HealthCare.gov Snafu: Not That Hard To Believe

Glitch (noun) \ˈglich\: an unexpected and usually minor problem; especially: a minor problem with a machine or device (such as a computer) Source: m-w.com

It is difficult to turn on the news lately without some mention of the HealthCare.gov website. There are a lot of people talking who don't know a whole lot about complex systems, occasionally punctuated with smart commentary from an industry expert. Most of the conversation centers on how "unbelievable" it is that the centerpiece of the Affordable Care Act doesn't work.

In reality, it is not that hard to believe. Study after study has shown that the majority of complex IT projects either fail or don't meet expectations. Many of the reasons why these projects fail are embodied in what we have heard about HealthCare.gov:

In the age of cloud computing, you hope that these problems can be better addressed. To be clear, I am not saying that HealthCare.gov should have been written as a cloud-delivered website. Although down the road that type of rewrite may be in order, the traditional three-tier web architecture employed in HealthCare.gov should be more than flexible and scalable enough to handle this type of application (there have been a number of good articles written on the architecture).

[Read our complete coverage of the HealthCare.gov launch here.]

What I am saying is that leveraging cloud-delivered services would have helped in the overall stability and success of the website, and probably still can going forward. The advantage of a cloud-delivered service is it doesn't require installation, setup, and administration onsite. In a project that is behind schedule and over budget, cloud services can bring capability without delay and possibly save expense. Let me give you some examples:

Development. You don't have to be developing for the cloud to be developing in the cloud. Leveraging IaaS solutions as a part of any development project yields a number of benefits. First, startup time is a fraction of what it takes vs. procuring, configuring, and integrating the compute and storage resources required for a large IT project. Second, you pay just for what you use and have instant scalability. Finally, the ability to "clone" an entire system and spin it up quickly is a huge timesaver for the team doing quality assurance. With most major vendors having federal government-approved cloud services, this type of approach should be workable.

Performance. There was a great interview on Bloomberg TV with Maha Ibrahim of Canaan Partners, discussing the problems with HealthCare.gov and the potential role of cloud-based web testing. She referred to the company SOASTA (pronounced so-sta) which uses compute power from cloud IaaS providers in order to create thousands of simulated users. With a cloud-based performance testing approach, you can create true high-volume stress tests and find the bugs before going live. 

Security. At a recent House subcommittee testimony, a commenter said there were "at least 16 attempts" to hack into the system. David Kennedy of Trusted SEC responded to this by saying "what this statement shows is the lack of a formal detection and prevention capability within the website and its infrastructure," as 16 is an extremely low number for this type of system. Cloud-based (SaaS) systems, which provide threat detection and management for a website, are becoming the new standard. The advantage of a SaaS solution is that it can be deployed quickly and scale as the site scales. These systems are by no means a solution for internal security and data privacy issues, but provide another layer of external protection for the website.

I should add this disclaimer: I have no inside knowledge of the HealthCare.gov project, so some of what I am suggesting may already be in place.

Please post your comments below, and you can follow me on Twitter @rictelford as I track a lot of the happenings in the world of cloud, or look me up on LinkedIn.

Moving email to the cloud has lowered IT costs and improved efficiency. Find out what federal agencies can learn from early adopters. Also in the The Great Email Migration issue of InformationWeek Government: Lessons from a successful government data site. (Free registration required.)