We already know the Department of Defense is sold on cloud computing as long as it remains internal, but what about the federal government overall? The word is that it definitely has been discussed, and at least one systems integrator thinks it can get the government on the public clouds.
The Plan
The systems integrator in question, Apptis, is working on a model that would allow government agencies to take advantage of public cloud computing offerings. According to Cameron Chaboudy, director of advanced and emerging technologies at Apptis, the offering will ease datacenter pressures by allowing agencies to operate in a hybrid computing model, offloading less-security-sensitive applications to the cloud.
Apptis CTO Phil Horvitz seizes on the cloud’s ability to handle “surges” in need, also referred to as cloudbursting. “That’s where you see the tremendous benefits of cloud computing,” he says, citing the Department of Homeland Security as a possible user in the case of a disaster. “We’re proposing a hybrid approach, where they keep their existing infrastructure and, upon surge or upon load, they go and leverage a cloud,” he explains. “It acts more like a supercharger to the application.”
Because the end result of Apptis’ efforts will be offered on providers’ own infrastructures, government users will be billed just like regular customers of whatever service they choose to use (Apptis has been in discussions with ServerVault, Amazon and Google, at least), but there will be value-adds, as well. For starters, special security considerations put in place beforehand, and Apptis hopes to be culpable for making sure SLAs are met, said Chaboudy (providers like Amazon and Google, with its first-generation App Engine offering, have conspicuously absent SLAs). In addition, he says, “We’ll watch the government systems and be able to make adjustments if we see degradation and work with the cloud providers that way to take that out of the government’s need so they can leave their resources freed up to do the [day-to-day operations].”
Aside from the extras Apptis will provide, Horvitz sees this government cloud initiative as fertile ground for other consultants, too. Most cloud providers don’t offer managed services, he notes, so companies will be able to jump in the middle and provide higher availability, cloud-enablement of existing applications and other services that might be outside the knowledge base of agency employees.
IT Budgets Stressed in Washington, Too
Like most IT organizations, government agencies are feeling pressure to change their IT acquisition models because of budget constraints, says Chaboudy. Demands keep increasing, but government IT departments have neither the money nor the willingness to just keep building new datacenters. CIOs see that things are out of control, with datacenters that are “exploding” and operational expenditures growing rapidly, and Horvitz says cloud is a great solution for addressing these concerns. Why not, he asks, buy computing for $200 per hour and have someone manage it for you rather than paying $30 million building a new infrastructure?
So far, he says, feedback has been “tremendous,” especially from CIOs (who really like now-legendary price-performance stories like what the New York Times did with Amazon EC2). Acknowledging that guys who manage the datacenters can find a million reasons to shoot this concept down, Horvitz says CIOs are listening because of their aforementioned budget pressures. Chaboudy said that Apptis usually pitches at the IT level because solutions are targeted toward solving a specific problem, but the cost advantages of cloud computing have made it more of a CIO-level pitch.
But it’s not exclusively about saving money; overall efficiency also factors into government excitement over cloud computing. Chaboudy says the paradigm helps them maximize use of current infrastructure (presumably because excess capacity can be leveraged thanks to the knowledge that the cloud is there for any additional needs), and the fact that most cloud offerings today have limited development options might encourage agencies to utilize standard operating systems and languages.
Notions of workplace respect, too, are among the reasons for adopting cloud computing. Horvitz says that the government eventually will develop standards for the delivery model, and while Apptis is taking the initiative to help define what those standards will look like, some CIOs see an opportunity to step up, show they are innovative and do the right thing early on in the process.
Umm … Security?
Let’s not be naïve, though. You can’t talk about what the government wants without mentioning the elephant in the room: security. Early on, Apptis spotted security and trust as major challenges with getting our federal agencies on board with cloud computing. As Chaboudy put it, “Nobody wants to be on the front page of the Washington Post [because of a security lapse].” Apptis’ government cloud offering, he adds, really is based around educating the various stakeholders within the government and helping them get over these security challenges.
Chaboudy says all government workloads are subject to some degree of regulations, but Apptis thinks it can adapt in the near term to get the government leveraging external clouds, at least minimally, sooner rather than later. In the longer term, Apptis wants to help define the currently nonexistent government policies and procedures for cloud computing. Horvitz cites FISMA (Federal Information Security Management Act) as a regulation that still tells agencies what they can and cannot do, but was written before cloud computing was even an option. He says organizations like the Information Technology Association of America (ITAA) are looking into what federal cloud standards might look like and “[p]robably within a year or two, you’ll see the recommendations coming out of ITAA for what you have to have to be compliant for a commercial cloud for the government.”
In the end, Chaboudy believes cloud computing might even spur an evolution in the federal government’s security culture. “Traditionally, it’s been a system-based security thing, where now you’ve almost really got to break it apart and look at each individual component, and how you put security around each individual component versus an entire system,” he says.
As a concrete step to get the security piece right from the beginning, Apptis has consulted with ServerVault, a managed hosting provider with a targeted federal offering and much experience meeting security requirements like the aforementioned FISMA.
And even though Apptis is willing to put in a lot of work to make a cloud secure should an agency decide to use it, Horvitz says there are certain requirements cloud providers will have to meet. One of those requirements (which likely will not fly in the DoD, at least), probably will be cordoning off a piece of the cloud specifically for government use. This allows certain security features to be wrapped around that section of infrastructure, Horvitz says, and will allow the appropriate parties to monitor where, exactly, the government’s data is being stored and processed. Additional requirements obviously will be put in place, which might include controlling access to the computer rooms housing the government machines.
Cloud Providers Are On Board
Apptis has talked to Amazon and Google, among other cloud providers, and Horvitz says they, too, have responded well. One reason is that providers already have federal sales divisions and are seeking ways to expand these divisions’ sales into cloud offerings, says Chaboudy. In the case of Google, government users already are using Google Docs and Google Apps, but in unrelated and, often times, unapproved manners. Horvitz says Google wants capture this revenue legitimately, but the previously discussed security and privacy concerns act as hindrances.
Apptis playing the part of middleman helps ease providers’ minds, too. “When I explain to them that they don’t have to do much to capture a lot incremental revenue from the federal government,” says Horvitz, “they’re very interested.”
Internally: Federated Infrastructure = Federated IT
Although Horvitz acknowledges the federal government has been slow in cloud uptake, it appears likely that cloud computing eventually will penetrate the federal government. The remaining question is what that strategy will look like: will each agency use public clouds however and whenever they see fit, or will each build its own cloud a la DISA (Defense Information Systems Agency)?
Horvitz says DISA’s RACE (Rapid Access Computing Environment) initiative is a big step in the right direction, and other agencies are taking notice and are starting to think about clouds when they buy new stuff. They will really reap the rewards when they can leverage public clouds, too, he added. (Apptis holds one of four processing contracts for RACE.)
DISA CIO John Garing has an idea of how the government might best take advantage of the cloud revolution. He suggests eliminating intra-agency IT departments and forming a single entity that provides IT services to all federal agencies. While DISA can serve its three military departments and four services easily enough with its cloud infrastructure, Garing suggests it might be a more challenging prospect within the Department of Homeland Security, for example, which has more than 20 divisions to manage. This solution would help to eliminate the heterogeneity, complexity and unnecessary costs that permeate datacenters, he says — concerns that DISA hopes its RACE cloud will curb within the DoD. “It seems to me that the successful CIOs … own IT — money and people,” he added, “and the business units don’t.”
Garing says the White House and Congress would have to initiate such a sweeping overhaul, and while they are interested, that it will happen is far from a guarantee. Even so, assuming interagency privacy concerns were met, Garing said, “If I were king for a day, I would definitely do something like that.”