The U.S. federal government has launched its cloud storefront. In its current instance, it is populated with productivity and business applications that were already available through GSA Advantage and consumer social software. This will encourage federal agencies to more broadly use cloud computing.

• Apps.gov is an intermediate step in the U.S. federal cloud strategy, which also tackles budgetary and policy elements to improve the adoption of this sourcing model across the federal government.
• Initiatives such as Apps.gov only address public cloud services, which leaves several open issues about security and certification that can be addressed only by providing private cloud services.
• The social media section of Apps.gov will have the most impact, because with it the federal government now endorses the use of consumer social software.

• IT leaders in federal government should immediately leverage social media applications made available through Apps.gov and refine or develop their sourcing strategies for nonsensitive applications and workloads, taking into account the evolving offering of Apps.gov on public cloud services. However, they must exercise particular caution before security certification issues are resolved.
• IT leaders in state and local government should use Apps.gov as a reference for public cloud-based services, and verify whether the federal government conditions can apply to them.
• IT leaders outside the U.S. government should closely follow the development of this large-scale, leading-edge governmentwide initiative on cloud computing by looking at case studies or concrete evidence of deployment.

Apps.gov is the first tangible outcome of the U.S. federal cloud initiative. It intends to be an effective one-stop shop for agencies that are considering the use of public cloud services, but does not yet address many of the areas of concern for agencies (such as security, privacy, data location or certification), most of which require the articulation of a more comprehensive set of sourcing options, covering both public and private cloud services. This limits the scope of this initiative so far to new applications that do not operate on sensitive data, but also opens the door to the adoption of consumer social media applications.

On 15 September 2009, the Office of Management and Budget and the General Services Administration announced the launch of a new website (Apps.gov) that will be the storefront for the acquisition of cloud-based services for all federal agencies. The website intends to provide access to four distinct categories of services: business applications (such as customer relationship management [CRM] and enterprise resource planning [ERP]), productivity applications (such as collaboration and office suites), infrastructure services (such as storage, virtual machines and Web hosting) and social media applications (including mainstream ones like Facebook and YouTube). The announcement was made by U.S. Federal CIO Vivek Kundra at the NASA Ames Research Center.

The establishment of an application store is only a milestone in a longer journey toward the systematic use of cloud computing by federal government agencies. As Kundra pointed out, there will be both a budget lever and a policy lever complementing this initiative. From the budget perspective, pilots will be developed in 2010 (especially in the areas of collaboration and "lightweight" workflow management) and direct guidance to agencies in 2011. Policy initiatives will address centralized certification, security, privacy and procurement.

Apps.gov is the first tangible result of the efforts undertaken by the Obama administration to pursue a cloud computing strategy (see Note 1). The storefront is meant to provide a centralized point of purchase for a variety of cloud-based services aimed at the so-called "public cloud," according to the National Institute of Standards and Technology (NIST) definition (see Note 2), which states "the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services."

Of the four sections composing the site, the "cloud IT services" one — covering infrastructure as a service — is still empty, waiting for the outcome of the request for quotation (RFQ) that was published in July, which concerns storage, virtual machines and Web hosting (see www.scribd.com/doc/17914883/US-Federal-Cloud-Computing-Initiative-RFQ-GSA ).

The business and productivity application sections list a number of applications, along with their price and the relevant authorized federal supply service information technology schedule, available also through GSA Advantage. Basically, as explained in the FAQ section of the site, all products on Apps.gov are already offered under GSA multiple award schedule contracts. This implies that — until blanket purchase agreements are in place (see Note 3) — agencies can buy freely below the micropurchase threshold ($2,500, with exceptions concerning contingency spending in certain circumstances). However, beyond the threshold, agencies have to survey at least three contractors and gather additional discounts. Therefore, buying these applications through Apps.gov is like procuring them through the existing GSA Advantage platform. On the other hand, Apps.gov groups applications that are supposed to conform to the cloud computing definition, and more important, there is a plan to have most offerings under blanket purchase agreement to support the required levels of flexibility and elasticity.

While Apps.gov will provide access to products from several vendors, in its first release it is dominated by salesforce.com and Google. The pricing appears to be per unit, but does not specify whether the costs are yearly, monthly or on a one-off basis. Also, the product descriptions are often missing, and there is no way potential buyers can get even basic information about them from the site, nor can they provide feedback (an essential mechanism for product and service acquisition over the Internet). Further, as URLs point to resellers and not to the actual product description on the reseller's or the manufacturer's site, the information-gathering process needs to happen outside Apps.gov, which may limit the ability to compare, rate and comment on products. It is quite possible that these capabilities will evolve, once the implications in terms of public procurement policies are duly assessed. In their absence, Apps.gov would remain just an e-procurement site and may not be able to ensure a coherent use of these new models.

The fourth section includes a directory of social applications, all of which are free — this will have the most impact of anything in the initiative in the short term. The section includes terms of use that the GSA agreed to with individual vendors (see Note 4). These, together with the GSA social media guidelines (see www.gsa.gov/graphics/staffoffices/socialmediapolicy.pdf ), provide the required endorsement to a number of consumer applications that can contribute to government transformation. While this will not by itself help agencies determine the role and value of social media applications for their respective missions (see "Government Employees on Social Networks: Reversing the Burden of Proof"), it sets the basis for giving social media applications the dignity of government-class applications.

All applications available on Apps.gov are meant to be used in a nonsensitive context, and the current plans are to address the necessary security and privacy issues at a later stage. However, there is a risk that encouraging the adoption of cloud computing before addressing these issues may require significant efforts to retract in the future, should this model be later deemed inappropriately insecure. In every situation, performing a risk assessment first and addressing security concerns at the start of a project will always result in a better-performing system at a lower cost that is more resistant to attack.

As a matter of fact, the best practices for evaluating the relative risk associated with different firms of externally provisioned service are continuing to evolve. Neither U.S. government Federal Information Security Management Act (FISMA) standards nor international standards are fully suited to the task of reliably assessing the security risks associated with highly distributed, multitenant off-site services.

Exercise caution in selecting and deploying any of the currently provided applications, as well as others that will populate the catalog, before the security certification issues are resolved.

• Use the social media application section in Apps.gov to identify whether consumer applications you have been considering or actually using are on the list, and enroll through the website.
• Examine and revise your application sourcing strategy to identify for which categories of applications the public cloud offerings in Apps.gov may be suitable. Check product characteristics and fitness for purpose directly with manufacturers and resellers, asking for relevant government and public-sector references, and use Apps.gov only as a purchasing instrument unless you can obtain the same software more cost-effectively through different arrangements (e.g., as part of a system integration contract).
• Regularly visit the "Cloud IT Services" section for developments on cloud-based infrastructure, as the GSA RFQ closes and vendor offerings are added to the site.
• Do not expect Apps.gov to fulfill your requirements of private cloud services anytime soon.
• Apply pressure for the priority development on Apps.gov of a suite of sharing functions (including user feedback, internal case studies, lesson learned, scoring systems and "how to") to help agencies exchange and leverage experiences with these external services and to serve as the basis for shared governance of vendor relationships.

• Use Apps.gov as a reference for cloud-based services that are endorsed by the federal government, and use price points in negotiation with vendors.
• Examine under which terms you can access the same conditions as federal agencies (e.g., in the context of federally funded programs or federal grants).
• Use the social media application section of Apps.gov as a reference to support social networking initiatives. Other sources, such as GSA social media policies, may constitute a useful baseline to establish a social media presence in case there is none. However, maintain focus on purpose and business value for any social media initiative that might be initiated.

• Keep watching the developments of Apps.gov and the U.S. federal cloud computing initiative, as it is the first enterprisewide initiative of this kind, and certainly the largest. Other countries, such as the U.K., are following similar paths already. However, continue looking for case studies and concrete evidence of deployment.
• Examine opportunities for cloud computing from an individual agency perspective, but remember that some or most of the benefits of cloud computing are delivered through other alternative sourcing models, such as SaaS or infrastructure utility.

"U.S. Federal Definition of Cloud Computing: Handle With Care"

"Government Employees on Social Networks: Reversing the Burden of Proof"

"Comparing Cloud Computing and Infrastructure Utility"

"Tutorial for Understanding the Relationship Between Cloud Computing and SaaS"

"Cloud Computing in Government: Private, Public, Both or None?"