There’s no denying that cloud computing is transforming the way government agencies consume information, deliver services and carry out their unique missions.
Over the past few years, agencies have gradually shifted from owning the hardware and software that support these functions to buying access to IT infrastructure and applications as a service. Early adopters of cloud have reported cost savings and IT efficiencies because they have far fewer assets to manage and greater flexibility to adopt innovative services that can be accessed more broadly from various devices. But despite clear benefits, the journey to the cloud is not always clear for those who choose to adopt it.
Gary Pilafas, Senior Director of Cloud Solutions at VION, spoke to these themes, as well as challenges, that agencies are today facing in adopting cloud computingat today’s GovLoop event, An Agency’s Journey to the Cloud. He noted that in today’s environment, cloud is imperative, and needs to be adopted so that IT departments can become more efficient and more valued.
“Cloud is imperative because 80% of the federal IT budget is spent maintaining duplicative, outdated systems,” he said. “Meanwhile just 55% of feds believe their IT department is respected and valued. That’s not high enough. Finally, 66% of feds say their agency needs to move to the cloud faster to meet mission and constituent needs.”
Pilafas also noted that by 2018 52% of all federal data centers are expected to close. “That’s why a move to cloud benefits all of government,” he pointed out. “It will align spending with needs, help government scale as needed, help maintain data control and reduce shadow IT.”
Though cloud is obviously needed at all levels of government, how you get there matters. “You need to make sure you ask the right questions first to ensure a smooth journey to the cloud,” Pilafas explained. Here’s what he recommended having discussions about before your journey to the cloud starts:
What do you need to manage?
Similar to the earlier example, there are some applications in government that will never move to a cloud environment because they are inherently governmental functions that cannot be performed by a contractor, or agencies aren’t willing to accept the risk associated with moving a particular data set or application to the cloud. Security requirements often dictate the type of cloud that agencies use. For risk-averse agencies, a viable option may be a private cloud, where the cloud infrastructure is provisioned for exclusive use by a single organization. The cloud may also be owned, managed and operated by that organization. Either way, security must be addressed.
Who is the end user?
Are the people using the service employees at your agency or are they employees at another agency who are sharing the service? Maybe citizens are the end users. Understanding who will use the service also affects cloud selection. For example, a public website or portal may be a great candidate for a public cloud, but maybe the actual system that stores any personally identifiable information citizens share is hosted in a private cloud or not in the cloud at all. For groups of users with a shared mission and common interests, such as the intelligence community and research institutions, community cloud is proving to be a viable option.
What can someone else manage?
If a third-party vendor or another government agency can manage the service, then that creates more options. Rather than only considering a private cloud, there may be an opportunity to explore the other models as well, including a public cloud, hybrid cloud or a community cloud. But the type of end user and the sensitivity of the data being stored in the cloud will influence this decision.
What type of data would be in the cloud?
The sensitivity level of the data will play a major role in selecting a cloud deployment model. For example, the Defense Department uses “impact levels” to classify the sensitivity of its data and determine which cloud environments are most appropriate to meet its security standards. The impact levels are defined by the sensitivity or confidentiality level of information (whether it’s public, private, classified, etc.) that will be stored and processed in the cloud and the potential impact of an event that results in the loss of confidentiality, integrity or availability of that information.
Having these discussions before you start your journey to the cloud ensures that you will be able to get there quickly, efficiently, and in a way that addresses your true needs.