Simple advice for tackling the complexities of cloud

CIOs puzzling over the tangle of services, contracting issues and other complexities that encircle the ongoing federal adoption of cloud services should keep a simple thought in mind, said one agency IT manager.

That thought is "understand your consumer," said Robert King, program manager for IT systems modernization and integration at the Department of Homeland Security. Combined with a solid grasp of the agency's overall goals, that knowledge goes a long way in deciding how best to adopt cloud capabilities.

According to King and others who participated in a Dec. 9 panel discussion on application modernization and cloud services, federal agencies are still on a learning curve for cloud adoption. Experience is limited, and in many cases, there's a "build the airplane as we're rolling down the runway" approach, King said.

Operating in a cloud-hosted, multi-tenant environment takes some getting used to, he added. Actions by one tenant can easily affect another, and change management can present challenges. He said his team developed a night caching application for one of his cloud-hosted data warehouses only to find that the application broke another tenant's dashboard.

Such situations demand some coordination among users because "the elasticity isn't there yet" for cloud services to coexist seamlessly, he said.

The list of complexities that can trip up agency IT managers is long, but the National Institute of Standards and Technology is identifying some common approaches to solutions, said Eric Simmon, a NIST systems expert and co-chairman of the agency's Cloud Computing Forensic Science Working Group. Toward that end, the agency unveiled the final version of the U.S. Government Cloud Computing Technology Roadmap in October. It lists 10 requirements for cloud adoption, each of which has a list of priority action plans and target completion dates.

Such efforts are helpful, but the panelists agreed that agencies are still grappling with the many technical and policy issues that cloud adoption has pushed to the surface.

Take, for example, the "inside" and "outside" brokers who handle cloud implementation issues within the agency and with vendors, said Curtis Levinson, U.S. cyber defense adviser to NATO. Those two jobs are important, but they probably should not be performed by the same person. Instead, Levinson said the positions should be thought of like real estate agents in a business negotiation: The "inside" broker should represent the agency, while the "outside" broker represents the provider.

Another issue being addressed is standardized language for service-level agreements to ensure optimum cloud performance. The loose terms used in cloud implementation can confound contracting officers. Defining "flexibility" and "elasticity" in a contract is no easy feat, Levinson said.

King, Levinson and Simmon said cloud technology can offer agencies significant savings and expand their capabilities, but understanding the multiple crosscurrents in implementing and using the technology is essential. Not doing so tends to cancel out cloud's cost savings and efficiencies.

"If you don't get cloud right, it could make you broker," Levinson quipped.