On July 18, I had the opportunity to attend a half-day GTSI / Federal Computer Week sponsored seminar titled “Making Cloud a Reality – How to Procure, Migrate and Adapt to the Government Cloud.” Speakers from the Department of State, GSA, DHS, NASA, NIH and the legislative branch shared their first-hand experiences on implementing cloud computing to reduce costs and increase efficiencies, as well as various cloud procurement challenges. I wanted to bring up a few important nuggets of information that I gathered from these esteemed speakers.
One of the keynote presentations I really enjoyed listening to was given by Dave McClure (Assistant Administrator, Office of Citizen Services and Innovative Technologies, GSA). Dave is a very dynamic and charismatic speaker and he offered some really good insights and lessons learned, including that “cloud is not faith-based computing.” What he was alluding to is that when agencies migrate their applications to the cloud, they must be fully aware of the security/privacy risks and compliance requirements. Agencies should address the non-negotiable security factors with their Cloud Service Providers before the migration to cloud begins, ensuring that the vendor meets all established federal security requirements.
Another important suggestion focused on the importance of following best practices and implementing continuous monitoring capabilities. Continuous monitoring enables constant visibility into a continuous stream of near real-time snapshots of the state of security risk to agency data, the network, end points, as well as cloud devices and applications. Continuous monitoring is so critical that it is likely to make its way into the new Cybersecurity Act of 2012 and the upcoming FISMA reforms. Finally, Dave shared a best practices document that is definitely worth reading – “Effective Cloud Computing Contracts for the Federal Government.”
Another interesting speaker on the agenda was Keith Trippie (Executive Director of the Enterprise System Development Office, DHS OCIO), who noted that it is important for agencies to understand their SLAs, standardize their cloud solutions and adhere to FedRAMP from a security perspective.
Cloud computing is indeed a business model shift and several agencies have already started their journey to the cloud. A recent OMB report estimated that within one year, 25 federal agencies will have migrated a total of 78 systems to the cloud, with email serving as the top application. Other common workloads being migrated include website hosting, document management and geospatial services. Many agencies have now started migrating sensitive workloads to the cloud. For example, the Department of Labor has already migrated their enterprise wide legacy COBOL-based financial systems to a SaaS cloud. The entire migration took about 18 months and about $10M, and is expected to save the agency millions of dollars. The Department of Veterans Affairs (VA) is now using a customer facing application supported by cloud development, testing and hosting environments for processing veterans’ education, compensation and pension claims. The VA has been able to create new applications and interfaces with this cloud service and has been able to cut education claims processing time by almost 40%.
Are you ready to leverage the benefits of cloud for your applications? Time has come to start embracing the best practices and lessons learned through other agencies’ journey to the cloud. Let me know your thoughts. Follow me on Twitter at GTSI_Architect.