Federal CIOs are trying to make sense of administrative mandates to embrace cloud computing as a key component of IT investment. Decision-makers need to ask themselves three important questions as they develop cloud computing strategies.
First, what constitutes cloud computing? The answer may seem obvious, but the rhetoric masks a complex set of competing policy priorities that will drive procurement and deployment decisions. Next, how “cloudy” can your organization be? Last, what deployment best practices can be learned from pioneers who have settled the frontiers of virtual government? Cloud computing practices and infrastructure are disruptive to traditional hierarchical organizations, often changing them in unanticipated ways.
What Is the Cloud, Anyway?
The Office of Management and Budget has mandated a cloud-first focus for IT investments. Two recent events have provided much-needed clarification. First is the publication of “The NIST Definition of Cloud Computing,” a set of definitions for key cloud elements issued by the National Institute of Standards and Technology in September. Second is a set of remarks by new federal CIO Steven VanRoekel.
In his first major address, VanRoekel nuanced the administration’s cloud-first position by referring to it as “shared-first,” and outlining a series of “future-first” initiatives focused on the nuts and bolts of XML, web services and virtualization that I believe will help harried IT professionals make practical investment decisions. Most CIOs will recognize their own organizations in his remarks and come away with a clearer understanding of what needs to be done. VanRoekel seems like an “eyes on the horizon, but feet on the ground” kind of leader, a practical visionary who deserves our support.
Not everything can or should be put into the cloud, and it’s important for government executives to say so with confidence and authority. All data covered by the Privacy Act should receive special scrutiny, with the rebuttable presumption that it stays strictly in government hands unless a full risk analysis is conducted. Although this level of care might be frustrating for cloud proponents, nothing would set back the cloud computing agenda more than a major spill of personally identifiable information from a cloud provider. Plenty of commercial opportunities exist without endangering the public trust.
How Much Cloud Is Enough?
At my own agency, the NIST/VanRoekel guidelines tell us that we have made significant progress into the cloud and are helping us make our next investment decisions. All of our back-office work is done in the cloud, and our most important law enforcement innovations are centered on the private cloud. Our real-time collaboration tools have always been in the cloud. Because we have always been cloud-centric, we work more efficiently but also more nimbly. More than one federal CIO will no doubt share in my relief at discovering that his or her agency is already partly cloudy.
How Do I Transition My Agency to the Cloud?
In order to transition smoothly to the cloud, an agency’s leadership must be fully engaged and supportive — period.
Security issues are the first line of defense for the unwilling, because they are both superficially reasonable and difficult to discuss in any practical way with non-IT managers. Smart CIOs deal with security up front and immediately, with full FISMA certification as part of the governance process.
Experienced change managers don’t try to boil the ocean. They identify a small group of early adopters and prove out both their infrastructure and their methods. A great reference is Everett M. Rogers’ book Diffusion of Innovations. Early adopters always make the best evangelists.
Government today has more mission than manpower, and the problems we are called on to solve are bigger than our stovepipes. By seeking practical ways to embrace the cloud’s elegant possibilities, we will earn a better return for the taxpayers we serve.