As federal agencies race to meet OMB's 'cloud first' mandate, they must adapt the cloud model to the idiosyncrasies of government.
The federal government’s cloud computing strategy reached a milestone recently when the Department of Homeland Security became the first federal agency to sign up for infrastructure as a service through the General Services Administration. But the path there wasn’t fast or easy, or anything like what was first envisioned.
Rewind to September 2009, when Vivek Kundra, the federal CIO at the time, announced the launch of Apps.gov, a GSA-operated site that would serve as an apps store where agencies could subscribe to a range of cloud services with point-and-click ease. Some apps--easy stuff like personal productivity tools--became available quickly. For example, government employees with the proper credentials can subscribe to Microsoft Exchange for $16.82 per month with USA.Net, a provider of hosted email services.
Infrastructure as a service has been a tougher nut to crack. It was a full two years from the time Apps.gov was announced until DHS last month signed up for IaaS services through a blanket purchase agreement managed by GSA. There are 10 such BPAs, providing access to cloud services from teams of service providers, including Amazon, Dell, General Dynamics, Savvis, and VMware. (See InformationWeek's guide to government cloud providers here.)
Ordering IaaS through Apps.gov isn’t the fast and easy process that it is, say, with Amazon’s EC2 service, where users can order servers and storage in a few minutes and charge them to a credit card. Apps.gov requires users to “get quotes.” And in a deal that sounds more like the old federal IT acquisition model, DHS signed a five-year, $5 million contract with CGI Federal to tap into IaaS.
So infrastructure services on Apps.gov--virtual machines, storage, Web hosting--aren’t exactly the on-demand, subscription-style services that come to mind when we think of the cloud. Is that good or bad? Let’s just say it’s different. While the ability to bid on "micro spot instances" on Amazon may appeal to startups, that may not be a viable approach for the feds.
We’re getting a better idea of what does work for government, and cloud vendors are making adjustments. In August, Amazon introduced a version of its commercial cloud services designed to meet the requirements of federal agencies. And last month, those services--EC2, S3, and Virtual Private Cloud--received the FISMA "moderate" stamp of approval.
With cloud security a make-or-break issue for federal agencies, other vendors are seeking similar certifications. Google and Microsoft have also cleared the FISMA hurdle, and Terremark recently made it through the Department of Defense’s rigorous certification and accreditation process.
Not a day goes by without some development. On Oct. 6, Congress grilled agency officials on the big question of cloud security, but that was a mere caution flag, not a reason to stop the race. As part of that testimony, DHS CIO Richard Spires outlined nine scenarios under which cloud computing will be used at his agency.
With so much happening, government IT teams must pay close attention as they move IT workloads into the cloud in compliance with OMB’s “cloud first” mandate. How can they make the right decisions? InformationWeek has created an event, GovCloud 2011, specifically for that purpose.
GovCloud 2011, to take place on Oct. 25 in Washington, D.C., at the Reagan Pavilion, will address the most pressing issues government IT teams face in making this transition. The agenda will include demos of cloud apps, a session on pitfalls and lessons learned, a discussion of private clouds and commercial cloud services, a dive into compliance issues, and more.
The day will kick off with a keynote presentation by Gus Hunt, CTO of the CIA, on how his agency is using the cloud to collaborate with other intelligence agencies. Rosio Alvarez, CIO of Lawrence Berkeley National Lab, will discuss the lab’s experience with supercomputer-class cloud services. The lineup includes IT leaders from Agriculture, GSA, NASA, NIST, the State Department, and the U.S. Marshals Service.
Federal IT pros still have much to learn about how to adapt the cloud model to the idiosyncrasies of government. Join us at GovCloud 2011 for the most up-to-date thinking from leading implementers.
John Foley is editor of InformationWeek Government.
To find our more about John Foley, please visit his page.
Join us for GovCloud 2011, a day-long event where IT professionals in federal, state, and local government will develop a deeper understanding of cloud options. Register now.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.