 |
The Office of Management and Budget’s 25 point plan describes a "cloud first" policy for the Federal Government. Is the approach described in Part I, Achieving Operational Efficiency, sufficient to deliver more value to the American taxpayer? What are the strengths or gaps in the plan regarding the use of cloud computing and what types of capabilities should be moved to the cloud first (e.g., within the first 12 months)?
(Responses will be posted on an ongoing basis in January and early February.)
|
- Harry J Foxwell, PhD, Principal Consultant, Oracle Public Sector
- Ron Knode, Director, GSS, LEF Research Associate, CSC
- Peter Coffee, Head of Platform Research, salesforce.com inc.
- Kevin Paschuck, VP, Public Sector, RightNow
|
Harry J Foxwell, PhD
Principal Consultant
Oracle Public Sector
US CIO Vivek Kundra's "25 Point Implementation Plan to Reform Federal
Information Technology Management" is ambitious in its scope and
timeline. Although cloud technologies are maturing rapidly,
understanding of the benefits, risks, and costs of this approach
to IT is evolving slowly. Clearly there are cost-saving efficiencies
already being delivered through data center consolidation,
virtualization, and massively-parallel, energy-efficient, multi-core
servers and integrated systems. Further exploiting these technologies
to fully implement the NIST model of public and private cloud
infrastructures will require not only significant technology changes
but acquisition and management policy changes as well. The 25-Point
plan's focus on identifying and developing government expertise and
developing industry partnerships are essential first steps.
Efforts are currently underway within multiple government agencies
to fulfill some of the 25 Point goals related to "commodity IT
services" such as government-wide "cloud email". While even this
project is a major undertaking, it is among the most feasible of
the many candidates for initial cloud deployment. Converting special
purpose and highly customized agency software to the cloud model
will be much harder and will take significantly more time.
Cloud computing as a technology delivery model and as a business
model do have the potential to provide significant cost savings and
taxpayer value. But, as attractive as this may seem, its benefits
should not be oversold nor its costs and risks underestimated.
Additionally, although the "cloud first" policy is well intentioned,
other data center consolidation technologies should not be overlooked.
For more information: http://blogs.oracle.com/drcloud/
Posted: January 28, 2011
|
Ron Knode
Director, GSS, LEF Research Associate
CSC
New Wine in Old Wineskins?
The "cloud first" policy declaration in OMB's 25-point plan of 9 December 2010 is aggressive thinking and terrific branding. The triple-play promises of economy, flexibility, and speed are precisely the kind of IT payoffs that any enterprise would want.
However, these promises are themselves based on another promise in the same plan, i.e., the promise of a cloud strategy that can deliver safe and secure cloud adoption across the U.S. government. While there is much to like about the ambitious vision and the no-nonsense "let's get going now" message for cloud processing in the plan, real success hinges on making the underlying promise of a practical cloud strategy come true. That promise is the more difficult one. It must respond not only to the needs and realities expressed by (government) cloud consumers, but also to the needs and realities of cloud service providers who can actually deliver these payoffs. Only when both constituencies are accommodated in strategy and mechanics can we move from a hit or miss "Ready, Fire, Aim" process to a reliable "Ready, Aim, Fire" process for cloud adoption and payoff.
And, there's the rub. According to OMB plan, the promise for a practical cloud strategy is rooted in the development of standards for cloud service security, interoperability, and portability. The initial public draft of the Proposed Security Assessment & Authorization for U.S. Government Cloud Computing took a healthy first swing at such standards, but does not yet tend to the needs of all the constituencies involved. Continuing ambiguity about overall risk governance and accountability, a monitoring framework that excludes the cloud consumer, and a complicated scheme for trying to shape Spec Pub 800-53 for cloud services all present high hurdles to overcome.
One cannot but wonder if the biblical admonition against "pouring new wine into old wineskins"1 must be observed here. Trying to bend the conventional machinery for C&A into a community process for "A&A" without clarifying who is accountable for risk acceptance in cloud services only slows cloud adoption. The attempt to fashion existing Spec Pub 800-53 controls into a set of requirements suitable for cloud processing is laudable, but does not suit the consumption model of the cloud. In other words, the old wineskins of traditional C&A models and Spec Pub 800-53 cannot yet handle the new wine of cloud processing.
Until we fulfill the promises made in the OMB plan, we will be constrained to applications that satisfy the compensating techniques first introduced in "Digital Trust in the Cloud" and subsequently amplified in other places. We can gain some benefit from "safe" applications like non-sensitive email, development and test, backup and restore, and even a bit of collaboration and social networking. But, such applications do not deliver the kinds of payoff we need and expect from cloud processing.
In his earlier blog on this matter Chris Hoff declared "we're gonna need a bigger boat." Simply enlarging the vessel may not be enough. The biblical warning declares that “both the wine and the skins will be ruined”1 if we try to pour new wine into old wineskins. The new wine of cloud processing may well need completely new wineskins (standards and practices) for us to enjoy the rich bouquet of enterprise payoffs.
See the full blog response at http://www.csc.com/cloud/blog.
For further information, please contact Ron Knode at: rknode@csc.com
Posted: February 1, 2011
|
Peter Coffee
Head of Platform Research
salesforce.com inc.
When we answer the call for greater operational efficiency in IT operations, we should heed the warning ascribed to Peter Drucker: "There is nothing so useless as doing efficiently that which should not be done at all." Improved execution of current task portfolios is not enough: we should further strive to eliminate, or at a minimum delegate, any activity that does not directly contribute to mission performance. Tens of thousands of organizations use massively scalable multi-tenant services ("public clouds") to pursue that course successfully today.
U.S. CIO Vivek Kundra quickens the pace with his vigorous mandate to consolidate at least 800 data centers by 2015. This goal has the crucial merits of being countable, achievable, and uncomfortable. This goal will not be achieved by picking the low-hanging fruit of redundant or obsolete systems that are readily and painlessly retired as soon as someone decides to do so. Meeting Kundra's challenge will require fresh thinking about who performs what functions, and who needs to own what capabilities – but it will not require lowering our standards for what constitutes satisfactory performance.
Indeed, the National Institute of Standards and Technology has urged us all to treat the move to the cloud as an opportunity for substantial improvements in IT reliability and governance. In its newly released draft document, "Guidelines on Security and Privacy in Public Cloud Computing," NIST correctly asserts that.
Potential areas of improvement where organizations may derive security benefits from transitioning to a public cloud computing environment include the following:
- Staff Specialization: opportunity for staff to specialize in security, privacy, and other areas
- Platform Strength: Greater uniformity and homogeneity facilitate platform hardening and enable better automation of security management
- Resource Availability: Redundancy and disaster recovery capabilities are built into cloud computing environments
- Backup and Recovery: Data maintained within a cloud can be more available, faster to restore, and more reliable
- Mobile Endpoints: clients are generally lightweight computationally and easily supported
- Data Concentration: less of a risk than having data dispersed on portable computers or removable media
This list can aid us in choosing our targets for rapid cloud adoption. We should look for tasks requiring maximum speed and flexibility in deployment to mobile personnel or to frequently relocated sites. We should look for tasks requiring access to large collections of data, but using focused subsets of that data in typical situations. We should look for tasks requiring precise grants of privilege, and rigorous accountability for who has done what with sensitive information. All of these are criteria for which the cloud does not merely meet expectations, but rather elevates the standard of practice as widely demonstrated by enterprise customers today.
CIO Kundra's challenge comes at a time when technical transformation coincides with cultural readiness to consider dramatic change. Tightening resource constraints, combined with broad and growing public adoption of cloud services in both workplace and personal activities, create a powerful push-pull incentive to act – and a basis for confidence in the outcome.
For further information, please contact Peter Coffee at pcoffee@salesforce.com or see his blog at http://cloudblog.salesforce.com/
Posted: January 4, 2011
|
Kevin Paschuck
VP, Public Sector
RightNow
'Cloud First'—An Important Move in the Right Direction
Federal CIO Vivek Kundra's 25-Point Implementation Plan to Reform Federal IT Management, is an important move in the right direction. With cloud technology positioned prominently at the center of the initiative, we are beginning to see a real shift toward recognizing the major benefits, including significant cost savings and decreased implementation times, that government can realize from cloud-based solutions.
The plan outlines a 'Cloud First' policy, which mandates that each agency identify, within three months, three 'must move' IT services and move one of those services to the cloud within 12 months. The remaining services should transfer to the cloud within the next 18 months.
Additionally, approval is reserved for major IT programs that utilize a modular approach, with new customer-facing functionality provided every 6 months.
This is an important component and also addresses President Obama's Memorandum on Transparency and Open Government, issued on January 21, 2009. In this memo, the President outlined the Administration's commitment to creating an unprecedented level of openness in Government and instructed the heads of executive departments and agencies to work together to ensure the public trust and establish a system of transparency, public participation, and collaboration. Cloud technology can help federal agencies comply with this mandate.
To deliver on the promise of open government and the plan to reform federal IT, agencies must identify services to transfer to the cloud. Specifically, Web Self Service applications and Pilot Programs are a good starting point to identify the best solutions for specific agency needs.
Coupling cloud solutions with Web self-service applications is an effective means to simultaneously improve constituent services and reduce overhead costs. With Web self-service, constituents can find information that they need on an Agency website quickly, without having to contact a live person. Additionally, the cloud provides Federal agencies with several benefits:
- Lower total cost of ownership
- Benefits from frequent solution innovation
- Increased reliability
- Speedy, measureable results on open government initiatives
Whether in the public or the private sector, identifying the appropriate IT solutions can be a daunting task. For this reason, working with vendors that provide pilot programs is a critical component in the decision making process. One of the unique things about cloud computing is the ability to test the solution first—before signing a contract. Identifying proof points and results up front, prior to making a large investment, is critical to ensuring success.
Cloud solutions provide the scalability that government agencies require to meet constituent needs—eliminating digital capacity limitation worries. By transitioning to the cloud, agencies tap into an infrastructure that is as flexible as their needs are varied. Undoubtedly, these are some of the primary reasons why cloud is positioned as the center stone of the Administration’s plan.
Posted: February 10, 2011
|
If you would like to contribute an answer to this question, or future questions, please Contact Us. Terms and Conditions of Use
|
|
If you are from a U.S. government agency or DoD organization and would like to pose a question for this forum, let us know.
Welcome
"Ahead in the Clouds" is a public forum to provide federal government agencies with meaningful answers to common cloud computing questions, drawing from leading thinkers in the field. Each month we pose a new question, then post both summary and detailed responses.
Current Month
January 2011
|
|
|
