The Federal Government Embraces the Cloud

The next time you want to complain about the problems your company is facing while moving from a traditional asset-based IT infrastructure to a service-based cloud computing infrastructure, consider Vivek Kundra’s situation. As the federal government’s first CIO, he has the task of reducing the cost of his 80 billion dollar IT budget while increasing its flexibility. And like every other CIO who wants to keep his or her job, he’s been looking seriously at the advantages that cloud computing can provide. Unlike many other CIOs, however, he’s commanding his organization to begin using the cloud in a big way.

Kundra keynoted the Federal Cloud Computing Strategy at the 2011 Cloud Security Alliance Summit in San Francisco. In his presentation, he detailed the many reasons the federal government needed to begin moving to this new model. First, because the government’s computing requirements are (like everyone else’s) growing dramatically, it has been building data centers at a mind-boggling pace. Keep in mind: This is an infrastructure that’s parallel to the existing commercial infrastructure even though (in many cases) the government’s needs are no different than those of commercial businesses.

In the past 10 years, the US government went from owning 432 data centers to almost 2,100 data centers—a five-fold increase. As a result, 30 percent of federal IT spending last year went straight to data center infrastructure. (As the federal government has expanded, most companies are moving in the other direction, consolidating their data centers. For example, IBM recently consolidated from about 200 data centers to 12!) In addition to the massive amount of overhead this kind of infrastructure creates, it absolutely stifles any kind of agility or innovation because there’s so much fiscal, intellectual, and emotional capital invested in it.

A Matter of Scale

In an environment the size of the federal government, the potential for savings is enormous simply because the scale is enormous. The Department of Defense (DOD) alone employs 2.3 million people; that’s more than the population of Houston. As Tim Grance—senior computer scientist for the National Institute of Standards and Technology (NIST)—points out, the DOD is so big that the private cloud it would create would be as large as all but the biggest vendor’s public cloud offerings. Kundra is targeting $20 billion worth of resources—25 percent of the federal IT budget—as being capable of moving to the cloud. The Federal Data Center Consolidation Initiative is committed to shutting down 800 data centers by 2015—almost 40 percent of the total. Of course, it’s hard to comprehend all these large numbers. There’s a saying about the federal government: “A billion here, a billion there, pretty soon you’re talking real money.”

But the challenges are also enormous. At the 2010 Gartner Data Center Conference, a survey of the data center managers in attendance showed that one of the biggest challenges in moving to a service-oriented approach is the consolidation and pooling of resources. Doesn’t your company have sets of servers owned by and dedicated to a single business unit? How eager are they to give them up and instead work from a pool of servers shared by the entire company? No business has more strongly held balkanization and fiercely held fiefdoms than the bureaucracy of the federal government. Getting everyone to play together will take strong leadership from the top, time, and more than a little patience.

Kundra's strategy is that each agency must identify at least three systems to move to the cloud in the next 18 months or so. These systems need to be important core workflow systems, not just ancillary systems. Some easy wins, such as email migrations, are already being showcased. For example, www.recovery.gov simply moved its website from its existing infrastructure to the Amazon cloud. This move saved $750,000 annually—money that the government is now using to fight fraud. The Department of Agriculture moved its email from traditional systems to Microsoft’s Azure cloud platform in a big way: 120,000 users moved from 21 separate email systems to one consolidated system, saving $27 million annually. Besides saving money, the cloud solution allowed USDA workers to use online versions of Microsoft SharePoint, Office Communications, and Live Meeting.

They must be dancing in the streets at the USDA. Kundra remarked that all the customers he talks to in the government “hate the enterprise software they’re using. There's a huge technology gap compared to their personal lives. They feel like they're going back in time when they go into the office.” That's the gap Kundra is trying to close.

The Department of Health and Human Services is using Salesforce.com to issue electronic health record requests to more than 100,000 physicians, reducing turnaround time from one year to three months. The General Services Administration is moving 17,000 users to Google Apps, saving $15 million annually. The Army Experience Center is now using a customized version of Salesforce.com to cut costs dramatically. Initial bids to upgrade the existing system, which relied on traditional infrastructure, ranged from $500,000 to over $1 million, while initial pilots of the new software-as-a-service (SaaS) solution cost as little as $54,000 .

Key Areas

To start turning this governmental juggernaut in the direction of cloud computing, the report lays out several areas of focus. Here are three of the most important ones.

Security. The first area is, not surprisingly, security. Kundra spoke of “lowering the coefficient of friction” for vendors to work with the government IT organizations. Right now, vendors must be certified separately by every agency they want to sell to. This scenario greatly increases the cost and time for small companies to work with the government. The CIO used an example from the State Department, which spent $138 million over six years on paperwork certifications. These certifications were stored more securely than the systems they were supposed to protect!

It’s a bit dismaying to note that, though the phrase “integrated identity management” is briefly mentioned in the official presentation, it— indeed, any mention of digital identity at all—isn't mentioned in the report. I’m sure the jungle of identity stores in the federal government has no equal anywhere, so managing identity as federal IT begins to increase its cloud presence will be critical.

Adherence to standards. An important part of such a large shift is to do it as consistently as possible, so establishing and sticking to already-established standards is another focus area. Without standards, you can’t guarantee that cloud applications will be portable across service providers, and that the service providers themselves will be able to play well together. The National Institute of Standards and Technology (NIST) will logically be at the heart of this focus area; the world is already using its standard definitions for cloud computing, SaaS, platform as a service (PaaS), and infrastructure as a service (IaaS) delivery models, as well as the public, private, hybrid, and community cloud-deployment models. A side benefit of this federal cloud thrust is that the NIST is working with both government and private cloud computing stakeholders to create a vendor-agnostic reference architecture that can be used as a basis for many companies’ cloud computing efforts.

Governance. Of course, this huge shift won’t happen just by wishful thinking; it must be mandated, so governance is another focus area. A “cloud first” policy—requiring agencies to evaluate cloud computing solutions before making any new investments in traditional technology—is being put in place. This policy will be part of the budgeting process, because “the way you drive policy is through budget.” As Kundra said, “Cloud is at the heart of how we’re going to be provisioning IT in the coming years.”

IT Category Priorities

It’s important to gain early and substantial wins in any major project, and the federal government is no different. The strategy prioritizes categories of IT to be pushed to the cloud, based on the relative ease of the move and the benefits from such a migration.

Collaboration. The top priority is collaboration—no surprise, as the benefits of moving email, for example, to SaaS solutions are well known. Agencies are looking at moving email, customer relationship management (CRM), and office productivity tools in the near future. The next priority is workflow-related systems, such as employee verification, grants management, and claims processing. This is also the category that CRM systems fall into; the previous case studies are already using Salesforce.com successfully.

Infrastructure. The next priority is the IT infrastructure itself. Kundra spoke of “abstracting the entire infrastructure”—in other words, infrastructure as a service, from simple public websites to a much broader adoption of IaaS. This will start with application development and testing, and will eventually work toward virtualized data centers. The Department of Transportation is looking closely at this area. This kind of migration, at a much lower level of the software stack, is far more complicated than adopting cloud-based software alone; these are definitely long-term plans.

Business intelligence. BI is the next priority, where you can use the scalability of cloud solutions to attack the enormous amounts of data that federal IT is wrestling with. Kundra said the potential is huge on this front.

Information security. The lowest category in Kundra’s priority list of categories to move to the cloud is information security. Identity management, mobile-computing management, and security management are all very difficult questions to answer in the context of a hybrid traditional/cloud environment. I think we’re all happy to hear that this is the lowest priority—but it’s important that security considerations are an integral part of all these categories.

From the Top

What Kundra didn’t really address in his remarks—but is brought up in the report itself—is the very difficult transition from an asset-based infrastructure to a service-based infrastructure. It’s not just the technological mountain of virtualization, resource pooling, and self-service automation; it’s the conversion of an extremely entrenched ownership mentality on the part of everyone in IT to an environment in which the user has a much greater degree of control over his or her own resources. In the private sector, this directly threatens the IT pro's job. It will be interesting to see what happens in the public sector, where it’s not so easy to downsize a department.

It’s refreshing to hear such remarks from the top brass in federal IT. I’m sure the government will find success in many areas. But it remains to be seen just how far down the stack cloud computing can penetrate in such a massive and well-entrenched computing environment. You can find the Federal Cloud Computing Strategy report and associated presentation at www.cio.gov.

Sean writes about cloud identity, Microsoft hybrid identity, and whatever else he finds interesting at his blog on Enterprise Identity and on Twitter at @shorinsean.