Cloud // Infrastructure as a Service
Commentary
12/4/2013
01:28 PM
Ric Telford
Ric Telford
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

HealthCare.gov Snafu: Not That Hard To Believe

Leveraging cloud-delivered services would have helped in the overall stability and success of the HealthCare.gov website, and probably still can going forward.

Glitch (noun) \ˈglich\: an unexpected and usually minor problem; especially: a minor problem with a machine or device (such as a computer) Source: m-w.com

It is difficult to turn on the news lately without some mention of the HealthCare.gov website. There are a lot of people talking who don't know a whole lot about complex systems, occasionally punctuated with smart commentary from an industry expert. Most of the conversation centers on how "unbelievable" it is that the centerpiece of the Affordable Care Act doesn't work.

In reality, it is not that hard to believe. Study after study has shown that the majority of complex IT projects either fail or don't meet expectations. Many of the reasons why these projects fail are embodied in what we have heard about HealthCare.gov:

  • Late changing requirements
  • Poor design choices
  • Inadequate project risk management
  • Insufficient QA/system testing

In the age of cloud computing, you hope that these problems can be better addressed. To be clear, I am not saying that HealthCare.gov should have been written as a cloud-delivered website. Although down the road that type of rewrite may be in order, the traditional three-tier web architecture employed in HealthCare.gov should be more than flexible and scalable enough to handle this type of application (there have been a number of good articles written on the architecture).

[Read our complete coverage of the HealthCare.gov launch here.]

What I am saying is that leveraging cloud-delivered services would have helped in the overall stability and success of the website, and probably still can going forward. The advantage of a cloud-delivered service is it doesn't require installation, setup, and administration onsite. In a project that is behind schedule and over budget, cloud services can bring capability without delay and possibly save expense. Let me give you some examples:

Development. You don't have to be developing for the cloud to be developing in the cloud. Leveraging IaaS solutions as a part of any development project yields a number of benefits. First, startup time is a fraction of what it takes vs. procuring, configuring, and integrating the compute and storage resources required for a large IT project. Second, you pay just for what you use and have instant scalability. Finally, the ability to "clone" an entire system and spin it up quickly is a huge timesaver for the team doing quality assurance. With most major vendors having federal government-approved cloud services, this type of approach should be workable.

Performance. There was a great interview on Bloomberg TV with Maha Ibrahim of Canaan Partners, discussing the problems with HealthCare.gov and the potential role of cloud-based web testing. She referred to the company SOASTA (pronounced so-sta) which uses compute power from cloud IaaS providers in order to create thousands of simulated users. With a cloud-based performance testing approach, you can create true high-volume stress tests and find the bugs before going live. 

Security. At a recent House subcommittee testimony, a commenter said there were "at least 16 attempts" to hack into the system. David Kennedy of Trusted SEC responded to this by saying "what this statement shows is the lack of a formal detection and prevention capability within the website and its infrastructure," as 16 is an extremely low number for this type of system. Cloud-based (SaaS) systems, which provide threat detection and management for a website, are becoming the new standard. The advantage of a SaaS solution is that it can be deployed quickly and scale as the site scales. These systems are by no means a solution for internal security and data privacy issues, but provide another layer of external protection for the website.

I should add this disclaimer: I have no inside knowledge of the HealthCare.gov project, so some of what I am suggesting may already be in place.

Please post your comments below, and you can follow me on Twitter @rictelford as I track a lot of the happenings in the world of cloud, or look me up on LinkedIn.

Moving email to the cloud has lowered IT costs and improved efficiency. Find out what federal agencies can learn from early adopters. Also in the The Great Email Migration issue of InformationWeek Government: Lessons from a successful government data site. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PaulS681
50%
50%
PaulS681,
User Rank: Ninja
12/4/2013 | 8:15:27 PM
projects
Great point made in this post. There are a number of IT projects that are not finished or mishandled. The government is not immune to such issues. That is not an excuse but to Ric's point its not surprising. Hopefully the site is on its way to perform like it should.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
12/4/2013 | 6:09:28 PM
Thanks for sharing that Civic Agency link
Thanks for sharing the link to the Civic Agency blog, which I hadn't seen.

There's also an interesting follow up here on the role of open source early on in the project and how sharing of code between the state and federal exchanges seems to have fallen by the wayside:

http://www.civicagency.org/2013/10/the-health-exchanges-open-source-collaboration-among-states-and-federal-government/
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.