WASHINGTON – For all the enthusiasm surrounding the government's move to the cloud – and there's no shortage – one prominent federal CIO is emphatic that cloud computing, for all its virtues, is no panacea for the government's technology challenges.
That would be David Bennett, CIO at the Defense Information Systems Agency, or DISA. At a government IT conference hosted by the tech consortium MeriTalk, Bennett acknowledged that "the cloud is a very viable scenario" for the feds, but he urges CIOs and other agency leaders to carefully consider which data sources and applications are suitable for a remotely hosted and managed environment.
"Everybody's looking at cloud as being the answer to all issues," Bennett says, "but we need to understand what it means to start to leverage the cloud as we go forward."
Bennett identifies many obstacles to the government's adoption of cloud technologies – perhaps none more important in his agency than the security concerns associated with turning over sensitive processes over to a third-party provider.
"Are we going to take everything to the cloud?" he asks. "My sense of the game is no, we won't."
Instead, he envisions agencies scouring their applications and data assets to identify the "crown jewels" that "need to stay within the defensive perimeter."
"There's just some things we aren't going to put out in the commercial space," he says. "Do you really want nuclear command and control sitting out in the open?"
Bennett also stresses the importance of continuous monitoring in a cloud deployment – not just "how do I protect the ones and zeroes," he says, but "how do I monitor the network, how do I monitor what's going on in that environment, and what kind of feedback am I getting in terms of real-time awareness."
Preparing for Government Cloud Transition Remains Work in Progress
Addressing those concerns remains a work in progress around the government. In a new MeriTalk survey of federal IT managers, 44 percent of respondents described their agency data governance practices as "mature." Just one in five said they have complete confidence in the security of their cloud service provider.
The Obama administration early on identified cloud computing as a centerpiece of its mission to modernize government IT systems. That effort, formalized with a "cloud-first" policy, comes alongside administration directives such as data center consolidation, mobility and open data.
Beyond the security issues that Bennett cites, he also identifies other, less technical barriers to migrating to the cloud – or embracing any major technology change, for that matter.
Bennett recalls a few years back when he set out to consolidate an IT process relating to operational planning for military exercises, which sat in dedicated boxes installed in 17 command posts around the word. The aim was to streamline the management and provisioning of the operation, but along the way Bennett encountered "box huggers" in the field who were extremely reluctant to let the physical equipment move off the premises.
"It was a sense of comfort," he says. "It becomes a significant emotional event"
But Bennett prevailed, consolidating the footprint for the particular operation from 17 locations to four. The service stayed within the DoD's network, but the centralized provisioning led to marked improvements in speed, performance and reliability. Today, Bennett says no one would think about going back to the old environment where each facility was responsible for managing its own box, but the experience provided an object lesson in the cultural challenges CIOs can face when trying to consolidate far-flung, autonomously managed technology processes.
"It's the same thing with cloud, but now we're talking about moving a capability out of the DoD and into a commercial environment. Let me tell you, that's pretty scary for some of us," he says. "It's not a technology issue. It's a mindset issue."