Government agencies have been floating the idea of moving from data centers to cloud based solutions for well over a decade. From the CIO.gov 2010 “Cloud First” policy to the 2017 “Cloud Smart” strategy – there has been plenty of guidance and policies created across many areas within the Federal Government, but there are still many systems and applications lingering on data centers across agencies. What has held agencies back from making the leap? And what is the cloud?
The cloud is a network of servers that provides key abilities including on-demand service, broad network access, resource pooling, rapid elasticity, and measured service. The benefits for government agencies using the cloud are largely the same as they are for commercial businesses. Most will make the leap due to reduced hardware costs – the agency no longer needs to maintain expensive servers and worry about things like physical security of the hardware. The ability to scale and use standardized platforms and software are also benefits of moving off physical servers and to the cloud. FedRAMP’s website offers a wealth of resources for government buyers and team leaders to make decisions and to become informed about cloud offerings. The site shows what is authorized through various providers, see who else in the US government is using it, and get a link to the vendor’s website to learn more.
The CIO.gov cloud strategy provides agencies a foundation for moving to a cloud-based solution within federal government constraints. It encourages agencies to think of the cloud as part of a wholistic solution to enhance service delivery and achieve their mission. Cprime, and our partners Genesis Consulting, have been helping agencies across the Federal government move to the cloud and enhance their services. In this post, we will examine the top 5 challenges government agencies face when moving to the cloud.
Tip #1 – Use the Cloud to Help Build your Multi-Layered Security Approach
Security is always a primary consideration in public sector systems – and often dedicated servers were the front-line defense against malicious attacks. But just like a castle walls can be breached, simply isolating a system does not make it secure. Instead, a multi-layered defense strategy is required to protect all aspects of a system, from data to network and physical infrastructure. Successfully managing risks requires collaboration between agency leadership, mission owners, technology practitioners, and governance bodies.
Cloud providers can help form portions of that multi-layered approach. The CIO.gov cloud smart strategy highlights that security should be thought of as a capability and outcome of the system and should be a collaborative effort across the system owners and technical providers to develops solutions to meet those outcomes. Agencies need to move to more flexible solutions for intrusion detection and prevention. Some of the cloud providers provide capabilities as part of their service offerings, and these can be supplemented by agency specific, and system specific capabilities built to enhance the base protections. Encryption and ICAM implementation are particularly relevant in the context of cloud-based environments, namely in those instances where an agency is partnering with an external service provider to manage network visibility and data protection. FedRAMP provides a standardized government-wide approach to security assessment, authorization, and continuous monitoring of cloud services. They give cloud service providers opportunities to demonstrate their ability to meet Federal security requirements and join the list of accepted providers.
Tip #2 – Continually Improve the Skills in your Employees.
Any Government agency knows that their employees are the heart of achieving their mission. As agencies adopt and migrate to cloud platforms, the impact on their people is a key factor. Current employees may lack the skills or knowledge required to facilitate a cloud migration or to maintain the environment once migrated. Agencies should identify potential skills gaps that emerge because of a transition to cloud-based services, and, if needed, providing training and education to their existing staff so they gain additional skills and knowledge to keep up with the new technology. Cprime and Genesis offer a wide variety of trainings and can support in upskilling employees.
Tip # 3 – Update your Procurement Process to Enable Cloud Services.
Procurement is often a complex process, and when there is not a consistent process of adoption it can make sharing best practices even more complicated. Since the cloud is still a relatively new service within the Federal government, it is important for agencies to look at their procurement approaches and determine if they need to modify how they buy these new services. Until recently, agencies had to search across multiple sources to gain a basic understanding of the various types of cloud services sold, the different offerings available on existing government-wide contracts, and the best way to evaluate which approach is best for a given requirement. CIO.gov, OMB and GSA will continue to promote alignment and closely examine agency-identified obstacles in that effort. Given that cloud computing is relatively new territory for acquisition professionals, such as Chief Acquisition Officers, Contracting Officers, and Project Managers, should take advantage of existing guidance from sources like the TechFar and CIO.gov to update their processes and skills as well as agency processes.
Tip #4 – Understand how to Review and Streamline Legacy Systems.
Government agencies have a multitude of systems in place, some spanning back decades and often producing a tangled mess of overlapping, obsolete, and overly intensive applications. The need to examine these systems and go through the rationalization process is often a difficult, but critical step on moving government systems to the cloud. Current applications may not be able to ‘lift and shift’ easily to a new platform. By focusing on what applications are needed, which are obsolete or redundant, and which can be adapted more easily to the cloud, agencies can work on moving to the cloud and immediately seeing the benefits for some systems while optimizing and even rebuilding other applications. The goal is to move away from ‘big bang’ approach of transferring everything at once but move to an agile, iterative approach where portions or parts of systems are migrated freeing time and money to focus on the more complex parts of the system. Which brings us to our last tip – agility.
Tip #5 – Improve Mission Agility through Technical Agility.
To realize the full benefit of cloud technology, agencies must cultivate an organizational mindset of constant improvement and learning. Application modernization is a constant state of improvement and part of the day-to-day business of technology at every agency. In order to improve mission agility and be able to respond to changing customer expectations and emerging challenges, agencies will need to iteratively improve policies, technical guidance, and business requirements. Advancing their cloud adoption is one step to match changing needs, drive positive outcomes, and prevent their IT portfolio from becoming obsolete.
To really embrace the cloud and to see the benefits it can bring realized within their own systems, agencies must consider how to use their current resources to maximize value: reskilling and retraining staff, enhancing security models to adopt multi-layered approaches, and using best practices and shared knowledge in acquisitions. With these, they can then tackle the difficult work of examining, updating, and moving legacy systems to help improve their agility and ability to deliver on their mission. But an agency does not have to face these steps along. By working with partners like Cprime and Genesis Consulting, agencies can use our knowledge and experience to help assess where they stand, make a plan to adapt, and truly embrace the best of the cloud in their mission.