Federal CIOs Must Embrace Hybrid IT in Shift to Cloud
Top Gartner analyst urges government tech leaders to keep mission objectives and service approach in mind as they move IT processes to the cloud.
By Kenneth Corbin
WASHINGTON — With the agencies of the federal government in various stages of shifting their IT operations to the cloud, CIOs must take a considered approach that places cloud computing in the context of a host of other factors, chiefly the agency mission, but also the prevailing currents that are reshaping the technology landscape, a top analyst with Gartner said on Thursday.
In remarks here at a conference on cloud computing and the federal government, David Cearley, a fellow and vice president with the research group, pitched a hybrid vision of IT that would marshal cloud computing in service of an agency’s business objectives while at once tapping into the transformative potential of social, mobile and the information insights to be harvested from big data.
“Make no mistake. It’s not cloud in isolation. It’s cloud in the mix of a series of disruptive trends that you really have to address,” Cearley says.
First, as a matter of definition, Cearley notes that the term “cloud computing,” through overuse common to IT faddishness, is in danger of drifting from its essential meaning, which Gartner articulates as “a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using Internet technologies.”
“Cloud is stamped on everything that doesn’t move fast,” says Cearley. “When cloud means ‘everything’ and it’s stamped on everything, then cloud computing loses its meaning.”
He argues that cloud computing, in the non-diluted sense of the term, must entail a layer of abstraction that casts whatever the function at issue — software, business process applications, infrastructure, etc. — as a service.
To the federal IT workers in the audience, Cearley advises that they keep that focus on services in mind in their pitch meetings with cloud vendors looking to score government contracts.
“Be sure you’re having [a] conversation about you providing service to me. Keep that separate from the conversation about building your own private cloud,” he says. “The whole idea is to create this abstraction layer.”
And indeed, Gartner’s forecast anticipates an across-the-board, if uneven, uptick in spending on an array of technologies delivered as a service, encompassing software, business processes, platforms and infrastructure.
Along the way, interest in the private cloud and hosted private cloud appears to be waning. In its polling of IT executives in various sectors, including government, Gartner found that decision makers are growing more comfortable with public and hybrid cloud models, with a corresponding shift away from purely private clouds.
“That’s happening because as people get more comfortable with public cloud services, they layer in additional security capabilities and make it safer, and as certification models like FedRAMP and other things come up, then the security issues are getting addressed for more and more applications. Look at this as a steady progression over time,” Cearley says, calling 2013 “the year of hybrid cloud thinking.”
Cearley intends a broader resonance in his message of hybrid computing, urging CIOs to take a wide view of their IT operations to bring a consistency to areas like security and governance across internal, external and mixed environments.
Similarly, he cautions against moving forward with a cloud strategy without an accompanying consideration of how any new deployment will support the organization’s strategy and mesh with its enterprise architecture.
Effectively implementing that hybrid approach will often entail a shakeup of roles and responsibilities within a traditional IT operation, designating one team with building services and creating the interface for users, and another with the more foundational elements such as security and deciding whether the process should be housed in a public, private or hybrid cloud.
“You’ve got parallel efforts that should be going on within your organization,” Cearley says.
“It’s not just a technology issue, it’s an organizational issue,” he adds. “We’ve seen a lot of new org charts come out, particularly in enterprise.”
Cloud Cost and Security
Cearley takes a somewhat contrarian view when it comes to two of the issues most central to the discussion of cloud computing: cost and security.
On the former, he challenges the blanket assertion that cloud computing is a cost saver, describing “plenty of cases” he has seen where a cloud solution delivered by an external service provider proved costlier over a 5- or 7-year life cycle than a comparable solution done in-house.
“Everybody starts looking at cloud saying it’s going to be a way of saving money, and you know what, there will be targeted areas where you’ll save money using cloud services, particularly from external firms, but it’s not always going to save you money,” Cearley says.
“Don’t just assume cloud is cheaper. You’ve got to have mechanisms to evaluate the life cycle cost over time, and sometimes even if it isn’t cheaper, it makes sense to do it anyway, because the number one issue with cloud is agility.”
On security, often held up as a leading inhibitor of cloud adoption in the government, Cearley points out that it’s a function of the provider, and that many cloud players have stronger data-center security than midsize government agencies and enterprises.
But at its core, cloud computing isn’t entirely different from some of the outsourcing functions that businesses have relied on for decades where a level of control over sensitive material is handed over to an outside firm (say, sending a design prototype via FedEx or storing vital paper documents with Iron Mountain).
Then, too, Cearley argues that security is sometimes offered as a red herring from a corner of an IT organization reluctant to give up oversight of certain processes and fearful of the disruption that the cloud could bring.
“Cloud services are not inherently more or less secure than traditional outsourcing,” he says. “Security is important, but I’ve got to tell you, at least 50 percent of the time when people raise security as an issue what it really means is job security.”
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.