Snafu: Not That Hard To Believe - InformationWeek
Cloud // Infrastructure as a Service
01:28 PM
Ric Telford
Ric Telford
Connect Directly
50% Snafu: Not That Hard To Believe

Leveraging cloud-delivered services would have helped in the overall stability and success of the website, and probably still can going forward.

Glitch (noun) \ˈglich\: an unexpected and usually minor problem; especially: a minor problem with a machine or device (such as a computer) Source:

It is difficult to turn on the news lately without some mention of the website. There are a lot of people talking who don't know a whole lot about complex systems, occasionally punctuated with smart commentary from an industry expert. Most of the conversation centers on how "unbelievable" it is that the centerpiece of the Affordable Care Act doesn't work.

In reality, it is not that hard to believe. Study after study has shown that the majority of complex IT projects either fail or don't meet expectations. Many of the reasons why these projects fail are embodied in what we have heard about

  • Late changing requirements
  • Poor design choices
  • Inadequate project risk management
  • Insufficient QA/system testing

In the age of cloud computing, you hope that these problems can be better addressed. To be clear, I am not saying that should have been written as a cloud-delivered website. Although down the road that type of rewrite may be in order, the traditional three-tier web architecture employed in should be more than flexible and scalable enough to handle this type of application (there have been a number of good articles written on the architecture).

[Read our complete coverage of the launch here.]

What I am saying is that leveraging cloud-delivered services would have helped in the overall stability and success of the website, and probably still can going forward. The advantage of a cloud-delivered service is it doesn't require installation, setup, and administration onsite. In a project that is behind schedule and over budget, cloud services can bring capability without delay and possibly save expense. Let me give you some examples:

Development. You don't have to be developing for the cloud to be developing in the cloud. Leveraging IaaS solutions as a part of any development project yields a number of benefits. First, startup time is a fraction of what it takes vs. procuring, configuring, and integrating the compute and storage resources required for a large IT project. Second, you pay just for what you use and have instant scalability. Finally, the ability to "clone" an entire system and spin it up quickly is a huge timesaver for the team doing quality assurance. With most major vendors having federal government-approved cloud services, this type of approach should be workable.

Performance. There was a great interview on Bloomberg TV with Maha Ibrahim of Canaan Partners, discussing the problems with and the potential role of cloud-based web testing. She referred to the company SOASTA (pronounced so-sta) which uses compute power from cloud IaaS providers in order to create thousands of simulated users. With a cloud-based performance testing approach, you can create true high-volume stress tests and find the bugs before going live. 

Security. At a recent House subcommittee testimony, a commenter said there were "at least 16 attempts" to hack into the system. David Kennedy of Trusted SEC responded to this by saying "what this statement shows is the lack of a formal detection and prevention capability within the website and its infrastructure," as 16 is an extremely low number for this type of system. Cloud-based (SaaS) systems, which provide threat detection and management for a website, are becoming the new standard. The advantage of a SaaS solution is that it can be deployed quickly and scale as the site scales. These systems are by no means a solution for internal security and data privacy issues, but provide another layer of external protection for the website.

I should add this disclaimer: I have no inside knowledge of the project, so some of what I am suggesting may already be in place.

Please post your comments below, and you can follow me on Twitter @rictelford as I track a lot of the happenings in the world of cloud, or look me up on LinkedIn.

Moving email to the cloud has lowered IT costs and improved efficiency. Find out what federal agencies can learn from early adopters. Also in the The Great Email Migration issue of InformationWeek Government: Lessons from a successful government data site. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/4/2013 | 8:15:27 PM
Great point made in this post. There are a number of IT projects that are not finished or mishandled. The government is not immune to such issues. That is not an excuse but to Ric's point its not surprising. Hopefully the site is on its way to perform like it should.
David F. Carr
David F. Carr,
User Rank: Author
12/4/2013 | 6:09:28 PM
Thanks for sharing that Civic Agency link
Thanks for sharing the link to the Civic Agency blog, which I hadn't seen.

There's also an interesting follow up here on the role of open source early on in the project and how sharing of code between the state and federal exchanges seems to have fallen by the wayside:
Register for InformationWeek Newsletters
White Papers
Current Issue
Cybersecurity Strategies for the Digital Era
At its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll