 2018
- Cloud computing - A simple introduction - Explain that Stuff - March 15th, 2018
- Doug H. - Boston Cloud Computing Meetup (Boston, MA) | Meetup - December 16th, 2017
- Cloud computing at Ifes, IFs, and hospitals | RNP - December 16th, 2017
- Cisco and Google Find Mutual Interest in Cloud Computing ... - October 28th, 2017
- How to Invest in Cloud Computing -- The Motley Fool - October 28th, 2017
- What is cloud computing? Everything you need to know now ... - September 19th, 2017
- How The Automotive Industry Is Leveraging Cloud Computing - CXOToday.com - September 7th, 2017
- Huawei ups its bet on cloud computing with broader support for Microsoft apps - GeekWire - September 7th, 2017
- Cloud computing to drive Billabong's omnichannel experience - Chain Store Age - September 6th, 2017
- Cloud Computing Testbed Chameleon Renewed for Second Phase - HPCwire - September 6th, 2017
- The Software Alliance Advances Discussion on India's Cloud Computing Policy - ETAuto.com - September 6th, 2017
- Assessing Alibaba's Cloud Computing Opportunity - Market Realist - Market Realist - September 2nd, 2017
- 3 No-Brainer Stocks to Buy in Cloud Computing - Motley Fool - September 1st, 2017
- Telecom ponders future amid surging cloud computing popularity - TechTarget (blog) - September 1st, 2017
- Heads in the cloud: banks inch closer to cloud take-up - Risk.net (subscription) - August 31st, 2017
- Walmart Taps Nvidia for Massive Cloud to Take on Amazon - Fortune - August 31st, 2017
- Guest Commentary: Cloud computing tackles emerging cyber threats - Security Systems News - August 31st, 2017
- It's Only the Early Innings for Cloud Computing - Morningstar.com - August 29th, 2017
- What are the key benefits of cloud computing? - Information Age - August 29th, 2017
- VMworld 2017: Everything you need to know about VMware's hybrid cloud strategy - ZDNet - August 29th, 2017
- Saudi Telecom Company creates cloud computing giant - ComputerWeekly.com - August 29th, 2017
- Now with VMware and Pivotal, the Cloud Native Computing Foundation is becoming the hub of enterprise tech - GeekWire - August 29th, 2017
- Cloud Computing | HHS.gov - August 27th, 2017
- Oppo, Vivo plan to move cloud storage to India - Economic Times - August 27th, 2017
- Top 2 aspects of cloud computing you need to consi - Accountingweb.com (blog) - August 27th, 2017
- Biz Cloud Computing - Four States Homepage - August 27th, 2017
- Marketo decides to go all-in on cloud computing, and picks Google as its home - GeekWire - August 27th, 2017
- Cloud Computing Confirmed for Travers | TDN | Thoroughbred Daily ... - Thoroughbred Daily News - August 27th, 2017
- Why 2017 Is The Year To Understand Cloud Computing - Nasdaq - August 23rd, 2017
- Microsoft acquires cloud computing firm Cycle Computing to boost ... - The News Minute - August 23rd, 2017
- The Benefits of Multi-Cloud Computing Architectures for MSPs - MSPmentor - August 23rd, 2017
- VMware shares to surge more than 20% because the Amazon cloud threat is overblown: Analyst - CNBC - August 23rd, 2017
- Goldman Sachs just poured $45 million into a company picking up Amazon's slack in the cloud - Yahoo Finance - August 23rd, 2017
- Cloud Computing confirmed for Travers Stakes 2017 - Horse Racing ... - Horse Racing Nation - August 23rd, 2017
- Cloud computing in focus at e-Commerce forum - Oman Tribune - August 21st, 2017
- World's Largest Open Source Cloud Computing Summit to be Hosted in Sydney - Business Wire (press release) - August 21st, 2017
- AT&T, GE and Oracle offer juiciest cloud salaries, new data reveals - Cloud Tech - August 21st, 2017
- Cycle Computing will make Microsoft Azure more appealing to more enterprises - TechRepublic - August 21st, 2017
- Manage containers in cloud computing to prevent sprawl, cut costs - TechTarget - August 19th, 2017
- Business continuity is the ultimate killer application for cloud - ZDNet - August 19th, 2017
- Thailand urged to opt for cloud computing - The Nation - August 19th, 2017
- Cyberattacks Rain Down on Cloud Computing Infrastructure ... - Bloomberg BNA - August 19th, 2017
- Brown to decide Monday if Cloud Computing runs in the Travers - Horse Racing Nation - August 19th, 2017
- Cloud computing reversal: From 'go away' to 'I can't miss out' - InfoWorld - August 18th, 2017
- Alibaba Stock: Why Cloud Computing Could Be Equivalent to AWS - BNL Finance (press release) (registration) (blog) - August 18th, 2017
- Microsoft Acquires A Cloud Technology Company From Right Under Google And Amazon's Noses - Inc.com - August 18th, 2017
- Alibaba's cloud computing revenue almost doubles - SiliconANGLE News (blog) - August 18th, 2017
- Big Data and Cloud Computing Software, Platforms, and Infrastructure 2017 - 2022 - Markets Insider - August 18th, 2017
- Microsoft acquires cloud-computing orchestration vendor Cycle Computing - ZDNet - August 16th, 2017
- Cloud computing decision guide: Breaking down 7 top solutions for healthcare - Healthcare IT News - August 16th, 2017
- Amazon: Earnings Are Not The Holy Grail - Seeking Alpha - August 16th, 2017
- Notes: Cloud Computing still in running for Travers - Albany Times Union - August 14th, 2017
- Assessing the key reasons behind a multi-cloud strategy - Cloud Tech - August 14th, 2017
- Intel runs rule over new data centre storage design - Cloud Tech - August 14th, 2017