cloud (PranFoto/


Four reasons for agencies to embrace the cloud instead of fearing it

Cloud computing has existed for about as long as hashtags, YouTube videos and iPhones. Today, the latter items are firmly embedded not only within our technological universe, but our cultural identity and daily conversations. And for private industry and consumers, the cloud too has emerged as a familiar, reliable resource for business tasks and work/life assistance.

So why does the cloud so often still inspire the classic symptoms of FUD -- fear, uncertainty and doubt -- among federal agencies?

Few, after all, are taking sufficient advantage of cloud solutions and their proven delivery of modernized application portfolios, improved services, increased efficiencies and reduced costs. The Office of Management and Budget, for example, has set the governmentwide target for cloud computing investment as 15 percent of total IT allocations, but no agencies are meeting that standard, according to the “State of Federal Information Technology” report published by the CIO Council in January this year. Actually, the government is expected to spend about $2 billion on cloud services out of a total of $80 billion in IT spending in FY 2016, or just 2.5 percent.

“While agencies see value in adopting cloud-based solutions, they continue to face challenges in doing so,” according to the report. “Longstanding federal procurement policies, geared towards long-term, large-scale investments, do not always support the more incremental, agile acquisition model (e.g., only buy additional capacity when it is needed) offered by cloud providers,” the report said. "Additionally, the risk of vendor lock-in and concerns around multitenancy and data sovereignty continue to be issues. Finally, the need for upfront capital planning and investment to adhere to federal budget cycles does not align with the pace of innovation which, in turn, slows the pace of adoption.”

Beyond these challenges, a wide range of intimidating questions continue to hold agencies back: Which cloud solutions should we adopt? How can we benefit from “stacking” infrastructure as a service, platform as a service  and software as a service? How will we know that these solutions will be reliable, secure and cost-effective? Where does our data go, and will we continue to maintain access – and control – of it? Where do we start?

Fortunately, agency IT decision makers can successfully address such questions, thanks to these ongoing developments:

Incremental cloud investment. In retirement planning, investors should maintain a diversified portfolio of stocks, bonds and other choices. Similarly, agencies are not obligated to migrate every single on-premise technology function to the cloud. It isn’t some kind of mysterious beast that must be conquered in its entirety overnight.

Instead, think incrementally, with tiny, quick steps. Consider smaller applications that can migrate -- timesheets or other business functions, as opposed to, say, a missile launch system. Once these are up and running, immediately assess whether the cloud brings greater, positive impact. If it saves operational time and expenses without any unacceptable consequences and/or disruptions, work on the next areas to migrate.

Secure cloud architecture. Security in the cloud, of course, has always raised significant reservations. If you can’t see it or touch it, as traditional thinking went, how can you protect it? But many organizations are realizing that such apprehensions are overstated. Two-thirds of IT leaders, in fact, believe that the cloud is either as secure or more secure than on-premises tech, according to research from the Cloud Security Alliance.

Still, questions linger. “If all of my technology is on-premise,” an agency official might say, “then it’s much easier to ‘put a fence’ around it. The cloud, in contrast, will result in a perimeter with no boundaries. Everything will be ‘out there’ scattered about, especially if we hire multiple vendors.”

But, again, by taking smaller steps, agencies can gain more control over what they have. The cloud is about all things “as a service.” Generally, this breaks down into the aforementioned trio of IaaS, SaaS and PaaS.

Think of IaaS as the cloud-enabled service that “builds the foundation” upon which SaaS and PaaS deliver new tech/business tools via apps and platforms. But agencies can invest in one or two of these without buying into the other. They can keep the existing infrastructure, for instance, on-premise through a private cloud, and layer SaaS and PaaS on top of it. This will pave the way for more internally implemented protection. Alternatively, they can experiment with as-a-service solutions for a small use cases to gauge how security is affected in an area that doesn’t involve major consequences. Then, after they see what works and what doesn’t, they can  apply best practices to larger deployments.

Data and app independence. Like the trepidations over security, there’s a foreboding sense of “can’t see or touch it … can’t control it” when it comes to data and apps. That’s understandable. IT managers don’t want their data and apps trapped by a vendor. They want to access their data within the cloud and take it wherever it needs to go -- including an on-premise location.

The good news here is that vendors are now offering data and app independence. Contrary to the misgivings expressed about data sovereignty in the CIO Council report, vendors are encouraging more flexibility in data ownership and oversight. In addressing the report’s cited concerns about vendor lock-in, they’re making PaaS and SaaS solutions compatible with multiple IaaS providers, meaning that agencies can use the apps they want and not the ones that Microsoft Azure or Amazon Web Services require.

Expensive developers not required. So-called “no code” cloud solutions are growing increasingly popular. Here’s how it works: Agencies pay for the PaaS solution to build apps, which they configure for users’ requirements in essentially drop and drag fashion, because the app comes with a “canvas” already in place. This results in light scripting requirements for the agency, not hardcore development. Subsequently, new apps can be deployed within weeks instead of months.

Sure, IT managers may still have questions about the cloud. But, through incremental adoption, they’ll find out what makes for the best fit for their agency with minimal, negative outcomes. They can maintain control over data and apps, while ensuring that they’re protected from cyber adversaries. Through no-code solutions, they can boost agility -- getting new tech tools to users when they need them as opposed to months from now. In the process, they’ll empower a more capable, productive workforce while saving on costs.

The one thing that’s stopping agencies from getting started is, well, getting started. So don’t let “where do we begin?” syndrome keep your agency from performing at its best potential.

About the Author

Rick Hill is senior vice president at HumanTouch.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Tue, Apr 11, 2017 deepa nair

The early stages of moving to the cloud should include careful planning, a well-defined strategy and a clear understanding of business needs. This year, 42% of IT decision makers plan to increase spending on cloud computing. The reality is, cloud is the new normal. Most startups and smaller businesses are building their entire infrastructures in the cloud. For larger organizations, cloud initiatives are in the majority of long term strategic discussions.The security concerns of years ago are also fading fast. For example, the CIA implemented a cloud hosting solution for 17 agencies of the intelligence community couple of years back. In fact, many argue an IT environment hosted by an experienced cloud provider is more secure than an on premise solution. Beginning the process of evaluating cloud environment options is important. Some indicators that will help you decide which cloud model is best for your applications: Public - Long term storage needs, Data storage of any kind, Capacity spikes and bursts, Testing environments and New applications with uncertain demand Private- Applications with predictable usage patterns and low storage costs, Need for customized storage and networking components, Compliance and data sovereignty requirements, Development and testing environments Hybrid - Large organizations that want to explore the scalability of a public cloud, ERP systems running on an outdated private server infrastructure, Need to cover the gaps between legacy and newer systems and untested workloads. additional read on hybrid cloud

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group