Apptis Aims To Ease Government's Cloud Transition
There’s clearly a lot to learn in public sector cloud computing. As cloud providers seek more government business, they need to get up to speed on federal-specific requirements. Government agencies, meanwhile, need to review vendors’ security profiles. Into that environment steps Apptis Inc., an IT and communications service provider based in Chantilly, Va.
October 11, 2010
logo_apptis
There’s clearly a lot to learn in public sector cloud computing. As cloud providers seek more government business, they need to get up to speed on federal-specific requirements. Government agencies, meanwhile, need to review vendors’ security profiles. Into that environment steps Apptis Inc., an IT and communications service provider based in Chantilly, Va. The company this month announced its cloud services offering. Here’s the background.Apptis taps Amazon Web Services, as available under its General Services Administration Schedule 70 contract. GSA’s Schedule 70 is open to federal as well as state and local government agencies. Apptis aims to position itself at the intersection of cloud provider and government customer. The company offers a broker service in which it takes on a chunk of the work agencies would typically need to do to vet the security of a new system. The Federal Information Security Management Act (FISMA) calls for agencies to put systems through a certification and accreditation (C&A) process before moving them into production. Agencies must document the controls — security measures — that safeguard a given system.
In the case of a cloud service, some 150-plus controls* need to be accounted for. Apptis offers to document the security controls and give them to a third-party to validate, noted Cameron Chaboudy, director of the Advanced Technology Group at Apptis.
Apptis’ documentation job applies to the cloud infrastructure layer; agencies will handle the C&A legwork associated with the application they plan to run on the cloud. But Chaboudy says Apptis’ infrastructure work will cover 80 percent of an agency’s C&A chore. And therein lies the potential for cost savings: Apptis estimates that 15 percent of a federal agency’s IT project cost is linked to C&A. In its FY2009 report on FISMA implementation, the Office of Management and Budget pegged the average C&A cost (PDF LINK) per system at $78,000.
Apptis believes cloud vendors can also benefit from its security work. Conceivably, a multitude of government entities could descend on a vendor to certify its service offering. But when the process goes through Apptis, vendors are insulated from having to work individually with numerous agencies, noted William (Bill) Perlowitz, vice president of the Advance Technology Group at Apptis.