This blog post is an excerpt from GovLoop Academy’s recent free online training course, “Determining Your Applications’ Cloud Readiness.”
The federal government is known for its risk-adverse nature and tight control of IT assets. But with increasing data needs and constrained budgets, agencies are turning to cloud computing as a solution. According to the National Institute of Standards and Technology (NIST), cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources, such as networks, servers, storage applications and services.
These services can be rapidly provided and released with minimal management effort or service provider interaction. In other words, cloud computing is any service that can be provided over the internet.
To help agencies get a more comprehensive understanding of cloud, NIST provides five essential characteristics of cloud computing:
- On-demand self-service: A consumer can simultaneously run computing capabilities, such as server time and network storage, automatically without requiring human interaction with each service provider.
- Broad network access: Capabilities are available over the network and accessed by different types of platforms, such as mobile phones, tablets or laptops.
- Resource pooling: The provider’s computing resources are consolidated to serve multiple consumers with different physical and virtual resources dynamically assigned and reassigned according to demand. Examples of resources include storage, processing, memory and network bandwidth.
- Rapid elasticity: Capabilities can be easily provisioned and released, in some cases automatically. The user then has unlimited access to different cloud capabilities across a network.
- Measured service: Cloud systems automatically control and optimize resources. Resource usage can be monitored, controlled, and reported, enhancing transparency for both the provider and consumer of the service.
But even with these common characteristics, it’s important to note that not all cloud solutions are created alike. Cloud solution essentials alone are often not enough to meet government needs. Agencies need to define their mission success criteria in cloud migration and deployment. This means establishing criteria that can be monitored as an agency deploys cloud services.
To ensure cloud implementation is successful, leaders of an agency need to make sure to:
- Identify project stakeholders;
- Define goals and objectives for both the agency and its citizens;
- Identify constraints that limit options; and
- Derive project success criteria that relate to the agency objectives.
If your agency is trying cloud for the first time, it’s important to carefully go through the considerations and plan your migration and deployment process. It only takes one incident for the mission to be compromised in some way, which for government, is too risky to chance.
DoD’s Transition to Cloud
As recently as 2016, the largest federal agency was under pressure to realize savings while maintaining the highest level of network security. Many DoD systems also don’t lend themselves to the cookie-cutter approach to cloud migration, especially in light of their unique mission and security requirements.
So when seeking contractor support, DoD leaders need a vendor to help determine and implement a plan to quickly achieve near-term goals. At the same time, they need a strategy to attain an ultimate end state for their cloud transition.
The Defense Information Systems Agency, or DISA, granted IBM a Provisional Authority to host unclassified, sensitive data in the cloud. With this accreditation, IBM is authorized to handle DoD’s Impact Level 5 applications and data. Level 5 includes high-sensitivity data on national security systems and connects with DoD’s unclassified internal network known as NIPRNet.
DoD recognized that they have a portfolio of applications and data that require multiple cloud deployment models with varied security controls. The department also had to integrate its own mandates, budget, and procurement cycles into the cloud transition process. Then, the agency refined and prioritized near and long-term requirements. With those goals in place, they were ready to determine which type of hosting solution best fit the agency needs.
Determining your agency’s application cloud readiness can be a lengthy process. But following NIST’s guidance and laying out a plan can help your agency determine if you’re really ready for the cloud.
To learn more about determining your agency’s cloud readiness, check out GovLoop Academy’s course. By taking this course, you’ll be enrolled in six lessons that explain cloud computing in government infrastructures. You’ll learn more about important considerations for migrating to the cloud like security, application onboarding, and operations and maintenance.