A couple of weeks ago Vivek Kundra, US Chief Information Officer, released the “Federal Cloud Computing Strategy” paper. Despite its rather bland title and innocuous language, the paper carries the potential to transform the government’s use of technology — and, by extension and example, the private sector’s as well.
The first thing that jumps out at you when reading the paper is right on page 1 — a chart showing the estimated portion of the Federal IT spend that potentially can move to the cloud. Out of $80 billion, the Office of Management and Budget predicts that $20 billion could move to the cloud. First off, that’s a lot of money. Even in Washington, DC, that kind of number gets attention.
Second, it implies the scope of underutilized and inefficiently applied IT resources within the government today. As the report notes later in its pages, rather than being “The Fortune One,” as people pointing to the size of the Federal IT budget sometime characterize it, the Federal government, with respect to IT procurement, acts more like an agglomeration of much smaller businesses. One case study contained in the report, detailing an email outsourcing initiative within the Department of Agriculture, noted it had 21 (!) different email systems. Along with 21 different infrastructures, operations staffs, vendor contracts, and so on. The potential for improving efficiency is enormous.
By aggregating demand and standardizing offerings, the report predicts that utilization rates will increase from less than 30% to over 70%, matching what commercial cloud providers achieve. In terms of the level of impact this would have, the report states that in 2010, around 30 cents of every dollar invested in Federal IT was spent on data center infrastructure. The report predicts that by shifting to cloud computing, the Federal government can reduce its data center expenditure by 30%. I think that implies the government can save $7.2 billion of its IT budget ($80 billion total budget, times the 30% spent on data center infrastructure, times the 30% savings possible by moving to cloud computing).
The report recommends cloud computing for reasons other than pure cost savings, however.
A Shift to Service Focus
The report discusses potential cloud benefits, defining them in three categories: efficiency (where the utilization rate prediction is located), agility, and innovation. I found one innovation benefit fascinating: cloud computing, the report suggests, will help IT “shift focus from asset ownership to service management.”
This shift is far more profound than it appears when presented in a table of benefits. The report posits that organizations that make the mental shift will manage systems toward output metrics (e.g., SLAs) rather than input metrics (e.g, number of servers). The impact of this shift cannot be overestimated, as it directs behavior toward outcomes rather than inputs. It also has the side effect of pressuring providers to deliver high-quality service, as the inevitable implication of a service orientation is an indifference as to service sourcing and a focus on service benefit. In a word, service orientation means competition.
In my last blog posting, I wrote about wasting IT resources to achieve business benefit. This approaches offends traditional asset managers, as it seems to imply that assets are unimportant. And, in truth, this is correct. When a service management perspective is in place, the focus is on the benefit derived by the user, not the motivation of the provider. The pressure is on the provider to meet the service management bogey, at the appropriate price. And with regard to the service provider’s perspective, it then becomes a question of where the necessary assets of sufficient quality to enable meeting the service SLA are available, with, again, an indifference to asset ownership. The report’s moderate tone underplays the revolutionary impact on shifting focus from asset ownership to service delivery.
Of course, not all is perfect in the Federal cloud computing atmosphere. The report has an entire section on security, which is the biggest concern most organizations have regarding cloud computing. Federal agency applications have to adhere to the Federal Information Security Management Act (FISMA), which dictates a “certification and accreditation” process as part of the application deployment process.
The report presents the NIST Risk Management Framework as a recommended approach to evaluating security for a cloud-based application. What was most interesting in the commentary on cloud computing security was a description of potential security benefits available by using a cloud hosting infrastructure.
The number one benefit cited is “the ability to focus resources on areas of high concern as more general security services are assumed by the cloud provider.” This is another of the report’s moderate observations that conceal something quite profound: Security is difficult and expensive, and most organizations do a mediocre job across the totality of security measures.
Leveraging cloud providers enables an organization to avoid much of the expense, since the cloud provider implements significant portions of the security measures (and amortizes the expense across its entire customer base), allowing the cloud user to direct limited security dollars toward application-specific requirements. This approach is one we often discuss with clients, as we recommend they evaluate their cloud security concerns against what they actually have in place in their own environments, rather than measuring the provider’s security mechanisms against an idealized perfection never actually obtained by the client in its own infrastructure.
What I’ve described are just a few of the interesting highlights of the report. As is the nature of many government publications, its flat prose downplays the critical implications of the content. It’s quite clear that the Federal government is preparing for a huge commitment to cloud computing on all fronts: external SaaS, internally-hosted IaaS, and external public IaaS as well. With its announced “cloud-first” policy, the Federal government is making cloud computing its default deployment option.
In addition to its own results, I expect the Federal government’s cloud initiatives will drive private sector adoption — after all, it’s not easy to maintain that a cloud provider is not sufficiently robust if it’s supporting tens of thousands of USDA employees securely. I recommend that all CIOs track the Federal government’s cloud activities to identify models that can be emulated, as well as observe problems that can be avoided once they’re characterized.