12-29-11 | Blog Post
The 2012 National Defense Authorization Act (NDAA) recently passed by Congress includes a section on data centers and servers, concerning the IT industry and cloud hosting providers (Section 2867).
What do the provisions call for?
A plan to reduce the resources needed for servers and data centers. The components of the plan include a reduction in:
The provisions also call for a performance plan that measures and sets standards for server and data center operations, including the implementation of a strategy for the following:
The section also calls for reports from the CIO on the division’s cost-savings as a result of transitioning to cloud computing to be presented to Congress in March of each fiscal year, starting in 2012 and reoccurring through 2016. Hopefully a close analysis of investments and the resulting numbers/reduction of security breaches will provide a more comprehensive framework for annual cloud computing and data center re-strategizing to continue the advancement of the DoD’s IT infrastructure and operations.
Back in August, I blogged about the federal cloud computing strategy proposed by CIO Vivek Kundra with intentions of allocating $20 billion of the total $80 billion IT budget for cloud computing migration alone. The goal is similar to the DoD’s NDAA strategy – consolidate and reduce data center and energy expenditure. Kundra’s Federal Cloud Computing Strategy (official document) outlines the cloud as a fundamental shift in IT and offers case studies and more guidance for cloud migration.
Data breaches may have prompted the NDAA’s new security provisions and attention to standardized data center and server practices. The DoD suffered a major HIPAA violation in September when stolen backup tapes exposed 4.9 million patients and their health records. A resulting lawsuit filed fines of $1,000 per individual, totaling to $4.9 billion. One order among the 11 in the lawsuit requires defendants “set up proper systems and procedures to maintain the privacy of protected information.”
HIPAA, the Health Insurance Portability and Accountability Act of 1996, sets the standards for protecting sensitive patient data that is stored, processed or transferred by healthcare organizations and other companies that deal with patient information. The law specifies that healthcare organizations should implement and follow certain policies and practices in order to preserve the integrity, confidentiality and availability of data.
For more about HIPAA and to find out if/how your company is affected by the law, read our HIPAA FAQ. Or if you’re interested in learning more about cloud computing security, watch an informative video or read the transcript of Private Cloud Security: How Your Data Security Changes in the Cloud presented by our Director of Operations, Jason Yaeger.
References:
National Defense Authorization Act for Fiscal Year 2012 (PDF)
New DoD Plan Could Be Big Boost for Clouds