Four reasons for agencies to embrace the cloud instead of fearing it
Cloud computing has existed for about as long as hashtags, YouTube videos and iPhones. Today, the latter items are firmly embedded not only within our technological universe, but our cultural identity and daily conversations. And for private industry and consumers, the cloud too has emerged as a familiar, reliable resource for business tasks and work/life assistance.
So why does the cloud so often still inspire the classic symptoms of FUD -- fear, uncertainty and doubt -- among federal agencies?
Few, after all, are taking sufficient advantage of cloud solutions and their proven delivery of modernized application portfolios, improved services, increased efficiencies and reduced costs. The Office of Management and Budget, for example, has set the governmentwide target for cloud computing investment as 15 percent of total IT allocations, but no agencies are meeting that standard, according to the “State of Federal Information Technology” report published by the CIO Council in January this year. Actually, the government is expected to spend about $2 billion on cloud services out of a total of $80 billion in IT spending in FY 2016, or just 2.5 percent.
“While agencies see value in adopting cloud-based solutions, they continue to face challenges in doing so,” according to the report. “Longstanding federal procurement policies, geared towards long-term, large-scale investments, do not always support the more incremental, agile acquisition model (e.g., only buy additional capacity when it is needed) offered by cloud providers,” the report said. "Additionally, the risk of vendor lock-in and concerns around multitenancy and data sovereignty continue to be issues. Finally, the need for upfront capital planning and investment to adhere to federal budget cycles does not align with the pace of innovation which, in turn, slows the pace of adoption.”
Beyond these challenges, a wide range of intimidating questions continue to hold agencies back: Which cloud solutions should we adopt? How can we benefit from “stacking” infrastructure as a service, platform as a service and software as a service? How will we know that these solutions will be reliable, secure and cost-effective? Where does our data go, and will we continue to maintain access – and control – of it? Where do we start?
Fortunately, agency IT decision makers can successfully address such questions, thanks to these ongoing developments:
Incremental cloud investment. In retirement planning, investors should maintain a diversified portfolio of stocks, bonds and other choices. Similarly, agencies are not obligated to migrate every single on-premise technology function to the cloud. It isn’t some kind of mysterious beast that must be conquered in its entirety overnight.
Instead, think incrementally, with tiny, quick steps. Consider smaller applications that can migrate -- timesheets or other business functions, as opposed to, say, a missile launch system. Once these are up and running, immediately assess whether the cloud brings greater, positive impact. If it saves operational time and expenses without any unacceptable consequences and/or disruptions, work on the next areas to migrate.
Secure cloud architecture. Security in the cloud, of course, has always raised significant reservations. If you can’t see it or touch it, as traditional thinking went, how can you protect it? But many organizations are realizing that such apprehensions are overstated. Two-thirds of IT leaders, in fact, believe that the cloud is either as secure or more secure than on-premises tech, according to research from the Cloud Security Alliance.
Still, questions linger. “If all of my technology is on-premise,” an agency official might say, “then it’s much easier to ‘put a fence’ around it. The cloud, in contrast, will result in a perimeter with no boundaries. Everything will be ‘out there’ scattered about, especially if we hire multiple vendors.”
But, again, by taking smaller steps, agencies can gain more control over what they have. The cloud is about all things “as a service.” Generally, this breaks down into the aforementioned trio of IaaS, SaaS and PaaS.
Think of IaaS as the cloud-enabled service that “builds the foundation” upon which SaaS and PaaS deliver new tech/business tools via apps and platforms. But agencies can invest in one or two of these without buying into the other. They can keep the existing infrastructure, for instance, on-premise through a private cloud, and layer SaaS and PaaS on top of it. This will pave the way for more internally implemented protection. Alternatively, they can experiment with as-a-service solutions for a small use cases to gauge how security is affected in an area that doesn’t involve major consequences. Then, after they see what works and what doesn’t, they can apply best practices to larger deployments.
Data and app independence. Like the trepidations over security, there’s a foreboding sense of “can’t see or touch it … can’t control it” when it comes to data and apps. That’s understandable. IT managers don’t want their data and apps trapped by a vendor. They want to access their data within the cloud and take it wherever it needs to go -- including an on-premise location.
The good news here is that vendors are now offering data and app independence. Contrary to the misgivings expressed about data sovereignty in the CIO Council report, vendors are encouraging more flexibility in data ownership and oversight. In addressing the report’s cited concerns about vendor lock-in, they’re making PaaS and SaaS solutions compatible with multiple IaaS providers, meaning that agencies can use the apps they want and not the ones that Microsoft Azure or Amazon Web Services require.
Expensive developers not required. So-called “no code” cloud solutions are growing increasingly popular. Here’s how it works: Agencies pay for the PaaS solution to build apps, which they configure for users’ requirements in essentially drop and drag fashion, because the app comes with a “canvas” already in place. This results in light scripting requirements for the agency, not hardcore development. Subsequently, new apps can be deployed within weeks instead of months.
Sure, IT managers may still have questions about the cloud. But, through incremental adoption, they’ll find out what makes for the best fit for their agency with minimal, negative outcomes. They can maintain control over data and apps, while ensuring that they’re protected from cyber adversaries. Through no-code solutions, they can boost agility -- getting new tech tools to users when they need them as opposed to months from now. In the process, they’ll empower a more capable, productive workforce while saving on costs.
The one thing that’s stopping agencies from getting started is, well, getting started. So don’t let “where do we begin?” syndrome keep your agency from performing at its best potential.
Rick Hill is senior vice president at HumanTouch.