Since 2010, the number of U.S. government agencies working with IT cloud services providers has grown exponentially. A TechNavio study released in March 2013 predicts that cloud computing in government will grow at a 6.2 percent compound annual growth rate (CAGR) through 2016.
Within the federal government, cloud adoption could improve services in four major ways: business transformation, procurement frameworks, digital identity and shared services architecture.
When the government fully embraces the cloud, the American people will have access to government data and services 24 hours per day using any type of device. Imagine government-created apps that give private industry fast access to the petabytes of information handled by the U.S. government. Then, think about how that information could empower decision-making.
Also, because agencies won’t have to focus on IT management, they can focus on program effectiveness. This new way of thinking will challenge agencies that currently waste money by holding onto obsolete processes and policies. For example, the White House expects agencies to engage with their customers, a group that includes both private sector companies and citizens, to find out which services could most benefit from cloud migration. The White House also expects agencies to provide tools that measure customer satisfaction and agency performance not only regarding their own digital services but also on every .gov website. These requirements will push agencies to focus more on the customer experience, which will again force them to question obsolete processes and policies.
Government procurement frameworks aren’t currently designed for flexibility and agility. Working with a cloud services provider (CSP) means accepting that things will change, and they’ll change often. For example, CSPs often revise their services packages, and customers get the upgrade whether they like it or not. Because services are always changing, the fixed-price arrangement that works for the government now may not be cost-effective in the future. Under current procurement guidelines, many agencies try to negotiate custom services with CSPs. The whole point of a CSP’s business model is to lower costs by allowing many users to share resources in common.
These day-to-day challenges will force more flexible procurement practices. For example, procurement agents will have to learn how to negotiate for services, not for products. Learning new skill sets will take time, but the changes will be good for all.
Because the cloud means sharing resources, government agencies will have to re-examine how they authenticate identities. The U.K. has taken an interesting approach to this. In the U.K., private companies like Facebook and Google can become "identity providers" (IDP). When individuals want to apply for government services, then they are asked to login with commonly used identity credentials, such as a Facebook login. Once Facebook authenticates the user, it transmits approval to the government. The user then gains admission into the government portal. This way, the government won’t keep login credentials on its websites, so users don’t have to fear data capturing and tracking from government organizations.
In the U.S., 46 percent of agencies are concerned about the security of their applications and proprietary data within a cloud environment. The U.S. government could leverage existing authentication tools, like the Public Key Infrastructure, or it could go with something like the U.K.’s IDP process. The good news about the U.K. process is that users won’t have to remember yet another login, and the government won’t have to worry about protecting identity data in a central location.
Shared Services Architecture
The U.S. government has created a program called FedRAMP that makes cloud migration much simpler. Organizations like Amazon Web Services, for example, can gain FedRAMP compliance based on the impact level of different types of services and information. For example, since Amazon Web Services has Agency Authority to Operate (ATO) for the Department of Health and Human Services at FedRAMP’s "moderate impact" level, then HHS agencies can quickly migrate data and applications to the AWS cloud.
This partnership with AWS is one example of how agencies can relinquish the mindset of always creating their own customized solutions. Instead, they can grab turnkey alternatives that have already passed the FedRAMP test. By sharing common infrastructure in volume, agencies can cut their technology and support costs. Since FedRAMP provides the security analysis framework, agencies can feel comfortable with FedRAMP-approved CSPs.
About the Author: Dave Asprey is responsible for thought leadership and strategy as the Vice President of Cloud Security at Trend Micro. He works with press, analysts, customers, partners, the Cloud Security Alliance and the cloud and virtualization community in general to bring more cloud knowledge to Trend Micro, and to share Trend Micro’s innovative new cloud and virtualization strategy. Dave’s writing has been published by the NY Times and Fortune and his cloudywords.com blog was named "Top 100 cloud blogs" by Cloud Expo.