Federal agencies have tough decisions to make as they move past the low-hanging fruit and start migrating older and more interconnected systems to the cloud.
Three Strategies to Accelerate Your Agency's Migration to the Cloud
1. 1
1
Since releasing the Federal Cloud Computing
Strategy in 2011, the federal government has
focused its technology management strategy on
migrating mission-critical operations to the cloud1
to address an IT environment characterized by
poor asset utilization, duplicative systems, and a
slow procurement process.2 The cloud’s potential
to enhance federal agencies’ efficiency, agility, and
capacity for innovation cannot be overstated. In
an era of stagnant IT budgets and a growing
capabilities gap between private and public
sectors, cloud computing offers the federal
government the opportunity to reach an
increasingly interconnected and mobile public, as
well as to save billions and simplify the IT
procurement process.
As is often the case with transitions of this scale,
cloud migration has had its share of challenges. In
a January 2014 Government Business Council
study, 49 percent of federal executives responded
that their agency had migrated less than ten
percent of its application portfolio, citing concerns
over security, data ownership, budgeting, and
expertise gaps.3 Although cloud migration might
seem imposing and lend itself to endless
strategizing, agencies have demonstrated that
they are capable of deploying cloud services in a
matter of months, not years. Those most
successful have focused on three key areas:
selecting high-value and high-readiness
applications for migration, assessing their service
THREE STRATEGIES TO ACCELERATE YOUR
AGENCY’S MIGRATION TO THE CLOUD
2
and deployment needs, and aligning those
requirements with available budgetary resources.
Selecting Applications for Cloud Migration
The Federal Cloud Computing Strategy was
designed as a reference for how agencies should
approach their transitions to the cloud, but it also
specifies the criteria that should be used to
prioritize applications for accelerated migration:
value and readiness. Agencies are more likely to
realize value when targeting applications able to
make an immediate impact through improving
resource utilization, scalability, and customer
satisfaction. Similarly, cloud-ready applications
have trusted security credentials, are already
virtualized or easily virtualized, approaching the
end of their lifecycles, and easily separable from
other systems.4
Going boldly where few agencies had gone before,
NASA began experimenting with cloud computing
as early as 2008. NASA’s greatest cloud success
story came in 2012 in the midst of preparing for the
rover Curiosity’s arrival on Mars. To achieve its
goal of delivering live video feed of the landing to
AS FEDERAL AGENCIES MOVE PAST
“CLOUD FIRST,” DECISIONS OVER
CLOUD-READY APPLICATIONS, SERVICE
MODELS, AND BUDGETING LOOM LARGE
2. 2
3
the public, NASA required flexibility and rapid
scalability of computing resources.5 CTO Tom
Soderstrom selected the agency’s imaging and
public engagement applications as high-value,
high-readiness candidates for migration. The
cloud allowed NASA to seamlessly bring its Mars
broadcast to millions of viewers worldwide, and
NASA continues to host its user portal via public
cloud at costs much lower than on its own
infrastructure.6
Evaluating Cloud Service and Deployment Models
Once an agency selects the applications and
capabilities destined for migration, the next major
challenge is designing a portfolio of cloud service
and deployment models that optimizes its
requirements for security, data ownership, and
cost savings. Agencies can choose from multiple,
distinct cloud tiers based on the expected
utilization of those services. Systems
administrators might choose infrastructure
(IaaS), which includes processing, storage, and
networking resources, or platforms (PaaS), which
include tools and an operating system supported
by the cloud service provider (CSP), in order to
develop customized applications for agency
personnel. Alternatively, if the primary consumers
are end-users, cloud-based software applications
(SaaS) hosted by the CSP may supply the most
rapidly deployable turnkey solution.7
An agency may then choose to deploy a private,
public, or community cloud solution. A private
cloud is often hosted on-premises and typically
offers greater control over sensitive data, while
public clouds are managed by the CSP and allow
agencies to pay for services solely on the basis of
utilization.8 The following cases illustrate how
cloud service and deployment models can vary
based on their intended usership and function.
In May 2012, the U.S. Marine Corps (USMC)
released its strategy to deploy a private cloud
through the Marine Corps Enterprise Information
Technology Services (MCEITS) program. The goal
4
of MCEITS is to provide universal access to USMC
data and applications, particularly in forward-
deployed and potentially hostile environments
with severe bandwidth limitations.9 By choosing a
private cloud environment built on top of a
commercial IaaS solution, the USMC can achieve
optimal security and data ownership, while
providing service members with command and
control capabilities as well as email, file sharing,
and video conferencing. In addition, MCEITS
gives USMC administrators rapid access to scale-
up or scale-down capacity as needed, ensures
savings through resource pooling and data center
consolidation, and reduces the manpower needed
to maintain its networks.10
On the other end of the spectrum, in late 2010 the
Department of State chose to deploy a cloud-
based electronic library to provide access to
documents and country resources stored in
databases worldwide. A public SaaS solution was
optimal for two reasons. First, the documents
were already in the public domain, and based on
their low FISMA security rating, required minimal
centralized data management. Second, users were
primarily domestic and overseas staff members
who required minimal custom functionality aside
from a self-service check-out tool.11 By accurately
assessing its service needs, DoS was able to deploy
the electronic library on-time and at-cost, while
meeting all major milestones and performance
goals.
“IN A 2014 GOVERNMENT BUSINESS
COUNCIL STUDY, 49 PERCENT OF
FEDERAL EXECUTIVES RESPONDED THAT
THEIR AGENCY HAD MIGRATED LESS
THAN TEN PERCENT OF ITS APPLICATION
PORTFOLIO, CITING CONCERNS OVER
SECURITY, DATA OWNERSHIP,
BUDGETING, AND EXPERTISE GAPS.”
3. 3
About GBC
Government Business Council (GBC), the research arm of
Government Executive Media Group, is dedicated to advancing
the business of government through analysis and insight. GBC
partners with industry to share best practices with top
government decision-makers, understanding the deep value
inherent in industry’s experience engaging and supporting
federal agencies.
About General Dynamics Information Technology
Leveraging our expertise and best practices in cloud computing,
virtualization, and shared services support, General Dynamics IT
facilitates your agency’s move to the cloud with minimum risk.
We help you outline the right strategies, build virtualization
solutions, and implement and manage the complete cloud
computing environment. Learn more at www.gdit.com/cloud.
3
5
Aligning Budgetary Resources with Cloud Services
A remaining challenge for federal agencies is
deciding how to pay for cloud migration. Of roughly
$80 billion in annual federal IT spending, an
estimated $20 billion is a potential target for
agencies seeking to migrate operations to the
cloud.12 However, only about $3 billion of that total
will actually go toward cloud services, according to
Office of Management and Budget cloud computing
manager Scott Renda, who cited difficulties in
certifying CSPs for security compliance and in
reforming the way some agencies procure IT.13 Prior
to the cloud era, government acquisitions offices
customarily purchased computing, storage, and
other IT assets as capital expenditures (CapEx) and
must now shift to procuring cloud services as an
operations expenditure (OpEx) – similar to a
standard utility.
One way agencies have adapted to their new
environment is through redesigning contract
vehicles to pay for infrastructure, platforms, and
software as services. GSA’s IaaS Blanket Purchase
Agreement (BPA), for instance, streamlines the
purchasing process through eliminating the need for
agencies to independently certify potential vendors
for cybersecurity compliance, negotiate service level
agreements (SLAs), and define data ownership
rights.14 Instead, CSPs pre-compete for contracts for
specific IaaS functions including cloud storage,
virtualization, and web hosting. If they meet the
necessary security qualifications, vendors can be
pre-certified by GSA. By centralizing its cloud
acquisition process through BPA, DHS for instance,
6
was able to dramatically shrink its infrastructure
costs, reduce procurement lead-time, and boost
confidence in the security of its cloud data.15
Tomorrow’s Forecast? Heavy Cloud Coverage
After three years of deliberate progress following
release of the Federal Cloud Computing Strategy,
federal agencies are preparing to migrate larger
portions of their application portfolios into a wider
array of cloud service and deployment models.
Despite the fact that 75 percent of government
cloud spending remains directed toward private
cloud deployment, the public cloud market has
matured rapidly since “Cloud First.”16 As IT
security officials gain greater confidence in
negotiating SLAs and in certification programs
like FedRAMP, public cloud and PaaS will likely
begin to comprise a greater share of total
spending.17 In the coming years, federal agencies
will face difficult decisions over whether the
benefits of migrating older and more complex
legacy applications outweigh the potential risks of
service disruptions or permanent functionality
deficiencies. Similarly, federal, state, and local
governments are increasingly looking to cloud
brokerage as a more cost-effective means of
delivering and managing cloud services.
As agencies continue their efforts to address their
cloud challenges, OMB’s Scott Renda reminds
federal leaders that they need to plan to expand
cloud services as the foundation of their twenty-
first century IT architecture: “it’s definitely here to
stay, and it’s only going to get bigger.”18
4. 4
Sources
1. The National Institute of Standards and Technology defines “the cloud” as “a model for enabling
ubiquitous, convenient, on-demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and servers) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.” see: Peter Mell and
Timothy Grance, “The NIST Definition of Cloud Computing” U.S. Department of Commerce: September
2011 http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
2. Vivek Kundra, “Federal Cloud Computing Strategy.” Executive Office of the President: February 8, 2011
p.1 https://cio.gov/wp-content/uploads/downloads/2012/09/Federal-Cloud-Computing-Strategy.pdf
3. “The Road Ahead: Three Years After Cloud First.” Government Business Council: January 2014
4. Kundra, “Federal Cloud Computing Strategy.” 2011 p.11-15
5. Matt Weinberger, “NASA JPL: The Business Case for Taking the Cloud to Mars.” Citeworld: April 24,
2014 http://www.citeworld.com/article/2149000/cloud-computing/nasa-jpl-the-business-case-for-
taking-the-cloud-to-mars.html
6. Michael Endler, “NASA Mars Mission Fueled by Amazon Web Services.” InformationWeek: August 10,
2012: http://www.informationweek.com/cloud/nasa-mars-mission-fueled-by-amazon-web-
services/d/d-id/1105741
7. “Creating Effective Cloud Computing Contracts for the Federal Government.” CIO and CAO Council:
February 2012 p.5 https://cio.gov/wp-content/uploads/downloads/2012/09/cloudbestpractices.pdf
8. Mell and Grance, “The NIST Definition of Cloud Computing.” 2011 p.7
9. “Marine Corps Private Cloud Computing Environment Strategy.” United States Marine Corps: May 15,
2012 p.1
http://www.hqmc.marines.mil/Portals/156/Newsfeeds/SV%20Documents/Marine_Corps_Private_Clo
ud_Computing_Environment_Strategy_15_May_2012.pdf
10. “Marine Corps Private Cloud Computing Environment Strategy.” 2012 p.4-5
11. “Progress Made but Future Cloud Computing Efforts Should Be Better Planned.” GAO: 2012 p.29
12. “Progress Made but Future Cloud Computing Efforts Should Be Better Planned.” GAO: 2012 p.7
13. William Jackson, “Forget fad. The cloud is real, it’s here and it’s growing.” Government Computer
News: May 13, 2014 http://gcn.com/articles/2014/05/13/fose-cloud-omb.aspx?admgarea=TC_Cloud
14. “Infrastructure as a Service Blanket Purchase Agreement Fact Sheet.” General Services Administration:
May 2014 http://www.gsa.gov/portal/mediaId/184727/fileName/IaaS_FAQ.action
15. Mary Davie, “Department of Homeland Security Buys into the Cloud.” Great Government Through
Technology Blog: September 29, 2011 http://gsablogs.gsa.gov/technology/2011/09/29/department-of-
homeland-security-dhs-buys-into-the-cloud/
16. Scott Renda, “One Cloud Does Not Fit All: Adopting a Secure Cloud for Government”. Office of
Management and Budget, Office of E-Government and Information Technology: May 13, 2014; See also,
Jackson, “Forget fad. The cloud is real, it’s here and it’s growing.” 2014
17. “Creating Effective Cloud Computing Contracts.” 2012 p.11-12
18. “OMB Presents on Adopting a Secure Cloud for the Government.” CIO Council https://cio.gov/omb-
presents-adopting-secure-cloud-government/
Image: techspot.com (labeled for reuse)
4