Looking back to move forward

Alastair Mitchell argues it is a good time to revisit the goals and guidelines of the Federal Cloud Computing Strategy.

Huddle CEO Alastair Mitchell says cloud mandates are needed to prevent technological backsliding.

Three years ago Vivek Kundra unveiled the Federal Cloud Computing Strategy. The strategy set out to transform the government's existing IT environment, which was "characterized by low asset utilization, a fragmented demand for resources, duplicative systems, environments which are difficult to manage and long procurement lead times." Cloud computing would be the change agent and transform federal IT for the better.

With Kundra estimating 25 percent of the government's $80 billion annual IT spend could be migrated to cloud computing services, it would only be a matter of time before agencies could reap the rewards of the cloud's key benefits: efficiency, agility and innovation. To accelerate cloud computing adoption, the cloud-first policy was instituted to ensure cloud services were evaluated prior to any new IT investments being made.

The cloud-first policy set out a practical vision for how the U.S. government could deliver more value for the same dollars spent and drive innovation. It heralded a new era in government IT and set a shining example for governments worldwide. The UK followed suit last year and mandated that central government departments must examine whether innovative cloud technologies could be deployed before any other new IT solutions were adopted.

In my mind, these mandates are vital. Without cloud being pushed from the top down, it will simply be rejected in favor of the old technologies that agency procurement teams are used to. Worryingly, it seems little has been achieved.

A survey of 286 federal executives on cloud services, carried out by Accenture, reveals that only 10 percent of agencies questioned have moved more than half of their IT portfolio to the cloud. More concerning is that less than half of people (43 percent) are even familiar with their agency's cloud strategies. Just 30 percent claimed to be implementing a strategy and just 4 percent of agencies admitted building out new cloud platforms -- most of which are private. According to the Government Accountability Office, only one of the 20 cloud migration plans submitted for approval in 2012 has been completed.

So what's holding agencies back from cloud adoption? Privacy and security concerns remain the key challenges (30 percent) and 24 percent of respondents  cited investments in legacy IT systems as a barrier to the cloud. There is also a belief that agencies lack the necessary staffing to roll out cloud services (69 percent) and 31 percent blamed lengthy procurement processes. Clearly, cloud computing is still surrounded by confusion and many of the barriers -- such as security and privacy –have yet to be overcome.

The fact that many of the agencies moving to the cloud are moving only to private clouds -- 23 percent private versus 12 percent public cloud -- is also missing the point. Although it's described as "cloud," private cloud is effectively the same as the legacy ICT systems used previously -- it sits behind the corporate firewall and is accessible only to members of a single organization. This means that information remains siloed, and it is still a challenge for cross-agencies teams to work together effectively and share information securely with one another. And the fact that it is accessible only to one organization does not make a private cloud inherently safer than public cloud offerings -- it's defined by privacy rather than ownership, location or management. Public cloud offerings that have been built specifically for government organizations are ready to be used now. If agencies wish to, they can start with smaller, pilot deployments before committing to an organization-wide roll out -- this is the approach that a few forward-thinking agencies have taken. So what can be done to reassure and encourage government to adopt public cloud technologies?

First and foremost, cloud implementations must start from the inside and move out, rather than the other way round -- and a real cultural shift must take place within agencies when it comes to buying IT services. Old habits die hard, and if given the option to purchase so-called cloud offerings from the vendors that have long-dominated the government ICT space, executives will. In many instances, all that's happening is cloud-washing; vendors are simply rebranding their old offerings using the word "cloud".

There are many start-ups and true cloud innovators, however, that are dedicated to producing services for government organizations from the outset, focusing on the correct security compliance and accreditations -- FISMA and FedRAMP for example. Such companies combine the innovation and agility of the cloud with the stringent security requirements of government agencies, and may also have partnerships that can provide an additional reassurance. In-Q-Tel, for example, engages with companies to identify, adapt and deliver innovative solutions to the U.S. Intelligence Community.

Another thing to keep in mind is that adopting cloud technology doesn't mean you have to rip out and replace all of your on-premise, legacy IT systems. In many cases, this isn't financially viable and there may be regulatory compliance issues that make placing certain types of data in the public cloud impossible. However, cloud and on-premise systems can work hand-in-hand, serving different purposes. Secure cloud services lend themselves to mobile and remote working, enabling people to work when on the move and share information securely with people across the firewall. On-premise systems can be used for content at a different stage in its life, when record automation and archiving come into play.

To truly capitalize and turn the "cloud first" vision into a reality, agencies must be willing to look to the new guard of government technologies. It's now time -- for the sake of both cost efficiencies and innovation  -- find the courage to do things differently, and look back at the original goals of the policy and recommendations in order to move forward.