A couple of weeks ago Vivek Kundra, US Chief Information Officer, released the “Federal Cloud Computing Strategy” paper. Despite
its rather bland title and innocuous language, the paper carries the potential to transform the government’s use of technology — and, by extension and
example, the private sector’s as well.
The first thing that jumps out at you when reading the paper is right on page 1 — a chart showing the estimated portion of the Federal IT spend
that potentially can move to the cloud. Out of $80 billion, the Office of Management and Budget predicts that $20 billion could move to the cloud. First off,
that’s a lot of money. Even in Washington, DC, that kind of number gets attention.
Second, it implies the scope of underutilized and inefficiently applied IT resources within the government today. As the report notes later in its pages,
rather than being “The Fortune One,” as people pointing to the size of the Federal IT budget sometime characterize it, the Federal government, with respect
to IT procurement, acts more like an agglomeration of much smaller businesses. One case study contained in the report, detailing an email outsourcing
initiative within the Department of Agriculture, noted it had 21 (!) different email systems. Along with 21 different infrastructures, operations staffs, vendor
contracts, and so on. The potential for improving efficiency is enormous.
By aggregating demand and standardizing offerings, the report predicts that utilization rates will increase from less than 30% to over 70%, matching
what commercial cloud providers achieve. In terms of the level of impact this would have, the report states that in 2010, around 30 cents of every dollar
invested in Federal IT was spent on data center infrastructure. The report predicts that by shifting to cloud computing, the Federal government can reduce
its data center expenditure by 30%. I think that implies the government can save $7.2 billion of its IT budget ($80 billion total budget, times the 30% spent
on data center infrastructure, times the 30% savings possible by moving to cloud computing).
The report recommends cloud computing for reasons other than pure cost savings, however.
A Shift to Service Focus
The report discusses potential cloud benefits, defining them in three categories: efficiency (where the utilization rate prediction is located), agility, and
innovation. I found one innovation benefit fascinating: cloud computing, the report suggests, will help IT “shift focus from asset ownership to service
This shift is far more profound than it appears when presented in a table of benefits. The report posits that organizations that make the mental shift will
manage systems toward output metrics (e.g., SLAs) rather than input metrics (e.g, number of servers). The impact of this shift cannot be overestimated, as
it directs behavior toward outcomes rather than inputs. It also has the side effect of pressuring providers to deliver high-quality service, as the inevitable
implication of a service orientation is an indifference as to service sourcing and a focus on service benefit. In a word, service orientation means
In my last blog posting, I wrote about wasting IT
resources to achieve business benefit. This approaches offends traditional asset managers, as it seems to imply that assets are unimportant. And, in
truth, this is correct. When a service management perspective is in place, the focus is on the benefit derived by the user, not the motivation of the provider.
The pressure is on the provider to meet the service management bogey, at the appropriate price. And with regard to the service provider’s perspective, it
then becomes a question of where the necessary assets of sufficient quality to enable meeting the service SLA are available, with, again, an indifference to
asset ownership. The report’s moderate tone underplays the revolutionary impact on shifting focus from asset ownership to service delivery.
Of course, not all is perfect in the Federal cloud computing atmosphere. The report has an entire section on security, which is the biggest concern most
organizations have regarding cloud computing. Federal agency applications have to adhere to the Federal Information Security Management Act (FISMA),
which dictates a “certification and accreditation” process as part of the application deployment process.
The report presents the NIST Risk Management Framework as a recommended approach to evaluating security for a cloud-based application. What
was most interesting in the commentary on cloud computing security was a description of potential security benefits available by using a cloud hosting
The number one benefit cited is “the ability to focus resources on areas of high concern as more general security services are assumed by the cloud
provider.” This is another of the report’s moderate observations that conceal something quite profound: Security is difficult and expensive, and most
organizations do a mediocre job across the totality of security measures.
Leveraging cloud providers enables an organization to avoid much of the expense, since the cloud provider implements significant portions of the
security measures (and amortizes the expense across its entire customer base), allowing the cloud user to direct limited security dollars toward
application-specific requirements. This approach is one we often discuss with clients, as we recommend they evaluate their cloud security concerns against
what they actually have in place in their own environments, rather than measuring the provider’s security mechanisms against an idealized perfection never
actually obtained by the client in its own infrastructure.
What I’ve described are just a few of the interesting highlights of the report. As is the nature of many government publications, its flat prose downplays
the critical implications of the content. It’s quite clear that the Federal government is preparing for a huge commitment to cloud computing on all fronts:
external SaaS, internally-hosted IaaS, and external public IaaS as well. With its announced “cloud-first” policy, the Federal government is making cloud
computing its default deployment option.
In addition to its own results, I expect the Federal government’s cloud initiatives will drive private sector adoption — after all, it’s not easy to
maintain that a cloud provider is not sufficiently robust if it’s supporting tens of thousands of USDA employees securely. I recommend that all CIOs track
the Federal government’s cloud activities to identify models that can be emulated, as well as observe problems that can be avoided once they’re
Bernard Golden is CEO of consulting firm HyperStratus, which specializes in
virtualization, cloud computing and related issues. He is also the author of “Virtualization for Dummies,” the best-selling book on virtualization to
Follow Bernard Golden on Twitter @bernardgolden. Follow everything from CIO.com on