Cloud computing is catching on in the federal market almost as fast as in the commercial sector, according to a new report from the Cloud Computing Caucus Advisory Group released May 11th, at a Capitol Hill event featuring Caucus co-founder Rep. Gerry Connolly.
But the report also notes a series of challenges casting a shadow over an otherwise sunny forecast:
- It’s hard to pin down exactly how much the government is really spending on cloud technologies. Figures range from $2 billion a year to as much as $8.4 billion for “cloud and provisioned services,”
- The Federal Risk and Authorization Management Program, or FedRAMP, is moving too slowly and costing too much, the report says, and needs additional resources to be able to function effectively
- The low-hanging fruit has already been plucked, and the future opportunities promise greater savings – but will be far more challenging.
The report, titled “Don’t Be a Box Hugger,” identified three emerging camps in the government IT trenches: Pioneers, who are embracing cloud; fence sitters, who are waiting to see what others do, but gingerly dipping their toes into the new technology; and box huggers, who are consumed with protecting their data and servers in a place where they can see, touch and control them.
Connolly (D-VA) said cloud solutions can be a “force multiplier,” providing opportunities to deliver better government services more efficiently.
Cloud is an inevitable technology, he said, not a luxury.
“Frankly, you’ll have to adopt these new technologies to survive in today’s climate,” said Connolly.
Down on Data Centers?
When former Federal CIO Vivek Kundra took office, the federal government believed it was managing about 1,600 data centers. Kundra wanted to cut the number in half through the Federal Data Center Consolidation Initiative (FDCCI), and Connolly pushed for consolidating the data centers down to 400.
By the time the project deadline came, agency IT managers had identified more than 8,000 federal data centers around the country, Connolly said. These represent much of the legacy costs of federal IT he said, citing figures from the report that show that while the government spends about $82 billion annually on IT, $59 billion of that maintains legacy systems.
Katell Thielemann, Research Director at the market analyst Gartner, said IT managers are reluctant to move to the cloud because they fear giving up control of their data – and being blamed if something goes wrong.
“We have to get out of the mindset of wanting to control everything,” she said.
Thielemann later debunked five of the biggest federal cloud myths:
- Cloud = Data Center or Cloud = Virtualization: Cloud is broader than those definitions, she said, so agencies should adhere to the National Institute of Standards definition of cloud
- Cloud computing is less secure: Not so, Thielemann said. To date, Gartner has seen fewer breaches of public cloud environments than on-premises systems
- Cloud is about technology: “It’s become very, very clear that the cultural aspect of cloud is as important, if not more important than the technology aspect of cloud,” Thielemann said
- Cloud is always about saving money: Return on Investment is more than just financial — agencies should stay focused on improving agility and collaboration, and that, too, she said, will lead to future cost-avoidance
- “The cloud first policy said so” is a strategy: That’s a directive, and a step, but it’s not a strategy, Thielemann said. Agencies should focus on why they’re pursing cloud, then move on from there
“Human nature assumes what we can’t see, we can’t control,” said Thielemann, who later reiterated the cultural aspect is just as, if not more important than the technical hurdles to the cloud.
According to the Cloud Caucus Advisory Group’s Don’t Be a Boxhugger report, 80 percent of Feds worry CSPs can’t deliver the required security controls. But are their concerns warranted or are they fretting over the unknown?
Gartner has seen fewer breaches in the cloud than on-premise systems. Cloud provides a framework for vendors to abide by.
While many industry authorities see FedRAMP as an unnecessary burden, others see it as essential.
A panel of industry experts followed Thielemann.
“FedRAMP is a fantastic opportunity because it removes key security obstacle from cloud,” said Sanjeev Nehra, Chief Technology Officer at Dell Services Federal Government, Inc. “By itself it mitigates a lot of security concerns for a lot of people.”
Neither agencies nor their vendors are true cloud experts. And without enough cloud knowledge, there can be no industry standard.
“This takes time because we’re used to security being a rack of servers with 30 pages – now it’s a 1,000 page document outlining an abundance of inter-located systems,” said Susie Adams, Chief Technology Officer Microsoft Federal. “We don’t have enough persons of expertise to even evaluate the market.”
We’ll soon have a workforce that not only knows, but grew up in the cloud. The next generation of workers will already be intuitive with the new technology when they enter the workforce. But until then, agencies and CSPs need to continually educate their workers on the cloud’s best practices.
The cloud’s learning curve means everyone has their own definition of the cloud. This cloud-washing, as Thielemann calls it, has agencies and CSPs arbitrarily naming their systems cloud.
“On the one hand we’re seeing agencies eager to show they’re abiding by the cloud first policy and calling just about everything they tend to do ‘cloud,’ said Thielemann. “And on the other side of the fence we’re seeing a lot of vendors who want to provide as much into the environment as possible calling what they do ‘cloud.'”
Munjeet Singh, Vice President, Strategic Innovation Group – Cloud Services & Architecture at Booz Allen Hamilton, believes organizations should have a closed, safe environment to air concerns and that CSPs should want to listen.
“Training is a great tool, but don’t be afraid to ask for a deep-dive session from your service integrator,” said Singh.
Join the conversation. Post a comment below or email me at firstname.lastname@example.org.