Feb 06 2012

Cloud’s Dirty Little Secret

Reaching federal goals for cloud computing will require agencies to navigate a minefield.

To date, most federal cloud projects can be characterized as low-hanging fruit — e-mail migration, website migration, use of commercial software as a service offerings that are mainly stand-alone applications. While each of these pro­jects has a business case supporting the migration, taken together they won’t make much impact on the overall goal of reducing cost and improving security.

For cloud computing to have a truly transformative impact on federal IT, agencies will need to move many of their mission-critical systems to the cloud. This is where it becomes hard, and where the danger to fully implementing the federal cloud strategy becomes most acute.

The concern is simple. Many of these systems are patched-up versions of old design and programming techniques. They will not migrate to or run well in the cloud model in their current states. They will need to be modernized. System development and modernization projects are very risky, and the IT landscape is littered with many costly failures. To get from the federal government’s current major system inventory to cloud-based infrastructure, agencies will need to pass through this minefield. This is cloud’s dirty little secret.

What’s the Vision?

Cloud computing came to the forefront as a high-priority initiative with the February 2011 publication of the “Federal Cloud Computing Strategy.” This strategy envisions the creation of a mature and competitive marketplace in which agencies can rapidly procure access to cloud services that are secure, interoperable and reliable, and in which they can move easily among providers. The benefits will be significant cost reductions, improved IT capabilities and innovations in government IT solutions.

Simply stated, the vision for cloud is to deliver better IT solutions that will result in better government while reducing the cost of IT. That is a compelling vision. The challenge, as in most transformations, is to actually get to the intended result.

Some Historical Perspective

Over the years, federal IT has experienced successive waves of technological change. Some of us can recall the moves from mainframe-based timesharing to PCs, then to PC- and server-based networks, then to the web, and now a push toward cloud and data center consolidation. I almost get a sense of déjà vu — we moved from a centralized environment to decentralization, and now we’re going back to what will become a highly centralized environment once again.

Of course, many factors affect these transformations. The two that most affect the present are cost and security. Both should be improved by centralized IT. If we are to learn from the past, the governance and customer service capabilities of the emerging centralized environment will be more responsive to serving the needs of the IT customer. If they aren’t, the more centralized model will eventually be rejected.

The Path Forward

But the federal government can’t afford to move its large inventory of major systems to the cloud. Migrations will be costly and risky.

There is significant duplication in federal IT. Agencies have made attempts to address it, but none has been broadly successful. The strategy going forward seems clear — identify duplication, move only one system of a kind to the cloud and force other system managers to use the migrated system. Strategy and planning are the simple steps; execution is really hard.

As I recall, when the Navy implemented its Navy–Marine Corps Intranet, it required all systems to pass muster with respect to design, standards, security, etc. Many system owners chose not to migrate to NMCI due to the cost and risk inherent in doing so, and found other ways to meet their needs.

From reading press reports, I know that many NMCI users were not happy. I am not in a position to hold that program up as a successful implementation, or to label it as less than successful. I do, however, believe the approach has merit and applicability to cloud migration.

To achieve its cloud strategy, OMB needs to both migrate the government’s mission-critical systems to the cloud and reduce the inventory of major systems to be migrated. Sounds like a paradox, doesn’t it? But the path forward seems clear — put in place a strong governance process that will significantly reduce duplication before migrating major systems en masse.

That process is not found in current cloud plans — it needs to be added.


Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.