Cloud: Two Years of Progress | GovernmentCIO Magazine

Less than two years ago, then-U.S. Chief Information Officer, Vivek Kundra, offered a prescription to reform federal information technology management. The federal government must overhaul how it manages $80 billion in annual IT investments; the basis for these IT reforms is a 25-Point Implementation Plan, which describes in detail how to get it done. Kundra described the model as These IT reforms require collaboration with Congress; engagement with industry; and commitment and energy from government leadership and IT, acquisition, and financial management professionals. They require relentless focus on near-term execution, recognition of past lessons, and a long-term vision for the future by shifting focus away from policy and toward execution and oversight, these IT reforms will succeed in delivering results for the American people. But what are some practical ways to achieve this lofty goal and what are the challeges? One answer is in the cloud. According to an update released by the current U.S. CIO, Steven VanRoekel, a cadre of agencies have identified 79 services for transition to the cloud by next month, and 40 services have been migrated so far. Cloud migrations resulted in added functionality, created half a dozen new services, and eliminated more than 50 legacy systems. According to VanRoekel, the cloud brings additional benefits: service improvement, improved agility and scalability, collaboration, enhanced sustainability, and innovation. Two years ago not only were agencies tightening their budgets, but there was an overabundance of data centers. These trends, which thankfully coincided with the evolution of cloud computing, were seen as a challenge to IT reform. Kundra's push toward the "cloud first" approach would result in finding on-demand solutions resulting in up to 50 percent lower per unit cost. Whats Happening Now and Beyond Among the current successes, which could translate into best practices for other agencies, is the new and improved Internet security services at the Environmental Protection Agency. The EPA improved identification of and response to cyber threats, tripled bandwidth to support its mission, and reduced the cost-per-megabyte from $179 to $83. Meanwhile, at the Treasury Department, a cloud-based approach to IT reform netted almost $2 million in annual savings and eliminated 20 legacy systems. The Treasury's Business Process Management Services established a new infrastructure for

state of the art manufacturing services and enabled Bureau of Engraving and Printing to implement the department's Internet payment platform. But agencies recognize the many challenges ahead. Available investment is shrinking, while mission-critical IT needs are growing. One serious challenge the federal government has taken on is consolidating the many data centersa perfect project for the cloud. Launched in 2011, the Federal Data Center Consolidation Initiative (FDCCI) seeks a more integrated IT infrastructure. In 1998, there were a reported 423 federal data centers; by 2009 this number had grown to more than 1,100. Efforts at IT reform aim squarely at this redundant infrastructure investment. Addressing such excess will have a significant impact on energy consumption. In 2006, federal servers and data centers consumed over 6 billion kWh of electricity and without a fundamental shift in how we deploy technology it could exceed 12 billion kWh. In addition to the energy impact, information collected from agencies in 2009 shows relatively low utilization rates of current infrastructure and limited reuse of data centers within or across agencies. The cost of operating a single data center is significant, from hardware and software costs to real estate and cooling costs. Fortunately it appears consolidation is ahead of schedule. Lisa Schlosser, deputy administrator of the Office of Management and Budget's office of e-government and IT, says the consolidation initiative shouldn't be judged by data center closings alone, and the government now plans to close 472 data centers by the end of 2012. The actual number of closures will be a tangible measure of IT reform success. Real Challenges In this climate of tight budgets, however, cost cutting has become urgent and budget belt-tightening could work against IT reform Congress cut the Department of Homeland Security budget requests for the upcoming fiscal year in the area of data center consolidation. Attaining the estimated $5 billion by reduced data center ops will still require some upfront investing hard to achieve when Congress is so concerned about every nickel in an election cycle. And even though the effectiveness of the FDCCI will contribute to IT reform, agencies still must overcome a number of key challenges, most specifically security. The Federal Risk and Authorization Management Program (FedRAMP) program is providing a framework for agencies to test and certify cloud computing vendorsbut what remains the responsibility of individual agencies has not been set, just yet. The upcoming goals,

as identified in the recent update, are laudable, particularly creating a government-wide marketplace for data center availability, which will enable f IT program manager mobility across government and industry, and; reducing barriers to entry for small innovative technology companies. In testimony before Congress, GSA officials stated, one of the most significant obstacles to the adoption of cloud computing is security agencies need to have valid certification and accreditation process and a signed Authority to Operate (ATO) in place for each cloud-based product they use. While vendors are willing to meet security requirements, they would prefer not to go through the expense and effort of obtaining a C&A and ATO for each use of that product in all the federal departments and agencies. Last December, VanRoekel issued a policy memo that identifies FedRAMP as the standardized approach to the security authorization process for cloud products and services, adopting requirements agreed upon by all federal agencies and approved by FedRAMP's Joint Authorization Board. This unified risk management approach will evaluate IT services offered by vendors on behalf of federal agencies, saving agencies from conducting their own risk management programs. Reducing duplicative risk management efforts cuts costs, and helps Federal agencies to focus their evaluations of IT services on their agencys specific needs. These agencies' successes show that, in the past two years, significant progress has been made, but more work remains. To help the cloud with its goal of IT reform, GSA established the interagency FedRAMP to meet the agencies demand for practical, cost-effective cloud computing security. FedRAMPs purpose supports IT reform by giving cloud service providers a process for obtaining an ATO that can be shared across agencies, which in turn supports the federal CIOs goal of bringing strategic industry know-how to bear, and can open the door to smaller providers. FedRAMPs first accomplishment was the recent publication for public comment of Proposed Security Assessment and Authorization for U.S. Government Cloud Computing, a resource that provides guidance necessary for efficient continuous monitoring in federal cloud computing environment. Soon, GSA will release the FedRAMP Concept of Operations, further detailing the processes for federal agencies and cloud service providers to meet FedRAMP requirements, and move forward with additional IT reforms.