Successful cloud projects require agency introspection first
Move to the cloud is a marathon, not a sprint
The Justice Department will be consolidating the storage systems of 250 offices, which serve 18,000 U.S. attorneys. The destination: the cloud, according to Federal CIO Vivek Kundra, who announced the project in April at the White House Forum on Transforming Federal Information Technology Management. That’s no small task, said Mitchell Ummel, director of the Cutter Consortium’s Government Public Sector Practice. To succeed, Justice, like other agencies and organizations taking the leap into the cloud, must take several things into consideration.
For one, even though it doesn’t take very long to provision a cloud-based service or infrastructure, CIOs and IT executives should remember that even cloud-based projects should be viewed as a marathon instead of a sprint. “They should look at the risk and move applications and services to the cloud based on cost and risk,” Ummel said. “There’s an analysis that needs to be done first.”
Ummel suggested creating an enterprise cloud computing road map first and, after you know what you’d like to move, uncover the main drivers for your desire to move to the cloud. “Are the principal drivers cost, agility, flexibility, time to market? What are the long-range business objectives or outcomes to be obtained?” he asked.
After IT executives can answer these questions, they can start looking for viable cloud service providers. This step will become easier as the federal government’s Federal Risk and Authorization Management Program (FedRAMP) gets closer to its end goal: providing a security accreditation and authorization program that will vet cloud providers.
FedRAMP is significant because there are very few standards available for assessing potential cloud providers. Even though the program is still in its early stages, it’s something to watch and get involved with. Even though there’s more work to be done, it will be a far shorter process than waiting for the private sector to develop formal standards for the cloud, something that may take years, said Deniece Peterson, senior manager of federal industry analysis at research and market intelligence firm Input. “Once FedRAMP is complete, an agency with a need will be able to choose a provider based on consistent data and information,” she explained.
Until FedRAMP is rolled out, organizations will still need to do much of their own legwork, asking potential providers about security policies, portability of data, interoperability and procurement. For example, any provider that doesn’t use open standards should be immediately ruled out. Even if a provider has all the right answers, it’s not a good idea to take a vendor’s verbal promise. Requirements should be spelled out explicitly in a contract before a single file is moved from the data center to the cloud, said Dennis Hurst, founding member of the Cloud Security Alliance. The contract should also include a clear description of audit, compliance and security requirements that vendors will be subjected to. “Some audits might ask how data is backed up or how they handle segregation of duties,” he said. Uptime guarantees should also be included in the contract, and IT executives should have an understanding of the cloud service’s availability and security architecture, Ummel said.
Only when everything is in place should an organizations launch a cloud computing pilot, and even after it goes live, there’s still more work to be done.
Organizations must identify and capture metrics including cost and time savings and customer satisfaction so they can extrapolate pilot results for additional cloud implementations in the future, Ummel said. Finally, executives should remember that the old set-it-and-forget it trajectory is what got most of them into trouble in the past. Even in the cloud, there can be room for improvements and changes. “Continually review and revise your [cloud computing road map] at least once annually,” Ummel said. “The enterprise cloud computing market and vendor landscape is rapidly evolving, and new opportunities will continually present themselves.”