Cloud computing has become synonymous with federal IT modernization, emerging as a paramount necessity for agencies to bring their mission-critical operations into the 21st century. Yet, the government’s track record for implementation has been anything but consistent, impaired by learning curves, misconceptions, and institutional barriers.
To successfully implement cloud services, agencies must understand and address diverse issues that complicate their decision making and deployment:
- Types of cloud services
- Various levels of cloud security
- Evaluating providers
- Executing an implementation plan
The Right Service
As agencies make the transition to cloud infrastructure and systems, it’s critical for the decision makers to understand the difference types of cloud services and which service can meet their need:
Software as a Service (SaaS): Use of SaaS applications moves the task of managing and updating software to a third party, reducing and in some cases, eliminating the need for technical staff. Instead of downloading the software, its accessible in your web browser. All software has a SaaS option these days, ranging from computing basics such as Word, Excel, or PowerPoint to customer relationship management (CRM) software, such as Salesforce, who pioneered commercial SaaS.
Platform as a Service (PaaS): PaaS provides a plug-andplay environment for technical and non-technical users to build, deploy, and manage software, which removes much of the underlying work needed to support such efforts. Examples include Salesforce App Cloud and Microsoft Azure.
Infrastructure as a Service (IaaS): The fundamental building block of cloud computing, IaaS removes the user from the details of infrastructure, such as physical computing resources. This allows an organization to keep functioning even during unforeseen circumstances. Currently, Amazon Web Services (AWS) is the market leading IaaS.
With a variety of options and variations within each type of cloud service, it can be daunting for agencies to sort through it all. When deciding what service is potentially best, agencies should focus on their business strategy first and then weigh the risks and rewards of each to determine what cloud would be the best fit.
Security is Paramount
For nearly every federal agency, security and information assurance is a chief concern and often leads to skepticism of cloud adoption. However, depending on the sensitivity of the data being stored there are different cloud models that can securely accommodate agency needs.
In a public cloud, the services and infrastructure are provided off-premise via the internet, which can include such services as departmental email. The public cloud also offers the greatest opportunity for cost savings by removing the need to purchase and maintain the infrastructure. Conversely, a private cloud is one that is maintained by the user on a private network. With greater security, conventional wisdom has held that more sensitive information be stored in a private cloud. Lastly, a hybrid cloud uses a mix of public, third-party and private on-premise components, which allows agencies to place some services in public clouds and more sensitive services in private clouds. This is a common option among some agencies as it lowers cost but maintains an acceptable level security.
Although the government faces new and persistent threats routinely, the security concerns associated with migrating to cloud computing are, to some degree, a problem of perception. Agencies deploy private clouds roughly as often as public clouds.
To feel confident data is secure, CIOs need to assess what information is being stored and the level of security their agency needs. However, this also means letting go. Undoubtedly, entrusting vast amounts of data to a third-party can be daunting, leading many CIOs to be wary of cloud providers’ data security.
Selecting a Provider
At the end of the day, there may be some data or applications government agencies won’t feel comfortable letting out of their sight. Notwithstanding, many cloud providers invest heavily in secure cloud solutions specifically for the federal government as part of security and compliance measures set forth by the Federal Risk and Authorization Management Program (FedRAMP).
Created at the on-set of the government’s move toward cloud computing, the goal of FedRAMP was put in place to establish a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for cloud products and services. The approach, “do once, use many times” framework works to vet cloud providers and ensures rigorous compliance’s that meet federal standards.
Still, mistakes can be made from inadequately vetting a provider when it comes to application development and user needs. Even if a provider is FedRAMP certified, agencies should still conduct their own security assessment, including a review of FedRAMP documentation and assessing agency-specific requirements.
Planning Migration and Deployment
Government IT departments face unique challenges when migrating to the cloud because of regulatory, security, and application requirements. Therefore, having a well thought out plan is key in the overall success of cloud deployment. Agencies should consider a variety of factors when developing a cloud migration strategy, such as contingency planning, operational impact, and data recovery.
Many of the missteps that occur during cloud migration are generic with little cause for concern, but agency IT officials should possess the specialized knowledge required for cloud platforms. Many government agencies lack the necessary expertise or experience to oversee cloud migration. Working with a trusted third party implementation partner can help facilitate the transition.
Even with a plan in place, the greatest challenge federal agencies often face when moving to the cloud is fear of moving away from what’s worked in the past. Despite understanding the potential benefits that cloud computing provides, it’s challenging to institute systemic change. Lack of expertise, security concerns, and migration challenges can play into the cultural resistance some agencies experience.
To aid in the transition, CIOs play an essential role in facilitating cloud deployment and helping agencies overcome these cultural barriers. Sitting at the intersection where technology and business challenges meet, they are uniquely positioned to address the complex challenges of migrating to the cloud.
While federal agencies have come a long way toward cloud adoption, undoubtedly many challenges remain. Today, the government has reached a pivotal moment with how they serve the American public. The rapid digitization of how information is shared and consumed has raised the expectation of how agencies deliver services to American citizens. By understanding and confronting the challenges associated with bringing government IT into the 21st century, agencies will be better equipped to serve the American people.
About the Author
Alex Tzavellas serves as Practice Marketing Manager where he supports MIL’s cloud solutions marketing and sales efforts. He specializes in developing and executing strategies for federal and non-profit clients.