Plunkett and Carey were both dismissive of public-cloud deployments for all but that information which is publicly available without restriction. The DoD is currently focused on private, internal clouds that it builds in-house, applying stringent security standards and skirting the thorny issues that arise in the drafting of contracts with private vendors.
"You've got to make some pretty big decisions up front," Carey said. "You have to understand, A: your information, and B: is it suitable and germane to go into a public or private cloud."
In any case when an agency is working with an outside vendor to aid with a cloud deployment, federal personnel must ensure that their private-sector partners have a "crisp understanding of the security requirements," Plunkett said, emphasizing the importance of including the specific security stipulations spelled out in the government's FedRAMP program in the contract.
"To the extent that we can get industry understanding and comfortable with the requirements that we have, and then get them committed to making changes in their products, that really not only raises the bar from our requirements, but raises the bar really for the world, because these are now commercial commodity products," she said. "They're going to become available for everyone."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
Read more about government in CIO's Government Drilldown.