1

1

Since releasing the Federal Cloud Computing Strategy in 2011, the federal government has focused its technology management strategy on migrating mission-critical operations to the cloud1 to address an IT environment characterized by poor asset utilization, duplicative systems, and a slow procurement process.2 The cloud’s potential to enhance federal agencies’ efficiency, agility, and capacity for innovation cannot be overstated. In an era of stagnant IT budgets and a growing capabilities gap between private and public sectors, cloud computing offers the federal government the opportunity to reach an increasingly interconnected and mobile public, as well as to save billions and simplify the IT procurement process.

As is often the case with transitions of this scale, cloud migration has had its share of challenges. In a January 2014 Government Business Council study, 49 percent of federal executives responded that their agency had migrated less than ten percent of its application portfolio, citing concerns over security, data ownership, budgeting, and expertise gaps.3 Although cloud migration might seem imposing and lend itself to endless strategizing, agencies have demonstrated that they are capable of deploying cloud services in a matter of months, not years. Those most successful have focused on three key areas: selecting high-value and high-readiness applications for migration, assessing their service

         

THREE STRATEGIES TO ACCELERATE YOUR AGENCY’S MIGRATION TO THE CLOUD

2

and deployment needs, and aligning those requirements with available budgetary resources.

Selecting Applications for Cloud Migration

The Federal Cloud Computing Strategy was designed as a reference for how agencies should approach their transitions to the cloud, but it also specifies the criteria that should be used to prioritize applications for accelerated migration: value and readiness. Agencies are more likely to realize value when targeting applications able to make an immediate impact through improving resource utilization, scalability, and customer satisfaction. Similarly, cloud-ready applications have trusted security credentials, are already virtualized or easily virtualized, approaching the end of their lifecycles, and easily separable from other systems.4

Going boldly where few agencies had gone before, NASA began experimenting with cloud computing as early as 2008. NASA’s greatest cloud success story came in 2012 in the midst of preparing for the rover Curiosity’s arrival on Mars. To achieve its goal of delivering live video feed of the landing to

AS FEDERAL AGENCIES MOVE PAST “CLOUD FIRST,” DECISIONS OVER CLOUD-READY APPLICATIONS, SERVICE MODELS, AND BUDGETING LOOM LARGE

  2

3

the public, NASA required flexibility and rapid scalability of computing resources.5 CTO Tom Soderstrom selected the agency’s imaging and public engagement applications as high-value, high-readiness candidates for migration. The cloud allowed NASA to seamlessly bring its Mars broadcast to millions of viewers worldwide, and NASA continues to host its user portal via public cloud at costs much lower than on its own infrastructure.6

Evaluating Cloud Service and Deployment Models

Once an agency selects the applications and capabilities destined for migration, the next major challenge is designing a portfolio of cloud service and deployment models that optimizes its requirements for security, data ownership, and cost savings. Agencies can choose from multiple, distinct cloud tiers based on the expected utilization of those services. Systems administrators might choose infrastructure (IaaS), which includes processing, storage, and networking resources, or platforms (PaaS), which include tools and an operating system supported by the cloud service provider (CSP), in order to develop customized applications for agency personnel. Alternatively, if the primary consumers are end-users, cloud-based software applications (SaaS) hosted by the CSP may supply the most rapidly deployable turnkey solution.7

An agency may then choose to deploy a private, public, or community cloud solution. A private cloud is often hosted on-premises and typically offers greater control over sensitive data, while public clouds are managed by the CSP and allow agencies to pay for services solely on the basis of utilization.8 The following cases illustrate how cloud service and deployment models can vary based on their intended usership and function.

In May 2012, the U.S. Marine Corps (USMC) released its strategy to deploy a private cloud through the Marine Corps Enterprise Information Technology Services (MCEITS) program. The goal

     

4

of MCEITS is to provide universal access to USMC data and applications, particularly in forward-deployed and potentially hostile environments with severe bandwidth limitations.9 By choosing a private cloud environment built on top of a commercial IaaS solution, the USMC can achieve optimal security and data ownership, while providing service members with command and control capabilities as well as email, file sharing, and video conferencing. In addition, MCEITS gives USMC administrators rapid access to scale-up or scale-down capacity as needed, ensures savings through resource pooling and data center consolidation, and reduces the manpower needed to maintain its networks.10

On the other end of the spectrum, in late 2010 the Department of State chose to deploy a cloud-based electronic library to provide access to documents and country resources stored in databases worldwide. A public SaaS solution was optimal for two reasons. First, the documents were already in the public domain, and based on their low FISMA security rating, required minimal centralized data management. Second, users were primarily domestic and overseas staff members who required minimal custom functionality aside from a self-service check-out tool.11 By accurately assessing its service needs, DoS was able to deploy the electronic library on-time and at-cost, while meeting all major milestones and performance goals.

“IN A 2014 GOVERNMENT BUSINESS COUNCIL STUDY, 49 PERCENT OF FEDERAL EXECUTIVES RESPONDED THAT THEIR AGENCY HAD MIGRATED LESS THAN TEN PERCENT OF ITS APPLICATION PORTFOLIO, CITING CONCERNS OVER SECURITY, DATA OWNERSHIP, BUDGETING, AND EXPERTISE GAPS.”  

  3

                         

   

About GBC

Government Business Council (GBC), the research arm of

Government Executive Media Group, is dedicated to advancing

the business of government through analysis and insight. GBC

partners with industry to share best practices with top

government decision-makers, understanding the deep value

inherent in industry’s experience engaging and supporting

federal agencies.

About General Dynamics Information Technology

Leveraging our expertise and best practices in cloud computing,

virtualization, and shared services support, General Dynamics IT

facilitates your agency’s move to the cloud with minimum risk.

We help you outline the right strategies, build virtualization

solutions, and implement and manage the complete cloud

computing environment. Learn more at www.gdit.com/cloud.

3

5

Aligning Budgetary Resources with Cloud Services

A remaining challenge for federal agencies is deciding how to pay for cloud migration. Of roughly $80 billion in annual federal IT spending, an estimated $20 billion is a potential target for agencies seeking to migrate operations to the cloud.12 However, only about $3 billion of that total will actually go toward cloud services, according to Office of Management and Budget cloud computing manager Scott Renda, who cited difficulties in certifying CSPs for security compliance and in reforming the way some agencies procure IT.13 Prior to the cloud era, government acquisitions offices customarily purchased computing, storage, and other IT assets as capital expenditures (CapEx) and must now shift to procuring cloud services as an operations expenditure (OpEx) – similar to a standard utility.

One way agencies have adapted to their new environment is through redesigning contract vehicles to pay for infrastructure, platforms, and software as services. GSA’s IaaS Blanket Purchase Agreement (BPA), for instance, streamlines the purchasing process through eliminating the need for agencies to independently certify potential vendors for cybersecurity compliance, negotiate service level agreements (SLAs), and define data ownership rights.14 Instead, CSPs pre-compete for contracts for specific IaaS functions including cloud storage, virtualization, and web hosting. If they meet the necessary security qualifications, vendors can be pre-certified by GSA. By centralizing its cloud acquisition process through BPA, DHS for instance,

6

was able to dramatically shrink its infrastructure costs, reduce procurement lead-time, and boost confidence in the security of its cloud data.15

Tomorrow’s Forecast? Heavy Cloud Coverage

After three years of deliberate progress following release of the Federal Cloud Computing Strategy, federal agencies are preparing to migrate larger portions of their application portfolios into a wider array of cloud service and deployment models. Despite the fact that 75 percent of government cloud spending remains directed toward private cloud deployment, the public cloud market has matured rapidly since “Cloud First.”16 As IT security officials gain greater confidence in negotiating SLAs and in certification programs like FedRAMP, public cloud and PaaS will likely begin to comprise a greater share of total spending.17 In the coming years, federal agencies will face difficult decisions over whether the benefits of migrating older and more complex legacy applications outweigh the potential risks of service disruptions or permanent functionality deficiencies. Similarly, federal, state, and local governments are increasingly looking to cloud brokerage as a more cost-effective means of delivering and managing cloud services.

As agencies continue their efforts to address their cloud challenges, OMB’s Scott Renda reminds federal leaders that they need to plan to expand cloud services as the foundation of their twenty-first century IT architecture: “it’s definitely here to stay, and it’s only going to get bigger.”18

  4

                                   

 

Sources 1. The National Institute of Standards and Technology defines “the cloud” as “a model for enabling

ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and servers) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” see: Peter Mell and Timothy Grance, “The NIST Definition of Cloud Computing” U.S. Department of Commerce: September 2011 http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

2. Vivek Kundra, “Federal Cloud Computing Strategy.” Executive Office of the President: February 8, 2011 p.1 https://cio.gov/wp-content/uploads/downloads/2012/09/Federal-Cloud-Computing-Strategy.pdf

3. “The Road Ahead: Three Years After Cloud First.” Government Business Council: January 2014 4. Kundra, “Federal Cloud Computing Strategy.” 2011 p.11-15 5. Matt Weinberger, “NASA JPL: The Business Case for Taking the Cloud to Mars.” Citeworld: April 24,

2014 http://www.citeworld.com/article/2149000/cloud-computing/nasa-jpl-the-business-case-for-taking-the-cloud-to-mars.html

6. Michael Endler, “NASA Mars Mission Fueled by Amazon Web Services.” InformationWeek: August 10, 2012: http://www.informationweek.com/cloud/nasa-mars-mission-fueled-by-amazon-web-services/d/d-id/1105741

7. “Creating Effective Cloud Computing Contracts for the Federal Government.” CIO and CAO Council: February 2012 p.5 https://cio.gov/wp-content/uploads/downloads/2012/09/cloudbestpractices.pdf

8. Mell and Grance, “The NIST Definition of Cloud Computing.” 2011 p.7 9. “Marine Corps Private Cloud Computing Environment Strategy.” United States Marine Corps: May 15,

2012 p.1 http://www.hqmc.marines.mil/Portals/156/Newsfeeds/SV%20Documents/Marine_Corps_Private_Cloud_Computing_Environment_Strategy_15_May_2012.pdf

10. “Marine Corps Private Cloud Computing Environment Strategy.” 2012 p.4-5 11. “Progress Made but Future Cloud Computing Efforts Should Be Better Planned.” GAO: 2012 p.29 12. “Progress Made but Future Cloud Computing Efforts Should Be Better Planned.” GAO: 2012 p.7 13. William Jackson, “Forget fad. The cloud is real, it’s here and it’s growing.” Government Computer

News: May 13, 2014 http://gcn.com/articles/2014/05/13/fose-cloud-omb.aspx?admgarea=TC_Cloud 14. “Infrastructure as a Service Blanket Purchase Agreement Fact Sheet.” General Services Administration:

May 2014 http://www.gsa.gov/portal/mediaId/184727/fileName/IaaS_FAQ.action 15. Mary Davie, “Department of Homeland Security Buys into the Cloud.” Great Government Through

Technology Blog: September 29, 2011 http://gsablogs.gsa.gov/technology/2011/09/29/department-of-homeland-security-dhs-buys-into-the-cloud/

16. Scott Renda, “One Cloud Does Not Fit All: Adopting a Secure Cloud for Government”. Office of Management and Budget, Office of E-Government and Information Technology: May 13, 2014; See also, Jackson, “Forget fad. The cloud is real, it’s here and it’s growing.” 2014

17. “Creating Effective Cloud Computing Contracts.” 2012 p.11-12 18. “OMB Presents on Adopting a Secure Cloud for the Government.” CIO Council https://cio.gov/omb-

presents-adopting-secure-cloud-government/  

Image: techspot.com (labeled for reuse)

4