David McClure is used to lofty goals. It’s his job to help the federal government move one-fourth of its $80 billion annual IT budget to cloud services.
“We’ve spent the last two years trying to whittle away at some of the roadblocks for cloud computing,” says McClure, associate administrator of the General Services Administration’s Office of Citizen Services and Innovative Technologies (OCSIT). “There are a lot of challenges, and we are working with the Office of Management and Budget and the CIO Council to address them.”
Moving IT services to the cloud is complex and requires agencies to address security, privacy, legal, contractual and cultural issues, but GSA’s many cloud efforts are paving the way to increased adoption, he says.
That includes creating the Apps.gov web storefront for agency purchases of cloud services, working with GSA’s Federal Acquisition Service to create new contract vehicles that simplify the acquisition process and spearheading the Federal Risk and Authorization Management Program. The interagency effort, also known as FedRAMP, provides a uniform approach to authorizing cloud services and a set of security standards and continuous monitoring requirements to which cloud providers must adhere.
In 2009, GSA launched the Federal Cloud Computing Program Management Office, through which McClure and his team promote cloud initiatives, share cloud implementation best practices among agencies and help develop governmentwide consensus on cloud security standards.
The office provides analysis to OMB and the CIO Council on cloud issues and works with GSA’s Federal Acquisition Service to shape contracts for cloud services, such as the infrastructure as a service (IAAS) blanket purchase agreement in 2010 that allowed 11 vendors to provide services to the government.
More recently, McClure and GSA CIO Casey Coleman advised the Federal Acquisition Service in developing plans for a blanket purchase agreement that will make it easier for other agencies to procure cloud-based e-mail.
“We are trying to become an obstacle remover, if you will, through awareness building, leading by example and by sharing best practices and highlighting what other agencies are doing to show how roadblocks can be effectively addressed,” he says.
McClure sees momentum in federal adoption of secure, reliable cloud computing. Initially, many agencies have turned to public IAAS providers to host their public-facing websites, which is fairly simple to do and characteristic of low-risk security profiles. Now, more agencies are beginning to investigate commoditized applications to the cloud, such as e-mail, customer relationship management, human resources and financial management, he says.
In the future, as security, privacy and other concerns are mitigated with trusted solutions appropriately matched to data risk management profiles, agencies may move more core mission work to the cloud, he says.
Private clouds — as well as community clouds, where multiple agencies can share services — are the next growth areas, McClure says. “Multitenant solutions carry a lot of cost savings potential, which is attractive in budget-constrained environments. We will see more of that in government.”