4 keys to success in the cloud
- By Gregg Mossburg
- Jul 25, 2011
The federal government’s cloud-first mandate, calling for agencies to move three services to the cloud by mid-2012, has given cloud computing a substantial boost.
However, agency leaders who worry that cloud migrations could introduce security problems or hamper an application’s performance may be tempted to move relatively minor or inconsequential applications, such as a rarely-used website, to the cloud.
Just checking the “cloud mandate box” would do little to help their agencies achieve cloud’s promised short- and long-term value.
How to secure data in the cloud? Stick with it like glue.
Done right, a virtualized cloud can improve security, DHS official says
The key to a successful cloud migration is identifying applications that will generate the most benefits when moved to the cloud, such as cost savings, scalability of services and streamlined IT and services management. Achieving these benefits can be accomplished without sacrificing performance or security. In fact, cloud computing can enhance security.
Two of the highest-profile recent initiatives supported by the cloud were the FederalReporting.gov and Recovery.gov websites created by the Recovery Accountability and Transparency Board to collect, track, and provide transparency for citizens to see how stimulus funds were spent.
In explaining the decision to migrate the first governmentwide system to a cloud-based environment, board Chairman Earl Devaney said the initiative would save $750,000 over 18 months (about 4 percent of the Board’s budget), conserve energy, provide faster service to users as well as enable the Board to concentrate its efforts on oversight and fraud detection and strengthen security. The Board was able to achieve these results by moving important mission responsibilities to the cloud.
Agencies can get a similar payoff if they identify and move applications that provide important services or functions for their organizations. These would include back-office and mission-critical applications as well as many small but critical systems implemented on older, stand-alone technology or servers.
These systems are good candidates for the cloud as they may have a higher risk of failure if left in their current state. Also, if an agency is looking at pilot projects or investments in new features that are only used periodically, there’s a strong case to be made for using a lower-cost cloud solution to determine if it will work.
So how do agencies begin? Here are four guiding principles for cloud success:
1. Buy service, not just servers.
While cloud server time often is purchased as a commodity, successful agency cloud initiatives will consider the management services required to deliver their systems.
Management services that are important for federal cloud success include: system management, maintenance and security; backup and restore; access and user administration; operating system and application administration; capacity planning; change control; documentation and maintenance; help desk; disaster recovery and continuity of operations; patching; compliance; and vulnerability scanning.
2. Strengthen security by using federally certified and accredited cloud providers, products and services.
Agencies can take advantage of the cloud infrastructure services that have been designed specifically to meet the demands of federal agencies for Federal Information Security Management Act (FISMA) low and moderate security environments.
Similarly, the Federal Risk and Authorization Management Program (FedRAMP) offers greater assurance of security by providing a standard approach to assessing and authorizing cloud computing services and products used by federal agencies. Agency applications can actually be more secure in the cloud than they are in many existing infrastructures, especially those based on legacy platforms using legacy controls.
3. Include people, process and agency-specific mission requirements in decision-making.
Cloud technology will not deliver the desired return on investment without addressing all of the people and processes that are needed to manage effective systems. For example, if an agency does not put in place governance, best practices and change management processes, anyone could create virtual machines and the resulting sprawl would eliminate the cloud’s value or savings. It’s also important that an agency’s specific mission requirements drive the selection of the right cloud solution to help ensure short- and long-term results for each agency’s unique needs.
4. Take advantage of governmentwide cloud programs.
The General Services Administration is leading the way by making secure, robust cloud services available to agencies of every size through a Blanket Purchase Agreement (BPA) that provides Infrastructure as a Service (IaaS) for cloud storage, virtual machines, and cloud hosting. As mentioned, FedRAMP also provides greater assurance of security for agencies implementing cloud services and products. By building upon these and other federal cloud efforts, agencies can meet mandated timetables and accelerate potential savings without having to start from square one.
A valuable resource will also become available to agencies tomorrow, July 26, with the release of a report from the TechAmerica Foundation’s Commission on the Leadership Opportunity in U.S. Deployment of the Cloud (CLOUD2). The Commission was established to develop recommendations for deploying cloud technologies in government and the subsequent report will include a “buyer’s guide” that will help agencies identify which applications are the best candidates for migrating to the cloud and how best to execute the cloud migration securely and effectively.
Over the past year, cloud computing has gained significant momentum among agency CIOs and other federal IT leaders. From a vision perspective, there’s a clear, reliable, and secure path to cloud computing. Now, the vision needs to move into implementation on a broader scale. The benefits are compelling and can be achieved—if agencies take advantage of existing government resources and implement robust, integrated services management to help them move to the cloud.
Gregg Mossburg is a senior vice president at CGI and a commissioner on TechAmerica's Cloud2 Commission.