Upload
tom-termini
View
217
Download
0
Embed Size (px)
Citation preview
7/30/2019 BD GoCIO Magazine May2012 Cloud Reform
1/3
Cloud: Two Years of Progress | GovernmentCIO Magazine
Less than two years ago, then-U.S. Chief Information Officer, Vivek Kundra, offered
prescription to reform federal information technology management. The federal gover
ment must overhaul how it manages $80 billion in annual IT investments; the basis f
these IT reforms is a 25-Point Implementation Plan, which describes in detail how to g
it done. Kundra described the model as These IT reforms require collaboration wiCongress; engagement with industry; and commitment and energy from governme
leadership and IT, acquisition, and financial management professionals. They requi
relentless focus on near-term execution, recognition of past lessons, and a long-term v
sion for the future by shifting focus away from policy and toward execution an
oversight, these IT reforms will succeed in delivering results for the American people.
But what are some practical ways to achieve this lofty goal and what are the challeges?
One answer is in the cloud. According to an update released by the current U.S. CIO
Steven VanRoekel, a cadre of agencies have identified 79 services for transition to th
cloud by next month, and 40 services have been migrated so far. Cloud migrations r
sulted in added functionality, created half a dozen new services, and eliminated mo
than 50 legacy systems. According to VanRoekel, the cloud brings additional benefit
service improvement, improved agility and scalability, collaboration, enhance
sustainability, and innovation.
Two years ago not only were agencies tightening their budgets, but there was an ove
abundance of data centers. These trends, which thankfully coincided with the evolutio
of cloud computing, were seen as a challenge to IT reform. Kundra's push toward th
"cloud first" approach would result in finding on-demand solutions resulting in up to 5
percent lower per unit cost.
Whats Happening Now and Beyond
Among the current successes, which could translate into best practices for oth
agencies, is the new and improved Internet security services at the Environmental Pr
tection Agency. The EPA improved identification of and response to cyber threat
tripled bandwidth to support its mission, and reduced the cost-per-megabyte from $17
to $83. Meanwhile, at the Treasury Department, a cloud-based approach to IT refor
netted almost $2 million in annual savings and eliminated 20 legacy systems. Th
Treasury's Business Process Management Services established a new infrastructure f
7/30/2019 BD GoCIO Magazine May2012 Cloud Reform
2/3
state of the art manufacturing services and enabled Bureau of Engraving and Printing
implement the department's Internet payment platform.
But agencies recognize the many challenges ahead. Available investment is shrinkin
while mission-critical IT needs are growing. One serious challenge the federal gover
ment has taken on is consolidating the many data centersa perfect project for th
cloud. Launched in 2011, the Federal Data Center Consolidation Initiative (FDCCseeks a more integrated IT infrastructure. In 1998, there were a reported 423 federal da
centers; by 2009 this number had grown to more than 1,100. Efforts at IT reform ai
squarely at this redundant infrastructure investment. Addressing such excess will hav
a significant impact on energy consumption. In 2006, federal servers and data cente
consumed over 6 billion kWh of electricity and without a fundamental shift in how w
deploy technology it could exceed 12 billion kWh. In addition to the energy impact, i
formation collected from agencies in 2009 shows relatively low utilization rates of cu
rent infrastructure and limited reuse of data centers within or across agencies. The coof operating a single data center is significant, from hardware and software costs to re
estate and cooling costs.
Fortunately it appears consolidation is ahead of schedule. Lisa Schlosser, deputy admi
istrator of the Office of Management and Budget's office of e-government and IT, say
the consolidation initiative shouldn't be judged by data center closings alone, and th
government now plans to close 472 data centers by the end of 2012. The actual numb
of closures will be a tangible measure of IT reform success.
Real Challenges
In this climate of tight budgets, however, cost cutting has become urgent and budg
belt-tightening could work against IT reform Congress cut the Department of Hom
land Security budget requests for the upcoming fiscal year in the area of data cent
consolidation. Attaining the estimated $5 billion by reduced data center ops will still r
quire some upfront investing hard to achieve when Congress is so concerned aboevery nickel in an election cycle.
And even though the effectiveness of the FDCCI will contribute to IT reform, agenci
still must overcome a number of key challenges, most specifically security. The Feder
Risk and Authorization Management Program (FedRAMP) program is providing
framework for agencies to test and certify cloud computing vendorsbut what remain
the responsibility of individual agencies has not been set, just yet. The upcoming goa
7/30/2019 BD GoCIO Magazine May2012 Cloud Reform
3/3
as identified in the recent update, are laudable, particularly creating a government-wid
marketplace for data center availability, which will enable f IT program manager mobi
ty across government and industry, and; reducing barriers to entry for small innovativ
technology companies.
In testimony before Congress, GSA officials stated, one of the most significant obst
cles to the adoption of cloud computing is security agencies need to have valid certi
cation and accreditation process and a signed Authority to Operate (ATO) in place f
each cloud-based product they use. While vendors are willing to meet securi
requirements, they would prefer not to go through the expense and effort of obtaining
C&A and ATO for each use of that product in all the federal departments and agencies
Last December, VanRoekel issued a policy memo that identifies FedRAMP as the sta
dardized approach to the security authorization process for cloud products an
services, adopting requirements agreed upon by all federal agencies and approved b
FedRAMP's Joint Authorization Board. This unified risk management approach wevaluate IT services offered by vendors on behalf of federal agencies, saving agenci
from conducting their own risk management programs. Reducing duplicative risk ma
agement efforts cuts costs, and helps Federal agencies to focus their evaluations of
services on their agencys specific needs.
These agencies' successes show that, in the past two years, significant progress has bee
made, but more work remains. To help the cloud with its goal of IT reform, GSA esta
lished the interagency FedRAMP to meet the agencies demand for practical, cost-effetive cloud computing security. FedRAMPs purpose supports IT reform by giving clou
service providers a process for obtaining an ATO that can be shared across agencie
which in turn supports the federal CIOs goal of bringing strategic industry know-ho
to bear, and can open the door to smaller providers. FedRAMPs first accomplishme
was the recent publication for public comment ofProposed Security Assessment and Auth
rization for U.S. Government Cloud Computing, a resource that provides guidance nece
sary for efficient continuous monitoring in federal cloud computing environment. Soo
GSA will release the FedRAMP Concept of Operations, further detailing the processes f
federal agencies and cloud service providers to meet FedRAMP requirements, an
move forward with additional IT reforms.